Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PUP.Optional.Softonic.A [Solved]

Started by whynot53 , Jan 12 2015 01:05 PM

  • This topic is locked This topic is locked

#1
whynot53
Posted 12 January 2015 - 01:05 PM

whynot53

    Member

  • Member
  • PipPip
  • 41 posts

Hi,

 

I ran Malwarebytes for no particular reason except routine maintenance.

 

It reported-

Registry Keys: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-3019073540-286944912-3486399463-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [809d88db8af283b362adec6dea19857b],

 

Malwarebytes removed it successfully.

 

I then scanned with-

Microsoft Security Essentials

Panda Free Antivirus 2015

Malwarebytes

SUPERAntiSpyware

Kaspersky Virus Removal Tool (in Safe Mode)

 

They all came back clean.

 

My computer seems to be running normally. I was wondering if anything was missed.

 

Thank you,

whynot53

 

------------------------------------------------------------------------------------------------------------------

 

OTL logfile created on: 1/12/2015 10:30:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dan\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17183)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.32% Memory free
5.99 Gb Paging File | 5.25 Gb Available in Paging File | 87.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 673.41 Gb Free Space | 72.30% Space Free | Partition Type: NTFS
Drive D: | 114.49 Gb Total Space | 28.61 Gb Free Space | 24.99% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/12 10:22:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2014/12/02 22:31:36 | 003,498,728 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2014/12/02 22:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/10/16 05:21:23 | 000,038,136 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
PRC - [2014/10/16 05:21:22 | 000,037,624 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
PRC - [2014/10/13 12:03:10 | 000,142,072 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
PRC - [2014/10/09 15:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
PRC - [2014/03/27 21:35:18 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2002/09/04 13:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/11 12:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (Iomega Activity Disk2)
SRV - [2014/12/09 03:17:52 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/02 22:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/10/16 05:21:23 | 000,038,136 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe -- (PSUAService)
SRV - [2014/10/13 12:03:10 | 000,142,072 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe -- (NanoServiceMain)
SRV - [2014/10/09 15:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe -- (PandaAgent)
SRV - [2014/03/28 02:15:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2002/09/04 13:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/10/13 12:04:20 | 000,100,112 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINReg.sys -- (PSINReg)
DRV - [2014/10/13 12:04:19 | 000,105,232 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2014/10/13 12:04:18 | 000,139,536 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2014/10/02 06:16:38 | 000,124,688 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2014/10/02 06:16:38 | 000,113,936 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2014/10/02 06:16:37 | 000,168,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2014/06/18 02:18:22 | 000,166,816 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2014/06/04 07:59:21 | 000,244,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2014/06/04 07:59:21 | 000,109,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2014/06/04 07:59:21 | 000,096,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2014/06/04 07:59:20 | 000,288,032 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2014/06/04 07:59:20 | 000,208,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2014/06/04 07:59:19 | 000,121,888 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2014/06/04 07:59:19 | 000,061,984 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2014/06/04 07:59:18 | 000,125,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2014/06/04 07:59:18 | 000,096,160 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2014/06/04 07:59:17 | 000,110,624 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV - [2014/06/04 07:59:17 | 000,088,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2014/03/25 05:15:08 | 000,048,736 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2014/02/10 22:24:44 | 000,020,616 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\uim_devim.sys -- (Uim_DEVIM)
DRV - [2014/01/16 09:41:53 | 000,040,192 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV - [2013/10/01 16:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/23 06:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 13:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 13:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 13:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 13:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 13:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/13 15:06:20 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2010/04/13 15:06:20 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2010/04/13 15:06:16 | 000,216,616 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3124r5.sys -- (Si3124r5)
DRV - [2010/01/17 12:10:54 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/01/17 12:10:54 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2010/01/17 12:10:54 | 000,034,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2009/07/13 14:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/07/06 11:16:12 | 000,064,000 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AIC78XX.SYS -- (aic78xx)
DRV - [2002/09/04 13:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\IomDisk.sys -- (iomdisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Dan\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 76 6E 5B 3E 4A CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9CA3110E-B07F-4EDC-8E79-4F1C8B7E02D3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{9CA3110E-B07F-4EDC-8E79-4F1C8B7E02D3}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.startup.homepage: "http://att.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.3
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:3.2
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.8.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/12/11 06:47:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2014/03/27 23:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2014/12/26 13:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions
[2014/09/11 15:20:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/05/28 18:11:29 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\[email protected]
[2014/04/02 09:54:34 | 000,098,595 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\[email protected]
[2014/12/24 15:38:55 | 000,433,727 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\[email protected]
[2014/05/01 17:05:28 | 000,126,171 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\[email protected]
[2014/12/05 14:31:46 | 000,197,276 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\[email protected]
[2014/12/26 13:25:23 | 000,544,302 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/11/12 20:43:48 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/28 22:58:50 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2014/05/01 23:16:48 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/12/09 03:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/12/09 03:17:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/12/11 06:47:35 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
 
O1 HOSTS File: ([2014/12/11 05:10:16 | 000,003,384 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 209.34.83.73:443
O1 - Hosts: 127.0.0.1 209.34.83.73:43
O1 - Hosts: 127.0.0.1 209.34.83.73
O1 - Hosts: 127.0.0.1 209.34.83.67:443
O1 - Hosts: 127.0.0.1 209.34.83.67:43
O1 - Hosts: 127.0.0.1 209.34.83.67
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 199.7.52.190:80
O1 - Hosts: 127.0.0.1 199.7.52.190
O1 - Hosts: 127.0.0.1 OCSP.SPO1.VERISIGN.COM
O1 - Hosts: 127.0.0.1 199.7.54.72:80
O1 - Hosts: 127.0.0.1 199.7.54.72
O1 - Hosts: 127.0.0.1 192.150.14.69
O1 - Hosts: 127.0.0.1 192.150.18.101
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 192.150.22.40
O1 - Hosts: 127.0.0.1 192.150.8.100
O1 - Hosts: 127.0.0.1 192.150.8.118
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 60 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1396045450596 (MUCatalogWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2653FD28-EDFE-4851-8147-C85463D51608}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/08/03 17:27:59 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/12 05:37:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2015/01/08 15:03:54 | 000,048,736 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2015/01/01 15:22:46 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Panda Security
[2015/01/01 15:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
[2015/01/01 15:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2015/01/01 15:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2014/12/25 13:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/12/24 15:44:20 | 000,000,000 | ---D | C] -- C:\Sans Digital 3-7 (AB)
[2014/12/21 10:30:57 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Virus
[2014/03/28 10:39:56 | 003,765,464 | ---- | C] (COMODO) -- C:\ProgramData\cisB50E.exe
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/12 10:22:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2015/01/12 05:55:43 | 000,031,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/12 05:55:43 | 000,031,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/12 05:52:37 | 000,661,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/01/12 05:52:37 | 000,121,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/01/12 05:48:22 | 000,447,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/01/12 05:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/12 05:48:12 | 2414,977,024 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/11 10:00:06 | 000,000,382 | -H-- | M] () -- C:\Windows\tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job
[2015/01/09 12:24:38 | 094,510,612 | ---- | M] () -- C:\Users\Dan\Desktop\Innocence of Muslims - Sam Bacile.mp4
[2015/01/02 21:36:28 | 014,743,686 | ---- | M] () -- C:\Users\Dan\Desktop\TR8MB_TR8M_Detailed_Manual.pdf
[2015/01/02 18:27:04 | 000,379,731 | ---- | M] () -- C:\Users\Dan\Desktop\towerraid_tr8mbp.pdf
[2015/01/02 18:20:35 | 001,801,932 | ---- | M] () -- C:\Users\Dan\Desktop\tr8xb_tr8x_quickstart_web.pdf
[2014/12/31 10:07:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/12/24 17:57:45 | 008,185,402 | ---- | M] () -- C:\Users\Dan\Desktop\Using the Cat-in-the-bag Cozy Comfort Carrier.mp4
[2014/12/23 21:41:37 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/12/21 05:57:34 | 003,588,608 | ---- | M] (x264vfw project) -- C:\Windows\System32\x264vfw.dll
 
