Jump to content

Troble removing Registry Key & accompaning program


Recommended Posts

Dear Malwarebytes Forum Community:

 

I have run several anti-virus programs and I have Malewarebytes still finding hits on the heuristics portion of the search.

 

the malware goes to the quarantine, but is never actually deleted, since it's found again later on.

 

I have downloaded the regAssasin program to delete pesky registry keys, but I'm not sure if this is the right step.

 

I assume I should download the other scan tool you have recommended to others, but will await expert help on this subject.

 

Backdoor.agent.gen is the name of the problem I am encountering.

 

Please let me to secure my computer.

 

Thank YOU in Advance!

 

Matthew

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

 

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Follow the instructions in the following link to show hidden files:

 

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

 

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

In most cases, a restart will be required.

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

 

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 


  •  
Double-click to run it. When the tool opens click Yes to disclaimer.
 
Press Scan button.
 
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
 
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

 

Let me see those logs in your reply...

 

Thank you,

 

Kevin..

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/29/2015
Scan Time: 1:23:28 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.29.06
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nomad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 379072
Time Elapsed: 39 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Backdoor.Agent.Gen, HKU\S-1-5-21-67058834-1541496094-3279364164-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NOMAD-PC, Quarantined, [0d3d67e4f397ca6c4f8726b6d0349f61],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Backdoor.Agent.Gen, C:\ProgramData\video.exe, Quarantined, [0d3d67e4f397ca6c4f8726b6d0349f61],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Here's the scan from Malware Antibytes I will now download and begin the next step.  Thank You.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by nomad (administrator) on NOMAD-PC on 29-03-2015 20:38:41
Running from C:\Users\nomad\Downloads
Loaded Profiles: nomad (Available profiles: nomad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Users\nomad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nomad.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Google Inc.) C:\Users\nomad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nomad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nomad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nomad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nomad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nomad\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Google Inc.) C:\Users\nomad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nomad\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] => c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [updateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2503704 2015-03-05] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
HKLM\...\RunOnce: [PCDrProfiler] => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [136176 2009-06-26] (PC-Doctor, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-67058834-1541496094-3279364164-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-67058834-1541496094-3279364164-1000\...\Run: [Google Update] => C:\Users\nomad\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-67058834-1541496094-3279364164-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-67058834-1541496094-3279364164-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-67058834-1541496094-3279364164-1000\...\Run: [NOMAD-PC] => C:\ProgramData\video.exe [7907459 2015-03-09] ()
HKU\S-1-5-21-67058834-1541496094-3279364164-1000\...\MountPoints2: {6628f83c-6ae9-11e0-9a78-0026183e4fc6} - F:\setup.exe -a
HKU\S-1-5-21-67058834-1541496094-3279364164-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\nomad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nomad.exe ()
Startup: C:\Users\nomad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock.lnk
ShortcutTarget: PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-67058834-1541496094-3279364164-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
SearchScopes: HKLM -> DefaultScope {87D0A005-E790-4283-A995-0A4D1DBFFE27} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM -> {402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {87D0A005-E790-4283-A995-0A4D1DBFFE27} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 -> {402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {87D0A005-E790-4283-A995-0A4D1DBFFE27} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-67058834-1541496094-3279364164-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2BBCD031-A585-4AED-A625-CAAA5C2E43F7}&mid=006b74545fc447d1bb20d16f5edaa635-7d9252bc4deedfc40fb1db5b555a7ba8f7048de9〈=en&ds=pl011&pr=sa&d=2012-03-0902:59:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-67058834-1541496094-3279364164-1000 -> {402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-67058834-1541496094-3279364164-1000 -> {87D0A005-E790-4283-A995-0A4D1DBFFE27} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-67058834-1541496094-3279364164-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2BBCD031-A585-4AED-A625-CAAA5C2E43F7}&mid=006b74545fc447d1bb20d16f5edaa635-7d9252bc4deedfc40fb1db5b555a7ba8f7048de9〈=en&ds=pl011&pr=sa&d=2012-03-0902:59:50&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-67058834-1541496094-3279364164-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll [2014-01-08] (AVG Secure Search)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll [2014-01-08] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-67058834-1541496094-3279364164-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-05] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 64.233.217.2 64.233.217.3

FireFox:
========
FF ProfilePath: C:\Users\nomad\AppData\Roaming\Mozilla\Firefox\Profiles\sywri4zt.default-1376622401111
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://mail.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-67058834-1541496094-3279364164-1000: @tools.google.com/Google Update;version=3 -> C:\Users\nomad\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-67058834-1541496094-3279364164-1000: @tools.google.com/Google Update;version=9 -> C:\Users\nomad\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-09-25] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-03-05]
FF Extension: Disconnect - C:\Users\nomad\AppData\Roaming\Mozilla\Firefox\Profiles\sywri4zt.default-1376622401111\Extensions\2.0@disconnect.me.xpi [2014-11-13]
FF Extension: NoScript - C:\Users\nomad\AppData\Roaming\Mozilla\Firefox\Profiles\sywri4zt.default-1376622401111\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-08-16]
FF Extension: Adblock Plus - C:\Users\nomad\AppData\Roaming\Mozilla\Firefox\Profiles\sywri4zt.default-1376622401111\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-11]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885 [2015-03-05]

Chrome:
=======
CHR HomePage: Default -> hxxp://facebook.com/
CHR StartupUrls: Default -> "hxxp://facebook.com/"
CHR Profile: C:\Users\nomad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\nomad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-28]
CHR Extension: (AdBlock) - C:\Users\nomad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\nomad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Poppit!) - C:\Users\nomad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-04-28]
CHR Extension: (Google Wallet) - C:\Users\nomad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (ScriptSafe) - C:\Users\nomad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path Or update_url value
StartMenuInternet: Google Chrome - C:\Users\nomad\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-05] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 20:38 - 2015-03-29 20:38 - 00025273 _____ () C:\Users\nomad\Downloads\FRST.txt
2015-03-29 20:38 - 2015-03-29 20:38 - 00000000 ____D () C:\FRST
2015-03-29 20:37 - 2015-03-29 20:38 - 02095616 _____ (Farbar) C:\Users\nomad\Downloads\FRST64.exe
2015-03-29 20:11 - 2015-03-09 03:21 - 07907459 ___SH () C:\ProgramData\video.exe
2015-03-29 13:19 - 2015-03-29 13:19 - 00000000 ____D () C:\Users\nomad\Downloads\mbam-chameleon-3.1.7.0
2015-03-29 13:18 - 2015-03-29 13:19 - 04909382 _____ () C:\Users\nomad\Downloads\mbam-chameleon-3.1.7.0.zip
2015-03-29 13:13 - 2015-01-29 13:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-29 12:36 - 2015-03-29 12:42 - 653381632 _____ () C:\Users\nomad\Downloads\rescue-system (1).iso
2015-03-29 03:45 - 2015-03-29 03:52 - 653381632 _____ () C:\Users\nomad\Downloads\rescue-system.iso
2015-03-29 03:44 - 2015-03-29 03:44 - 02318824 _____ () C:\Users\nomad\Downloads\avira_pc_cleaner_en.exe
2015-03-29 03:44 - 2015-03-29 03:44 - 00002029 _____ () C:\Users\nomad\Desktop\Remove Avira PC Cleaner.lnk
2015-03-29 03:44 - 2015-03-29 03:44 - 00001973 _____ () C:\Users\nomad\Desktop\Avira PC Cleaner.lnk
2015-03-28 19:02 - 2015-03-28 19:03 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-03-28 19:02 - 2015-03-28 19:02 - 00000000 ____D () C:\Users\nomad\AppData\Roaming\Panda Security
2015-03-28 19:02 - 2015-03-28 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Internet Security 2015
2015-03-28 19:01 - 2015-03-28 19:03 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-28 19:01 - 2015-03-28 19:01 - 01663104 _____ () C:\Users\nomad\Downloads\PANDAIS15.exe
2015-03-28 18:39 - 2015-03-28 18:39 - 00065232 _____ (Malwarebytes) C:\Users\nomad\Downloads\regassassin-setup-1.03.exe
2015-03-28 18:36 - 2015-03-29 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-03-28 18:36 - 2015-03-28 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-03-28 18:36 - 2015-03-28 18:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-03-28 03:07 - 2015-03-28 03:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-28 03:06 - 2015-03-28 03:35 - 00000000 ____D () C:\Users\nomad\Desktop\mbar
2015-03-28 03:04 - 2015-03-28 03:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\nomad\Downloads\mbar-1.09.1.1004.exe
2015-03-25 12:33 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 12:33 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 12:33 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 12:33 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 12:33 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 12:33 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 12:33 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 12:33 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-22 03:09 - 2015-03-22 03:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-14 23:51 - 2015-03-14 23:51 - 00091275 _____ () C:\Users\nomad\Downloads\https _kickass.unblocked.pw_.htm
2015-03-11 19:05 - 2015-03-11 19:05 - 00001984 _____ () C:\Users\nomad\Desktop\Transmission-Qt.lnk