========== Files Created - No Company Name ==========
 
[2015/01/12 05:48:14 | 000,447,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/01/09 12:22:06 | 094,510,612 | ---- | C] () -- C:\Users\Dan\Desktop\Innocence of Muslims - Sam Bacile.mp4
[2015/01/02 21:36:28 | 014,743,686 | ---- | C] () -- C:\Users\Dan\Desktop\TR8MB_TR8M_Detailed_Manual.pdf
[2015/01/02 18:27:03 | 000,379,731 | ---- | C] () -- C:\Users\Dan\Desktop\towerraid_tr8mbp.pdf
[2015/01/02 18:20:35 | 001,801,932 | ---- | C] () -- C:\Users\Dan\Desktop\tr8xb_tr8x_quickstart_web.pdf
[2015/01/01 15:25:21 | 000,000,382 | -H-- | C] () -- C:\Windows\tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job
[2014/12/31 09:52:50 | 000,001,994 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
[2014/12/24 17:57:27 | 008,185,402 | ---- | C] () -- C:\Users\Dan\Desktop\Using the Cat-in-the-bag Cozy Comfort Carrier.mp4
[2014/12/11 00:33:30 | 000,655,872 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2014/12/11 00:33:30 | 000,240,128 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2014/12/11 00:33:30 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2014/12/11 00:33:24 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2014/05/27 01:48:09 | 000,000,032 | ---- | C] () -- C:\Windows\GetFLV.ini
[2014/04/29 00:29:19 | 000,000,017 | ---- | C] () -- C:\Users\Dan\AppData\Local\resmon.resmoncfg
[2014/03/29 16:30:39 | 000,000,291 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2014/03/29 16:30:33 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2014/03/28 20:35:36 | 000,218,712 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2014/03/28 10:52:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\cisDB55.exe
[2014/03/27 20:19:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/03/27 20:19:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2014/02/10 22:24:44 | 000,020,616 | ---- | C] () -- C:\Windows\System32\drivers\uim_devim.sys
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/01 10:25:48 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\abelhadigital.com
[2014/04/29 03:44:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Active Disk
[2014/12/11 05:59:19 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2014/07/24 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImgBurn
[2014/12/11 09:11:25 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\MediaInfo
[2014/03/28 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\MPC-HC
[2014/11/15 21:22:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Oracle
[2015/01/01 15:22:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Panda Security
[2014/03/29 23:40:35 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Thunderbird
[2014/04/22 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TumblRipper2
[2015/01/07 17:14:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent
[2014/03/30 06:16:47 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Users\Dan\Desktop\PSY Gangnam Style.flv:SummaryInformation
@Alternate Data Stream - 172 bytes -> C:\Users\Dan\Desktop\Turner's Receipt 2.jpg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 172 bytes -> C:\Users\Dan\Desktop\Turner's Receipt 1.jpg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
 

--------------------------------------------------------------------------------------------------------------------------------------------------------

 

OTL Extras logfile created on: 1/12/2015 10:30:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dan\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17183)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.32% Memory free
5.99 Gb Paging File | 5.25 Gb Available in Paging File | 87.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 673.41 Gb Free Space | 72.30% Space Free | Partition Type: NTFS
Drive D: | 114.49 Gb Total Space | 28.61 Gb Free Space | 24.99% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0324A6BF-BC62-42F7-B8A8-123365C47E7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{063A61AD-09CB-4A1A-82D9-333B1DFE0C7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2723993A-239F-4E86-B463-A6B416BCD2EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3247827B-F6F5-479D-9B94-06A304A44C14}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36CEFFC9-15A4-42AA-8586-B9FE3986A703}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4A23F577-A4DF-4113-A69D-9BB6BDB803DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CAFF5F4-6F80-4F92-A1BC-DD0D964112E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5105BE80-A295-4D27-B41E-4A1CF845AC50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61F4DDAC-E26B-4522-8DC9-0AE160520D97}" = rport=445 | protocol=6 | dir=out | app=system |
"{7609DFB0-BD91-45E3-AC20-B73DB2D4BA18}" = lport=137 | protocol=17 | dir=in | app=system |
"{7721BC58-4679-42B2-AEF9-D47A98AD2872}" = rport=138 | protocol=17 | dir=out | app=system |
"{851D0424-BB4A-4374-8A49-FF343F5C128E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EFC82A0-42FB-446F-9B9C-230A3735C754}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98149266-3D96-4242-B9B1-2045F0E33E8A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A8606C78-CE0D-4795-BCF4-04D2D5D88C01}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ACA6D711-62EE-4460-8C48-33B7E427D7B2}" = lport=445 | protocol=6 | dir=in | app=system |
"{B032C2ED-52BE-4953-B151-86A52C013961}" = rport=139 | protocol=6 | dir=out | app=system |
"{B157DECE-E0B6-4F59-8939-F8B23F033699}" = rport=137 | protocol=17 | dir=out | app=system |
"{BCEDE212-3674-4EC8-9AEF-AE2056447086}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAC5854C-E2AC-44B7-A829-F85DA21F3CAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8EAEFE1-0A31-4279-A20B-F68830D6AC44}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2A3391B-A017-4082-AFAE-CD92D17CEFCA}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7822C8E-3E34-49F0-ACE3-6CE2E960D761}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE07F40F-C794-45CE-9EB0-D7269AB45EA1}" = lport=3389 | protocol=6 | dir=in | app=system |
"{F040BF7C-C0A6-438D-B65E-BC7F053B73FC}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{F98513E7-ADE1-4047-92B5-2AB2114653D7}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{FF3DC6C2-BB0F-447B-8309-56A47CFEEE4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082AFEC2-B6C7-4BD7-A142-A72982AF5CC1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0C65AEC7-CED1-4AE6-9F9B-BBA57CA3445F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0FA76C42-B9A5-4192-90BB-1CFD75391799}" = protocol=58 | dir=out | [email protected],-28546 |
"{19B589D7-0374-42A3-8E49-728F0F4D5275}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C4B7BE6-D854-4530-B82D-636B48F231A8}" = protocol=6 | dir=in | app=c:\program files\elcomsoft password recovery\advanced archive password recovery\archpr.exe |
"{1D2B052E-6978-429A-AD56-9FD6C0BB08F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2369F598-0A75-4C5F-BF77-36F93E6B9D17}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A475B7F-A623-419C-A334-AD76A6922677}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{389C57D1-2C41-47F5-82C0-901EF66EA883}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4DCACB48-2D05-41C5-BCEA-4B8A2D2B8696}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E0CD5FE-C65F-4461-AB1E-7865E8AB0162}" = protocol=1 | dir=out | [email protected],-28544 |
"{50B99B7A-5C29-4029-8011-1921BFBD14DA}" = protocol=17 | dir=in | app=c:\program files\elcomsoft password recovery\advanced archive password recovery\archpr.exe |
"{53C60734-4A49-4285-8586-9B67AE1E0373}" = protocol=58 | dir=in | [email protected],-28545 |
"{5E05D8FA-8505-4911-8545-DD53ED8D8A15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{715C1228-189F-41A0-8706-4D15344AA5AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BD019CB-40A6-45E3-8095-0D3843726CA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7F9366E4-DC3E-4170-BFDD-E28F49AE7102}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8FF63E81-A557-4DC3-A310-525E94B46099}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93DF2670-4549-4C7C-882A-8A3325C71074}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A3F0CFAE-E7F9-4575-B823-3EDA743F08D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AAE10660-0E2F-4CE0-9871-FA82D49BB9C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B683B6D0-CE83-4441-AE25-54B8985B3308}" = protocol=1 | dir=in | [email protected],-28543 |
"{B99334BC-2957-4D52-BB72-B1DE9BB8D7EF}" = protocol=6 | dir=out | app=system |
"{CDAD3F01-E6CD-4017-BB2C-DB1EF370E1F1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D4FBA0AC-A817-48EF-9C6A-37B10967E052}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{560B9951-BC33-42CD-BFB6-46F2F990A143}C:\users\dan\appdata\roaming\utorrent\utorrent 3.4.2.37122.exe" = protocol=6 | dir=in | app=c:\users\dan\appdata\roaming\utorrent\utorrent 3.4.2.37122.exe |
"TCP Query User{570487E2-B3DF-409F-A34D-0210876020AB}C:\users\dan\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\dan\appdata\local\jdownloader 2.0\jdownloader2.exe |
"TCP Query User{DEC7B5B4-41E3-40AC-B383-BC868CE84011}C:\computer stuff\hostman\hostsserver_2.0.59.1_win32\hostssrv.exe" = protocol=6 | dir=in | app=c:\computer stuff\hostman\hostsserver_2.0.59.1_win32\hostssrv.exe |
"TCP Query User{E1EAA42F-7E1C-4835-9884-762390933E93}C:\users\dan\appdata\roaming\utorrent\utorrent 3.4.2.36802.exe" = protocol=6 | dir=in | app=c:\users\dan\appdata\roaming\utorrent\utorrent 3.4.2.36802.exe |
"UDP Query User{16DFB213-1E94-423F-9422-31FE52FBD525}C:\computer stuff\hostman\hostsserver_2.0.59.1_win32\hostssrv.exe" = protocol=17 | dir=in | app=c:\computer stuff\hostman\hostsserver_2.0.59.1_win32\hostssrv.exe |
"UDP Query User{266D3018-C6A3-4C30-AAD1-A2A99DFB2C0F}C:\users\dan\appdata\roaming\utorrent\utorrent 3.4.2.36802.exe" = protocol=17 | dir=in | app=c:\users\dan\appdata\roaming\utorrent\utorrent 3.4.2.36802.exe |
"UDP Query User{2FC02A30-851D-4B35-B76A-1434E8B6F703}C:\users\dan\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\dan\appdata\local\jdownloader 2.0\jdownloader2.exe |
"UDP Query User{740727CE-C2D4-4C1D-AFA9-3188777FBD1C}C:\users\dan\appdata\roaming\utorrent\utorrent 3.4.2.37122.exe" = protocol=17 | dir=in | app=c:\users\dan\appdata\roaming\utorrent\utorrent 3.4.2.37122.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01011662-76A8-41E8-B1A8-4F8821570AC5}" = Advanced Archive Password Recovery
"{1E104AF0-EA49-11DE-AC07-005056C00008}" = Paragon Hard Disk Manager™ 2010 Professional
"{235EBB33-3DA1-46DF-AADE-9955123409CB}" = Apple Mobile Device Support
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AE4765D-040B-4652-BB15-BA95DE42B6ED}" = Panda Free Antivirus
"{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}" = Panda Devices Agent
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 9.35 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Any to Icon" = Any to Icon
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileASSASSIN" = FileASSASSIN
"FileHippo.com" = FileHippo App Manager
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.9.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"MediaInfo" = MediaInfo 0.7.71
"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)
"Mozilla Thunderbird 31.3.0 (x86 en-US)" = Mozilla Thunderbird 31.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Panda Devices Agent" = Panda Devices Agent
"Panda Universal Agent Endpoint" = Panda Free Antivirus
"Revo Uninstaller" = Revo Uninstaller 1.95
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.20 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"62ee1b5ad72c0341" = FlatFolder
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/12/2015 9:49:05 AM | Computer Name = Daniel | Source = Windows Search Service | ID = 9002
Description =
 
Error - 1/12/2015 9:49:05 AM | Computer Name = Daniel | Source = Windows Search Service | ID = 3029
Description =
 
Error - 1/12/2015 9:49:06 AM | Computer Name = Daniel | Source = Windows Search Service | ID = 3029
Description =
 
Error - 1/12/2015 9:49:06 AM | Computer Name = Daniel | Source = Windows Search Service | ID = 3028
Description =
 
Error - 1/12/2015 9:49:06 AM | Computer Name = Daniel | Source = Windows Search Service | ID = 3058
Description =
 
Error - 1/12/2015 9:49:06 AM | Computer Name = Daniel | Source = Windows Search Service | ID = 7010
Description =
 
Error - 1/12/2015 10:00:01 AM | Computer Name = Daniel | Source = .NET Runtime | ID = 1022
Description =
 
Error - 1/12/2015 10:01:53 AM | Computer Name = Daniel | Source = .NET Runtime | ID = 1022
Description =
 
Error - 1/12/2015 10:04:51 AM | Computer Name = Daniel | Source = .NET Runtime | ID = 1022
Description =
 
Error - 1/12/2015 10:21:47 AM | Computer Name = Daniel | Source = .NET Runtime | ID = 1022
Description =
 
[ System Events ]
Error - 1/12/2015 9:45:03 AM | Computer Name = Daniel | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
 It has done this 1 time(s).
 