2015-03-11 12:25 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 12:25 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 12:25 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 12:25 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 12:25 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 12:25 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 12:25 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 12:25 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 12:25 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 12:25 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 12:24 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 12:24 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 12:24 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 12:24 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 12:24 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 12:24 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 12:24 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 12:24 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 12:24 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 12:24 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 12:24 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 12:24 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 12:24 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 12:24 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 12:24 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 12:24 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 12:24 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 12:24 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 12:24 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 12:24 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 12:24 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 12:24 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 12:24 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 12:24 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 12:24 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 12:24 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 12:24 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 12:24 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 12:24 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 12:24 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 12:24 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 12:24 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 12:24 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 12:22 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 12:22 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 12:22 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 12:22 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 12:22 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 12:22 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 12:22 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 12:22 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 12:22 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 12:22 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 12:22 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 12:22 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 12:22 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 12:22 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 12:22 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 12:22 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 12:22 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 12:22 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 12:22 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 12:22 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 12:22 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 12:22 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 12:22 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 12:22 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 12:22 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 12:22 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 12:22 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 12:22 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 12:22 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 12:22 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 12:22 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 12:22 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 12:22 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 12:22 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-09 18:10 - 2015-03-09 18:10 - 00000000 __SHD () C:\ProgramData\NOMAD-PC
2015-03-08 17:16 - 2015-03-08 17:16 - 00000000 ____D () C:\Users\nomad\AppData\Local\transmission
2015-03-08 17:13 - 2015-03-28 23:09 - 00000000 ____D () C:\Users\nomad\AppData\Roaming\transmission
2015-03-08 17:13 - 2015-03-08 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission-Qt
2015-03-08 17:13 - 2015-03-08 17:13 - 00000000 ____D () C:\Program Files\Transmission
2015-03-08 17:12 - 2015-03-08 17:13 - 15821696 _____ (Transmission) C:\Users\nomad\Downloads\Transmission-Qt-2.84-x86_64-installer.exe
2015-03-07 12:53 - 2015-03-29 20:09 - 00494528 _____ () C:\Windows\setupact.log
2015-03-07 12:53 - 2015-03-29 20:09 - 00020978 _____ () C:\Windows\PFRO.log
2015-03-07 12:53 - 2015-03-07 12:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 16:14 - 2015-03-06 16:14 - 00001692 _____ () C:\Users\nomad\Downloads\nomadbotanicalscom_key.pem
2015-03-05 17:00 - 2015-03-05 17:00 - 00000052 ____H () C:\Users\nomad\Documents\.picasa.ini