Error - 1/12/2015 9:48:41 AM | Computer Name = Daniel | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 1/12/2015 9:48:41 AM | Computer Name = Daniel | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Uim_DEVIM
 
Error - 1/12/2015 9:49:06 AM | Computer Name = Daniel | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
 
Error - 1/12/2015 9:49:09 AM | Computer Name = Daniel | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
 
< End of report >
 


  • 0

Advertisements

#2
Machiavelli
Posted 14 January 2015 - 02:16 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#3
whynot53
Posted 15 January 2015 - 05:57 AM

whynot53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Hey Machiavelli,

 

Thanks for working with me.

 

I had a little trouble with FRST. It would run until it reached "Listing Installed Programs..." and then it would get stuck there. I disabled all anti-virus and anti-malware software and ran it as an Administrator as directed. After several tries I deleted that copy of the program and downloaded a new one. The new copy worked fine.

 

Thanks,

whynot53

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Dan (administrator) on DANIEL on 15-01-2015 03:05:37
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available profiles: Dan)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Iomega Corporation) C:\Program Files\Iomega\System32\AppServices.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
ShortcutTarget: Process Explorer.lnk -> C:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3019073540-286944912-3486399463-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3019073540-286944912-3486399463-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3019073540-286944912-3486399463-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1396045450596
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://att.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: DownloadHelper - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-11]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-03-28]
FF Extension: DownThemAll! AntiContainer - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-04-02]
FF Extension: Classic Theme Restorer - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-05-02]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-03-28]
FF Extension: Thumbnail Zoom Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-04-22]
FF Extension: NoScript - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-28]
FF Extension: Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-28]
FF Extension: BetterPrivacy - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-03-28]
FF Extension: DownThemAll! - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-12-11]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Iomega App Services; C:\Program Files\Iomega\System32\AppServices.exe [73728 2002-09-04] (Iomega Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 Iomega Activity Disk2; "" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 aic78xx; C:\Windows\System32\DRIVERS\aic78xx.sys [64000 2006-07-06] (Windows ® Codename Longhorn DDK provider) [File not signed]
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40560 2010-01-17] (Paragon Software Group)
R0 iomdisk; C:\Windows\System32\DRIVERS\iomdisk.sys [30258 2002-09-04] (Iomega Corporation) [File not signed]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 Si3124r5; C:\Windows\System32\DRIVERS\Si3124r5.sys [216616 2010-04-13] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2010-04-13] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2010-04-13] (Silicon Image, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [34392 2010-01-17] (Windows ® 2000 DDK provider)
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-02-10] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [385544 2010-01-17] (Paragon)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 03:05 - 2015-01-15 03:06 - 00013077 _____ () C:\Users\Dan\Desktop\FRST.txt
2015-01-15 03:02 - 2015-01-15 03:02 - 01116672 _____ (Farbar) C:\Users\Dan\Desktop\FRST.exe
2015-01-15 02:33 - 2015-01-15 02:37 - 00000067 _____ () C:\Users\Dan\Desktop\FRST Stuck.txt
2015-01-14 20:11 - 2015-01-14 20:11 - 00000915 _____ () C:\Users\Dan\Desktop\Addition 1.txt
2015-01-14 20:10 - 2015-01-15 03:05 - 00000000 ____D () C:\FRST
2015-01-14 20:10 - 2015-01-14 20:11 - 00019900 _____ () C:\Users\Dan\Desktop\FRST 1.txt
2015-01-14 20:07 - 2015-01-14 20:07 - 00110144 _____ () C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 08:34 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:34 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 08:34 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:34 - 2014-12-11 09:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:33 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:33 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 08:26 - 2015-01-13 08:27 - 00000154 _____ () C:\Users\Dan\Desktop\g to g PUP.Optional.Softonic.A.url
2015-01-13 00:01 - 2015-01-13 00:05 - 241266516 _____ () C:\Users\Dan\Desktop\Classic_Sci-Fi_-_Invaders_from_Mars_1953_.avi.mp4
2015-01-12 10:46 - 2015-01-12 10:46 - 00066314 _____ () C:\Users\Dan\Desktop\OTL.Txt
2015-01-12 10:46 - 2015-01-12 10:46 - 00043682 _____ () C:\Users\Dan\Desktop\Extras.Txt
2015-01-12 05:48 - 2015-01-14 08:52 - 00000112 _____ () C:\Windows\setupact.log
2015-01-12 05:48 - 2015-01-12 05:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 05:40 - 2015-01-12 05:41 - 00000669 _____ () C:\Users\Dan\Desktop\g to g.txt
2015-01-12 05:37 - 2015-01-12 10:22 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Desktop\OTL.exe
2015-01-09 12:22 - 2015-01-09 12:24 - 94510612 _____ () C:\Users\Dan\Desktop\Innocence of Muslims - Sam Bacile.mp4
2015-01-08 15:03 - 2014-03-25 05:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-01 15:25 - 2015-01-11 10:00 - 00000382 ____H () C:\Windows\Tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job
2015-01-01 15:22 - 2015-01-01 15:22 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Panda Security
2015-01-01 15:22 - 2015-01-01 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-01 15:22 - 2015-01-01 15:22 - 00000000 ____D () C:\Program Files\Panda Security
2015-01-01 15:20 - 2015-01-01 15:22 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-31 09:52 - 2014-12-31 09:52 - 00001994 _____ () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2014-12-25 13:30 - 2014-12-25 13:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-24 17:57 - 2014-12-24 17:57 - 08185402 _____ () C:\Users\Dan\Desktop\Using the Cat-in-the-bag Cozy Comfort Carrier.mp4
2014-12-24 15:44 - 2014-12-24 15:44 - 00000000 ___DL () C:\Sans Digital 3-7 (AB)
2014-12-21 10:30 - 2015-01-07 16:33 - 00000000 ____D () C:\Users\Dan\Desktop\Virus

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 03:05 - 2014-03-27 20:19 - 01661537 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 10:49 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 08:59 - 2009-07-13 20:34 - 00031520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 08:59 - 2009-07-13 20:34 - 00031520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 08:57 - 2010-11-20 13:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 08:52 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 08:51 - 2014-03-27 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:46 - 2014-03-27 21:40 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 09:57 - 2014-03-28 01:24 - 00000000 ____D () C:\Users\Dan\Desktop\PW
2015-01-13 01:05 - 2009-07-13 20:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-12 19:00 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-12 05:48 - 2009-07-13 20:53 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:14 - 2014-03-29 00:24 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\uTorrent
2015-01-06 04:36 - 2014-03-27 20:41 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 10:32 - 2014-03-28 12:56 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\vlc
2014-12-31 10:07 - 2014-03-27 23:02 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-31 09:55 - 2014-12-11 00:33 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-12-31 09:55 - 2014-03-28 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-12-31 09:52 - 2014-03-30 08:21 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-12-31 09:51 - 2014-03-28 00:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-27 20:14 - 2014-03-30 00:55 - 00000000 ____D () C:\Users\Dan\AppData\Local\Apple Computer
2014-12-27 20:08 - 2014-03-28 01:38 - 00000000 ____D () C:\Computer Stuff
2014-12-23 21:41 - 2014-03-30 03:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-23 17:27 - 2014-03-30 19:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-23 01:42 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\security
2014-12-21 05:57 - 2014-12-11 00:33 - 03588608 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2014-12-19 18:31 - 2014-03-28 23:22 - 00000000 ____D () C:\Users\Dan\AppData\Local\JDownloader 2.0
2014-12-17 09:18 - 2014-03-28 02:20 - 00000000 ____D () C:\JDownloader Files

Files to move or delete:
====================
C:\ProgramData\cisB50E.exe
C:\ProgramData\cisDB55.exe
C:\Users\Public\IE10-Windows6.1-x86-en-us.exe
C:\Windows\Tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 00:39

==================== End Of Log ============================

 

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by Dan at 2015-01-15 03:06:31
Running from C:\Users\Dan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3019073540-286944912-3486399463-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
7-Zip 9.35 beta (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
Any to Icon (HKLM\...\Any to Icon) (Version: 3.51a - Aha-Soft)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
FlatFolder (HKU\S-1-5-21-3019073540-286944912-3486399463-1001\...\62ee1b5ad72c0341) (Version: 1.0.0.2 - Microsoft)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Mega Codec Pack 10.9.1 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.1 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Paragon Hard Disk Manager™ 2010 Professional (HKLM\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
Telescope Driver (HKLM\...\{B2920232-19DA-44FC-835F-68E427EAE2CE}) (Version: 10.30.09 - PixArt)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

08-01-2015 16:34:18 Scheduled Checkpoint
14-01-2015 08:34:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-11 05:11 - 2014-12-11 05:10 - 00003384 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com

There are 55 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BEEE6E-FCB7-45CE-A486-0183E2E9B2EC} - System32\Tasks\{6DA0F581-3E99-44C3-87D9-BC1DC0E8F5EF} => pcalua.exe -a "C:\Users\Dan\Desktop\Canon PIXMA iP4200\English\setup.exe" -d "C:\Users\Dan\Desktop\Canon PIXMA iP4200\English"
Task: {828930AD-69DD-444D-B5D7-FD4C32090161} - System32\Tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154} => C:\Program Files\Panda Security\Panda Security Protection\JobLauncher.exe [2014-10-13] (Panda Security, S.L.)
Task: {88444146-FDAC-4D5C-A49C-7913BE2780C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {A033BB7F-7E35-4F85-A1B2-EB2F011C6F5F} - System32\Tasks\{0D2CBC6C-5409-4EBB-B57E-F63CC75398F8} => pcalua.exe -a "C:\Users\Dan\Desktop\Canon Printers\Canon PIXMA MX850\mx850sosmwin100us.exe" -d "C:\Users\Dan\Desktop\Canon Printers\Canon PIXMA MX850"
Task: {B631D115-AAE7-4EEC-8059-848314606639} - System32\Tasks\{9A81AF15-C30C-49FB-967D-4FA6D907ADA0} => pcalua.exe -a "C:\Users\Dan\Desktop\Canon Printers\Canon PIXMA iP4200\ip4200_ug_win_us_110.EXE" -d "C:\Users\Dan\Desktop\Canon Printers\Canon PIXMA iP4200"
Task: {B6587ADF-9563-44CB-A81B-BE6D7DEFE991} - System32\Tasks\{D95C9C65-5050-4847-8D7B-78E3FF6C0E51} => pcalua.exe -a "C:\Users\Dan\Desktop\Canon Printers\Canon PIXMA iP4200\iP4200 User's Guide\English\UnInstall.exe" -d "C:\Users\Dan\Desktop\Canon Printers\Canon PIXMA iP4200\iP4200 User's Guide\English"
Task: {F2155782-8313-4B72-8B95-B4E23483E0CA} - System32\Tasks\{1EFF3DF6-EC2C-4778-AFD9-2D21E5F08E22} => pcalua.exe -a "C:\Users\Dan\Desktop\Canon PIXMA iP4200\iP4200 User's Guide(Windows).EXE" -d "C:\Users\Dan\Desktop\Canon PIXMA iP4200"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job => C:\Program Files\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Loaded Modules (whitelisted) =============

2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Dan\Desktop\PSY Gangnam Style.flv:SummaryInformation
AlternateDataStreams: C:\Users\Dan\Desktop\PSY Gangnam Style.flv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dan\Desktop\Turner's Receipt 1.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dan\Desktop\Turner's Receipt 1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dan\Desktop\Turner's Receipt 2.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dan\Desktop\Turner's Receipt 2.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3019073540-286944912-3486399463-500 - Administrator - Enabled)
Dan (S-1-5-21-3019073540-286944912-3486399463-1001 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-3019073540-286944912-3486399463-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3019073540-286944912-3486399463-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 06:21:47 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 508.  Message ID: [0x2509].

Error: (01/12/2015 06:04:51 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2792.  Message ID: [0x2509].

Error: (01/12/2015 06:01:53 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3460.  Message ID: [0x2509].

Error: (01/12/2015 06:00:01 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2012.  Message ID: [0x2509].

Error: (01/12/2015 05:49:06 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/12/2015 05:49:06 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/12/2015 05:49:06 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/12/2015 05:49:06 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/12/2015 05:49:05 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/12/2015 05:49:05 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (01/14/2015 08:52:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Uim_DEVIM

Error: (01/14/2015 08:52:49 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/13/2015 11:24:09 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (01/12/2015 05:49:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/12/2015 05:49:06 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (01/12/2015 05:48:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Uim_DEVIM

Error: (01/12/2015 05:48:41 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/12/2015 05:45:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-13 01:03:49.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-13 01:03:49.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codecp.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-13 01:03:49.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-13 00:15:42.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-13 00:15:42.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codecp.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-13 00:15:42.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-12 23:47:56.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-12 23:47:56.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codecp.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-12 23:47:56.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-12 03:50:31.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.40GHz
Percentage of memory in use: 43%
Total physical RAM: 3070.8 MB
Available physical RAM: 1732.39 MB
Total Pagefile: 6137.84 MB
Available Pagefile: 4769.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:672.59 GB) NTFS
Drive d: () (Fixed) (Total:114.49 GB) (Free:28.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 114.5 GB) (Disk ID: F35CF35C)
Partition 1: (Active) - (Size=114.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 19C35C7A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
Machiavelli
Posted 15 January 2015 - 12:54 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 0

#5
whynot53
Posted 15 January 2015 - 02:54 PM

whynot53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Hi,

 

Got all those logs for you.