2015-03-03 16:32 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 16:32 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 16:32 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 16:32 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 20:35 - 2012-04-01 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 20:34 - 2014-04-18 01:03 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 20:33 - 2009-11-04 22:44 - 00337648 _____ () C:\Users\nomad\Desktop\aaddies.txt
2015-03-29 20:19 - 2009-11-24 01:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67058834-1541496094-3279364164-1000UA.job
2015-03-29 20:17 - 2009-11-04 17:25 - 00019664 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 20:17 - 2009-11-04 17:25 - 00019664 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 20:15 - 2009-11-04 17:48 - 01737883 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 20:15 - 2009-07-14 01:13 - 26168634 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 20:14 - 2009-05-18 13:45 - 00003660 _____ () C:\Windows\System32\Tasks\HP Health Check
2015-03-29 20:12 - 2010-04-24 19:10 - 00000000 ____D () C:\Program Files\PeerBlock
2015-03-29 20:11 - 2013-06-03 13:50 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-29 20:11 - 2012-10-16 19:21 - 00000000 ____D () C:\Temp
2015-03-29 20:09 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-29 20:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2015-03-29 16:57 - 2013-05-13 22:57 - 00000286 _____ () C:\Windows\Tasks\DSite.job
2015-03-29 16:53 - 2014-04-18 01:02 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-29 16:47 - 2012-11-05 00:16 - 00002442 _____ () C:\Users\nomad\Desktop\Brian Info.txt
2015-03-29 13:22 - 2014-01-16 15:40 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A8229ED4-20E7-4B56-8ED3-AC2A59AEF23C}
2015-03-29 01:15 - 2009-07-14 00:45 - 00383536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-28 19:02 - 2009-11-04 17:59 - 00085152 _____ () C:\Users\nomad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-28 19:00 - 2011-10-19 19:22 - 00000000 ____D () C:\ProgramData\Avira
2015-03-28 17:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration
2015-03-28 15:15 - 2009-09-14 20:38 - 00015844 _____ () C:\Users\nomad\AppData\Roaming\wklnhst.dat
2015-03-28 14:59 - 2015-01-01 15:58 - 00012800 _____ () C:\Users\nomad\Desktop\2015 Post Spread.xlr
2015-03-28 14:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2015-03-28 13:24 - 2014-04-18 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 13:24 - 2014-04-18 01:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-28 13:24 - 2012-09-10 22:49 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-28 00:56 - 2010-02-22 00:20 - 00000000 ____D () C:\Users\nomad\AppData\Roaming\Skype
2015-03-27 23:18 - 2010-04-23 22:39 - 00000000 ____D () C:\Windows\Intuit
2015-03-27 03:00 - 2012-06-10 22:58 - 00000000 ____D () C:\Users\nomad\Documents\My eBooks
2015-03-27 03:00 - 2012-04-02 11:53 - 00000000 ____D () C:\Users\nomad\Downloads\new MJ Books
2015-03-26 14:36 - 2015-01-02 23:27 - 00011776 _____ () C:\Users\nomad\Desktop\2015 NoN ACH etc.wps
2015-03-26 14:35 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-26 12:20 - 2014-12-10 04:36 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 12:20 - 2014-05-06 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-22 19:07 - 2012-04-25 12:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-21 16:19 - 2015-01-03 16:56 - 00017408 _____ () C:\Users\nomad\Desktop\Nomad 2015 Expense.xlr
2015-03-21 13:26 - 2009-11-24 01:17 - 00002368 _____ () C:\Users\nomad\Desktop\Google Chrome.lnk
2015-03-20 23:47 - 2012-08-03 21:38 - 00000000 ____D () C:\Users\nomad\AppData\Roaming\tixati
2015-03-17 18:01 - 2009-11-19 19:38 - 00000000 ____D () C:\Users\nomad\Desktop\cra[
2015-03-17 12:57 - 2014-08-13 14:52 - 00000000 ____D () C:\Users\nomad\AppData\Local\Adobe
2015-03-17 12:52 - 2012-04-01 12:32 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-17 12:52 - 2012-04-01 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-17 12:52 - 2011-05-18 23:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-17 06:15 - 2014-04-18 01:02 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2012-04-25 01:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 11:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Speech
2015-03-14 15:48 - 2009-07-14 01:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-12 16:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 11:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 11:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 02:55 - 2013-07-14 15:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 02:43 - 2009-11-11 11:58 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 17:54 - 2013-02-02 03:15 - 00000000 ____D () C:\Users\nomad\Desktop\data
2015-03-09 20:40 - 2010-03-15 21:19 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-03-09 19:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Vss
2015-03-07 00:07 - 2011-08-16 12:32 - 00000000 ____D () C:\Users\nomad\AppData\Roaming\Media Player Classic
2015-03-05 14:33 - 2012-03-09 03:59 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2015-03-04 13:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-03-02 15:42 - 2010-12-17 15:42 - 00003188 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFornomad
2015-03-02 15:42 - 2010-12-17 15:42 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleFornomad.job

==================== Files in the root of some directories =======

2013-05-23 13:27 - 2014-06-22 21:48 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-03-09 04:00 - 2012-03-09 04:12 - 0214016 _____ () C:\Users\nomad\AppData\Roaming\SharedSettings.ccs
2009-09-14 20:38 - 2015-03-28 15:15 - 0015844 _____ () C:\Users\nomad\AppData\Roaming\wklnhst.dat
2009-11-19 14:43 - 2014-11-17 03:14 - 0021504 _____ () C:\Users\nomad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-28 19:05 - 2013-04-28 19:05 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-05 16:03 - 2009-11-05 18:04 - 0000137 _____ () C:\ProgramData\dlbtpswx.log
2010-02-22 00:22 - 2010-02-22 00:22 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2011-06-20 18:32 - 2013-04-29 17:59 - 0007995 _____ () C:\ProgramData\hpzinstall.log
2009-11-05 18:04 - 2009-11-05 18:04 - 0386860 _____ () C:\ProgramData\SPL8333.tmp
2009-11-05 16:03 - 2009-11-05 16:03 - 0386860 _____ () C:\ProgramData\SPL86BD.tmp
2015-03-29 20:11 - 2015-03-09 03:21 - 7907459 ___SH () C:\ProgramData\video.exe

Files to move or delete:
====================
C:\ProgramData\video.exe


Some content of TEMP:
====================
C:\Users\nomad\AppData\Local\Temp\ar8zdvar.dll
C:\Users\nomad\AppData\Local\Temp\avgnt.exe
C:\Users\nomad\AppData\Local\Temp\SkypeSetup.exe
C:\Users\nomad\AppData\Local\Temp\xbxudmso.dll
C:\Users\nomad\AppData\Local\Temp\{FF716527-CFCA-4950-A179-72457A56030C}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 14:06

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by nomad at 2015-03-29 20:39:27
Running from C:\Users\nomad\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Internet Security 2015 (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Internet Security 2015 (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Enabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.3.0.885 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
Default Manager (x32 Version: 1.0.105.0 - Microsoft Corporation) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-67058834-1541496094-3279364164-1000\...\309a46b1dc89b774) (Version: 1.0.0.0 - Dell Inc.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
Google Chrome (HKU\S-1-5-21-67058834-1541496094-3279364164-1000\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.66 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3228 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.7 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 5.1.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 5.1.0 - )
K-Lite Codec Pack 7.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.552.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MPC-HC 1.7.1 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Internet Security 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0002 - Panda Security)
Panda Internet Security 2015 (Version: 7.82.00.0000 - Panda Security) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84 - Transmission)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-67058834-1541496094-3279364164-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Essentials Pack (HKLM-x32\...\Winamp Essentials Pack) (Version: v5.63a - Christoph Grether)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-67058834-1541496094-3279364164-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\nomad\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-67058834-1541496094-3279364164-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\nomad\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

11-03-2015 17:17:54 Scheduled Checkpoint
12-03-2015 02:42:26 Windows Update
19-03-2015 13:48:27 Scheduled Checkpoint
26-03-2015 02:49:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03384404-17B0-4992-A658-F8BAEFF93FAD} - System32\Tasks\a2add140 => C:\Users\nomad\AppData\Local\Temp\\setup96189280.exe <==== ATTENTION
Task: {108F4F8B-30F9-4FCA-8DEB-83A11B79A1A7} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {1789F19B-0C71-4C84-9F5F-5CD83F80FDEC} - System32\Tasks\84d0fb20 => C:\Users\nomad\AppData\Local\Temp\\setup292176000.exe <==== ATTENTION
Task: {26FB302A-4E1D-45CA-8543-D233CB391E80} - System32\Tasks\{7BF7B2EA-BD8D-43E6-82FE-5B4B69210007} => pcalua.exe -a C:\Users\nomad\Downloads\Flac_Plugin_for_WA2.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2DECB20E-B597-4AFF-B22A-EC326D052BB4} - System32\Tasks\8b03cc40 => C:\Users\nomad\AppData\Local\Temp\\setup1635283200.exe <==== ATTENTION
Task: {44D917B8-28BB-45F5-B896-B3C0809ED5F0} - System32\Tasks\c9cb3260 => C:\Users\nomad\AppData\Local\Temp\\setup2765982272.exe <==== ATTENTION
Task: {4551FAEE-A735-4104-81E4-3941667F4916} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {48BF2E39-6AF0-4B19-9835-D4E47DE7F2A2} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {4E11D97A-517F-4E10-9672-278B151C4B00} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4F3B6E17-94F4-4386-9DCF-4B626E8005BE} - System32\Tasks\HPCeeScheduleFornomad => C:\Program Files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-02-24] (Hewlett-Packard)
Task: {539D3D68-C254-4F89-AE03-9682C9F16753} - System32\Tasks\907ead60 => C:\Users\nomad\AppData\Local\Temp\\setup4086077312.exe <==== ATTENTION
Task: {579B3FF9-D961-4EE7-BB00-59D144CA8B1C} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-28] (CyberLink)
Task: {5E8B0131-DD62-4A7A-82BD-745BEF339587} - System32\Tasks\14dd1640 => C:\Users\nomad\AppData\Local\Temp\\setup1392334912.exe <==== ATTENTION
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {725C760F-CFD0-4244-93C6-ECC5F0F5D2D1} - System32\Tasks\a4e08da0 => C:\Users\nomad\AppData\Local\Temp\\setup2069181024.exe <==== ATTENTION
Task: {73A3AF5E-577C-4C20-881D-93E4B1BB1162} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {779B0140-A1CD-42FB-9D75-77A09B8558C2} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {86FAA869-9382-4D61-A023-E97913A9B809} - System32\Tasks\991d4820 => C:\Users\nomad\AppData\Local\Temp\\setup1871834336.exe <==== ATTENTION
Task: {87F5718A-3AE0-4596-B34C-CCB828027389} - System32\Tasks\DSite => C:\Users\nomad\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {8EBF2079-7029-4325-8B3A-739463857446} - System32\Tasks\74123be0 => C:\Users\nomad\AppData\Local\Temp\\setup3880263808.exe <==== ATTENTION
Task: {97E9967F-EE27-4D55-BE7D-9F8EC1211E51} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67058834-1541496094-3279364164-1000Core => C:\Users\nomad\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {9BD0C838-C958-49A6-AAFB-2F0EDA905F58} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-67058834-1541496094-3279364164-1000UA => C:\Users\nomad\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {9EE2852D-DB74-48AE-89F7-3FE6C6E5EBDE} - System32\Tasks\b981fd80 => C:\Users\nomad\AppData\Local\Temp\\setup479192992.exe <==== ATTENTION
Task: {A5B47AF2-9322-4BA6-AB21-2C7C16A4B4B9} - System32\Tasks\f7578460 => C:\Users\nomad\AppData\Local\Temp\\setup3375261408.exe <==== ATTENTION
Task: {A78CA0B5-8BC2-4CC9-9A8E-5BD14D459A0D} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{880302E3-8478-4E47-BC32-C47BB71A7BA5}.exe
Task: {B902A5FC-8308-4AD8-84FF-52DDBBB3C79E} - System32\Tasks\4e1af0c0 => C:\Users\nomad\AppData\Local\Temp\\setup574665824.exe <==== ATTENTION
Task: {D31D6D9C-BEAD-462F-9351-4233199A4363} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {DEC7785F-83D8-4E56-A662-974243F55C35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DF6B2585-83F3-4C84-896E-D6869A416403} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-17] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {F0E1FD1F-6B38-4828-872D-E166BC8434A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F59B9AFB-ADF3-4A81-AE7F-E45240FB1A83} - System32\Tasks\a42287c0 => C:\Users\nomad\AppData\Local\Temp\\setup1979283808.exe <==== ATTENTION
Task: {FABD8701-C543-4E4D-BF5E-71F657602D3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {FDB01B2C-5877-4B48-8BCE-9B8B76E3D4AB} - System32\Tasks\c45ab900 => C:\Users\nomad\AppData\Local\Temp\\setup2481113472.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{880302E3-8478-4E47-BC32-C47BB71A7BA5}.exe <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\nomad\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67058834-1541496094-3279364164-1000Core.job => C:\Users\nomad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67058834-1541496094-3279364164-1000UA.job => C:\Users\nomad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFornomad.job => C:\Program Files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2011-12-06 17:00 - 2011-12-06 17:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2015-03-05 14:34 - 2015-03-05 14:33 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2011-12-06 17:00 - 2011-12-06 17:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2009-02-06 16:11 - 2009-02-06 16:11 - 00172032 _____ () C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
2009-02-06 16:11 - 2009-02-06 16:11 - 00385024 _____ () C:\Program Files\Hewlett-Packard\HP Remote\Common.dll
2009-02-06 16:11 - 2009-02-