 

I already had the current version of mbam on my computer. I updated the data base and ran it from there. Hope that's okay.

 

 

# AdwCleaner v4.107 - Report created 15/01/2015 at 11:23:08
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Dan - DANIEL
# Running from : C:\Users\Dan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Dan\Documents\Updater

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[zzxsrq5o.default\prefs.js] - Line Deleted : user_pref("extensions.fvd_single.__surfcanyon_disable_time", "1400889641822");

*************************

AdwCleaner[R0].txt - [1016 octets] - [15/01/2015 11:16:42]
AdwCleaner[S0].txt - [954 octets] - [15/01/2015 11:23:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1013 octets] ##########
 

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/15/2015
Scan Time: 11:38:49 AM
Logfile: mbam-log-2015-01-15 (11-38-48).txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.15.11
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Dan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327656
Time Elapsed: 12 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by Dan on Thu 01/15/2015 at 12:04:44.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Dan\AppData\Roaming\mozilla\firefox\profiles\zzxsrq5o.default\prefs.js

user_pref("extensions.dta.anticontainer.mergeids", "4pics.org,abload.de,bayimg.com,beeimg.com,bilder-space.de,bildercache.de,bildr.no,blogger.com,celebimagehost.com,cocoimage.
Emptied folder: C:\Users\Dan\AppData\Roaming\mozilla\firefox\profiles\zzxsrq5o.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/15/2015 at 12:08:51.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Dan (administrator) on DANIEL on 15-01-2015 12:15:52
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available profiles: Dan)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Iomega Corporation) C:\Program Files\Iomega\System32\AppServices.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
ShortcutTarget: Process Explorer.lnk -> C:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3019073540-286944912-3486399463-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3019073540-286944912-3486399463-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3019073540-286944912-3486399463-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1396045450596
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://att.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: DownloadHelper - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-11]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-03-28]
FF Extension: DownThemAll! AntiContainer - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-04-02]
FF Extension: Classic Theme Restorer - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-05-02]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-03-28]
FF Extension: Thumbnail Zoom Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-04-22]
FF Extension: NoScript - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-28]
FF Extension: Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-28]
FF Extension: BetterPrivacy - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-03-28]
FF Extension: DownThemAll! - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-12-11]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Iomega App Services; C:\Program Files\Iomega\System32\AppServices.exe [73728 2002-09-04] (Iomega Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 Iomega Activity Disk2; "" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 aic78xx; C:\Windows\System32\DRIVERS\aic78xx.sys [64000 2006-07-06] (Windows ® Codename Longhorn DDK provider) [File not signed]
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40560 2010-01-17] (Paragon Software Group)
R0 iomdisk; C:\Windows\System32\DRIVERS\iomdisk.sys [30258 2002-09-04] (Iomega Corporation) [File not signed]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 Si3124r5; C:\Windows\System32\DRIVERS\Si3124r5.sys [216616 2010-04-13] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2010-04-13] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2010-04-13] (Silicon Image, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [34392 2010-01-17] (Windows ® 2000 DDK provider)
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-02-10] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [385544 2010-01-17] (Paragon)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 12:08 - 2015-01-15 12:08 - 00001061 _____ () C:\Users\Dan\Desktop\JRT.txt
2015-01-15 12:04 - 2015-01-15 12:04 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 11:32 - 2015-01-15 11:23 - 00001093 _____ () C:\Users\Dan\Desktop\AdwCleaner[S0].txt
2015-01-15 11:25 - 2015-01-15 11:25 - 00447992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 11:25 - 2015-01-15 11:25 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-15 11:16 - 2015-01-15 11:23 - 00000000 ____D () C:\AdwCleaner
2015-01-15 11:13 - 2015-01-15 11:13 - 01707939 _____ (Thisisu) C:\Users\Dan\Desktop\JRT.exe
2015-01-15 11:12 - 2015-01-15 11:12 - 02191360 _____ () C:\Users\Dan\Desktop\AdwCleaner.exe
2015-01-15 03:06 - 2015-01-15 03:07 - 00020129 _____ () C:\Users\Dan\Desktop\Addition.txt
2015-01-15 03:05 - 2015-01-15 12:15 - 00013347 _____ () C:\Users\Dan\Desktop\FRST.txt
2015-01-15 03:02 - 2015-01-15 03:02 - 01116672 _____ (Farbar) C:\Users\Dan\Desktop\FRST.exe
2015-01-14 20:10 - 2015-01-15 12:16 - 00000000 ____D () C:\FRST
2015-01-14 20:07 - 2015-01-14 20:07 - 00110144 _____ () C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 08:34 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:34 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 08:34 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:34 - 2014-12-11 09:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:33 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:33 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 08:26 - 2015-01-13 08:27 - 00000154 _____ () C:\Users\Dan\Desktop\g to g PUP.Optional.Softonic.A.url
2015-01-13 00:01 - 2015-01-13 00:05 - 241266516 _____ () C:\Users\Dan\Desktop\Classic_Sci-Fi_-_Invaders_from_Mars_1953_.avi.mp4
2015-01-12 10:46 - 2015-01-12 10:46 - 00066314 _____ () C:\Users\Dan\Desktop\OTL.Txt
2015-01-12 10:46 - 2015-01-12 10:46 - 00043682 _____ () C:\Users\Dan\Desktop\Extras.Txt
2015-01-12 05:48 - 2015-01-15 11:25 - 00000168 _____ () C:\Windows\setupact.log
2015-01-12 05:48 - 2015-01-12 05:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 05:37 - 2015-01-12 10:22 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Desktop\OTL.exe
2015-01-09 12:22 - 2015-01-09 12:24 - 94510612 _____ () C:\Users\Dan\Desktop\Innocence of Muslims - Sam Bacile.mp4
2015-01-08 15:03 - 2014-03-25 05:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-01 15:25 - 2015-01-11 10:00 - 00000382 ____H () C:\Windows\Tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job
2015-01-01 15:22 - 2015-01-01 15:22 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Panda Security
2015-01-01 15:22 - 2015-01-01 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-01 15:22 - 2015-01-01 15:22 - 00000000 ____D () C:\Program Files\Panda Security
2015-01-01 15:20 - 2015-01-01 15:22 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-31 09:52 - 2014-12-31 09:52 - 00001994 _____ () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2014-12-25 13:30 - 2014-12-25 13:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-24 17:57 - 2014-12-24 17:57 - 08185402 _____ () C:\Users\Dan\Desktop\Using the Cat-in-the-bag Cozy Comfort Carrier.mp4
2014-12-24 15:44 - 2014-12-24 15:44 - 00000000 ___DL () C:\Sans Digital 3-7 (AB)
2014-12-21 10:30 - 2015-01-07 16:33 - 00000000 ____D () C:\Users\Dan\Desktop\Virus

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 11:34 - 2014-03-30 03:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 11:32 - 2009-07-13 20:34 - 00031520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 11:32 - 2009-07-13 20:34 - 00031520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 11:29 - 2014-03-27 20:19 - 01673616 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 11:29 - 2010-11-20 13:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 11:25 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 11:05 - 2014-12-03 22:20 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-14 10:49 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 08:51 - 2014-03-27 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:46 - 2014-03-27 21:40 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 09:57 - 2014-03-28 01:24 - 00000000 ____D () C:\Users\Dan\Desktop\PW
2015-01-13 01:05 - 2009-07-13 20:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-12 19:00 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-12 05:48 - 2009-07-13 20:53 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:14 - 2014-03-29 00:24 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\uTorrent
2015-01-06 04:36 - 2014-03-27 20:41 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 10:32 - 2014-03-28 12:56 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\vlc
2014-12-31 10:07 - 2014-03-27 23:02 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-31 09:55 - 2014-12-11 00:33 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-12-31 09:55 - 2014-03-28 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-12-31 09:52 - 2014-03-30 08:21 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-12-31 09:51 - 2014-03-28 00:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-27 20:14 - 2014-03-30 00:55 - 00000000 ____D () C:\Users\Dan\AppData\Local\Apple Computer
2014-12-27 20:08 - 2014-03-28 01:38 - 00000000 ____D () C:\Computer Stuff
2014-12-23 17:27 - 2014-03-30 19:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-23 01:42 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\security
2014-12-21 05:57 - 2014-12-11 00:33 - 03588608 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2014-12-19 18:31 - 2014-03-28 23:22 - 00000000 ____D () C:\Users\Dan\AppData\Local\JDownloader 2.0
2014-12-17 09:18 - 2014-03-28 02:20 - 00000000 ____D () C:\JDownloader Files

Files to move or delete:
====================
C:\ProgramData\cisB50E.exe
C:\ProgramData\cisDB55.exe
C:\Users\Public\IE10-Windows6.1-x86-en-us.exe
C:\Windows\Tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job


Some content of TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\Quarantine.exe
C:\Users\Dan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 00:39

==================== End Of Log ============================


  • 0

#6
Machiavelli
Posted 15 January 2015 - 03:18 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
C:\ProgramData\cisB50E.exe
C:\ProgramData\cisDB55.exe
C:\Users\Public\IE10-Windows6.1-x86-en-us.exe
C:\Windows\Tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job
EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?
  • 0

#7
whynot53
Posted 16 January 2015 - 12:19 AM

whynot53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Hi,

 

Here are those logs.

 

My PC seems to be running fine.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015
Ran by Dan at 2015-01-15 19:23:44 Run:1
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available profiles: Dan)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
C:\ProgramData\cisB50E.exe
C:\ProgramData\cisDB55.exe
C:\Users\Public\IE10-Windows6.1-x86-en-us.exe
C:\Windows\Tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job
EmptyTemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\ProgramData\cisB50E.exe => Moved successfully.
C:\ProgramData\cisDB55.exe => Moved successfully.
C:\Users\Public\IE10-Windows6.1-x86-en-us.exe => Moved successfully.
C:\Windows\Tasks\{B57402BF-A753-41D2-98BD-7C2D6C60C154}.job => Moved successfully.
EmptyTemp: => Removed 121.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:24:01 ====

 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Dan (administrator) on DANIEL on 15-01-2015 19:31:20
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available profiles: Dan)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Iomega Corporation) C:\Program Files\Iomega\System32\AppServices.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
ShortcutTarget: Process Explorer.lnk -> C:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3019073540-286944912-3486399463-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3019073540-286944912-3486399463-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3019073540-286944912-3486399463-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1396045450596
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://att.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: DownloadHelper - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-11]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-03-28]
FF Extension: DownThemAll! AntiContainer - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-04-02]
FF Extension: Classic Theme Restorer - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-05-02]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-03-28]
FF Extension: Thumbnail Zoom Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\[email protected] [2014-04-22]
FF Extension: NoScript - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-28]
FF Extension: Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-28]
FF Extension: BetterPrivacy - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-03-28]
FF Extension: DownThemAll! - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\zzxsrq5o.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-12-11]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Iomega App Services; C:\Program Files\Iomega\System32\AppServices.exe [73728 2002-09-04] (Iomega Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 Iomega Activity Disk2; "" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 aic78xx; C:\Windows\System32\DRIVERS\aic78xx.sys [64000 2006-07-06] (Windows ® Codename Longhorn DDK provider) [File not signed]
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40560 2010-01-17] (Paragon Software Group)
R0 iomdisk; C:\Windows\System32\DRIVERS\iomdisk.sys [30258 2002-09-04] (Iomega Corporation) [File not signed]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 Si3124r5; C:\Windows\System32\DRIVERS\Si3124r5.sys [216616 2010-04-13] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2010-04-13] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2010-04-13] (Silicon Image, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [34392 2010-01-17] (Windows ® 2000 DDK provider)
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-02-10] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [385544 2010-01-17] (Paragon)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 12:08 - 2015-01-15 12:08 - 00001061 _____ () C:\Users\Dan\Desktop\JRT.txt
2015-01-15 12:04 - 2015-01-15 12:04 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 11:32 - 2015-01-15 11:23 - 00001093 _____ () C:\Users\Dan\Desktop\AdwCleaner[S0].txt
2015-01-15 11:25 - 2015-01-15 11:25 - 00447992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-15 11:25 - 2015-01-15 11:25 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-15 11:16 - 2015-01-15 11:23 - 00000000 ____D () C:\AdwCleaner
2015-01-15 11:13 - 2015-01-15 11:13 - 01707939 _____ (Thisisu) C:\Users\Dan\Desktop\JRT.exe
2015-01-15 11:12 - 2015-01-15 11:12 - 02191360 _____ () C:\Users\Dan\Desktop\AdwCleaner.exe
2015-01-15 03:06 - 2015-01-15 03:07 - 00020129 _____ () C:\Users\Dan\Desktop\Addition.txt
2015-01-15 03:05 - 2015-01-15 19:31 - 00012970 _____ () C:\Users\Dan\Desktop\FRST.txt
2015-01-15 03:02 - 2015-01-15 03:02 - 01116672 _____ (Farbar) C:\Users\Dan\Desktop\FRST.exe
2015-01-14 20:10 - 2015-01-15 19:31 - 00000000 ____D () C:\FRST
2015-01-14 20:07 - 2015-01-14 20:07 - 00110144 _____ () C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 08:34 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:34 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 08:34 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:34 - 2014-12-11 09:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:33 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:33 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 08:26 - 2015-01-13 08:27 - 00000154 _____ () C:\Users\Dan\Desktop\g to g PUP.Optional.Softonic.A.url
2015-01-13 00:01 - 2015-01-13 00:05 - 241266516 _____ () C:\Users\Dan\Desktop\Classic_Sci-Fi_-_Invaders_from_Mars_1953_.avi.mp4
2015-01-12 10:46 - 2015-01-12 10:46 - 00066314 _____ () C:\Users\Dan\Desktop\OTL.Txt
2015-01-12 10:46 - 2015-01-12 10:46 - 00043682 _____ () C:\Users\Dan\Desktop\Extras.Txt
2015-01-12 05:48 - 2015-01-15 19:25 - 00000280 _____ () C:\Windows\setupact.log
2015-01-12 05:48 - 2015-01-12 05:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 05:37 - 2015-01-12 10:22 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Desktop\OTL.exe
2015-01-09 12:22 - 2015-01-09 12:24 - 94510612 _____ () C:\Users\Dan\Desktop\Innocence of Muslims - Sam Bacile.mp4
2015-01-08 15:03 - 2014-03-25 05:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-01 15:22 - 2015-01-01 15:22 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Panda Security
2015-01-01 15:22 - 2015-01-01 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-01 15:22 - 2015-01-01 15:22 - 00000000 ____D () C:\Program Files\Panda Security
2015-01-01 15:20 - 2015-01-01 15:22 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-31 09:52 - 2014-12-31 09:52 - 00001994 _____ () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2014-12-25 13:30 - 2014-12-25 13:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-24 17:57 - 2014-12-24 17:57 - 08185402 _____ () C:\Users\Dan\Desktop\Using the Cat-in-the-bag Cozy Comfort Carrier.mp4
2014-12-24 15:44 - 2014-12-24 15:44 - 00000000 ___DL () C:\Sans Digital 3-7 (AB)
2014-12-21 10:30 - 2015-01-07 16:33 - 00000000 ____D () C:\Users\Dan\Desktop\Virus

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 19:30 - 2010-11-20 13:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 19:28 - 2014-03-27 20:19 - 01684468 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 19:25 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 19:23 - 2009-07-13 18:37 - 00000000 ___RD () C:\Users\Public
2015-01-15 12:40 - 2009-07-13 20:34 - 00031520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 12:40 - 2009-07-13 20:34 - 00031520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 11:34 - 2014-03-30 03:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 11:05 - 2014-12-03 22:20 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-14 10:49 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 08:51 - 2014-03-27 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:46 - 2014-03-27 21:40 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 09:57 - 2014-03-28 01:24 - 00000000 ____D () C:\Users\Dan\Desktop\PW
2015-01-13 01:05 - 2009-07-13 20:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-12 19:00 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-12 05:48 - 2009-07-13 20:53 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:14 - 2014-03-29 00:24 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\uTorrent
2015-01-06 04:36 - 2014-03-27 20:41 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 10:32 - 2014-03-28 12:56 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\vlc
2014-12-31 10:07 - 2014-03-27 23:02 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-31 09:55 - 2014-12-11 00:33 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-12-31 09:55 - 2014-03-28 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-12-31 09:52 - 2014-03-30 08:21 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-12-31 09:51 - 2014-03-28 00:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-27 20:14 - 2014-03-30 00:55 - 00000000 ____D () C:\Users\Dan\AppData\Local\Apple Computer
2014-12-27 20:08 - 2014-03-28 01:38 - 00000000 ____D () C:\Computer Stuff
2014-12-23 17:27 - 2014-03-30 19:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-23 01:42 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\security
2014-12-21 05:57 - 2014-12-11 00:33 - 03588608 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2014-12-19 18:31 - 2014-03-28 23:22 - 00000000 ____D () C:\Users\Dan\AppData\Local\JDownloader 2.0
2014-12-17 09:18 - 2014-03-28 02:20 - 00000000 ____D () C:\JDownloader Files

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 00:39

==================== End Of Log ============================

 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

ESETlog

 

C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    deleted - quarantined
D:\Documents and Settings\Dan\Local Settings\Temp\{E05FBA1E-B04A-40AE-9303-4AB855175389}.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    deleted - quarantined
D:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    deleted - quarantined
 


  • 0

#8
Machiavelli
Posted 16 January 2015 - 07:20 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:
  • 0

#9
whynot53
Posted 16 January 2015 - 01:43 PM

whynot53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Dear Machiavelli,

 

WOW, great job. :thumbsup:

 

Seems like we found a lot of stuff. I wasn't expecting that.

 

Would you give me a quick summary of what we found? Was any of it high risk?

 

Enjoy that beer. :beer:

 

Thanks again,

whynot53

 

 

# DelFix v10.8 - Logfile created 16/01/2015 at 11:09:37
# Updated 29/07/2014 by Xplode
# Username : Dan - DANIEL
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Dan\Desktop\Addition.txt
Deleted : C:\Users\Dan\Desktop\AdwCleaner.exe
Deleted : C:\Users\Dan\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Dan\Desktop\Extras.Txt
Deleted : C:\Users\Dan\Desktop\Fixlog.txt
Deleted : C:\Users\Dan\Desktop\FRST.exe
Deleted : C:\Users\Dan\Desktop\FRST.txt
Deleted : C:\Users\Dan\Desktop\JRT.exe
Deleted : C:\Users\Dan\Desktop\JRT.txt
Deleted : C:\Users\Dan\Desktop\OTL.Txt
Deleted : C:\Users\Dan\Desktop\OTL.exe
Deleted : C:\Users\Dan\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #313 [Scheduled Checkpoint | 01/09/2015 00:34:18]
Deleted : RP #314 [Windows Update | 01/14/2015 16:34:26]

New restore point created !

########## - EOF - ##########
 


  • 0

#10
Machiavelli
Posted 16 January 2015 - 06:12 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey, :)

Adwarecleaner / MBAM /JRT just fixed some adware entries and I fixed some orphaned entries. Your system was quite clean, so don't worry. :) Thanks for the beer. :D

Any further questions before I close this topic as solved?
  • 0

#11
whynot53
Posted 18 January 2015 - 12:09 PM

whynot53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Nope, I'm good.

 

Thanks again.


  • 0

#12
Machiavelli
Posted 18 January 2015 - 03:40 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP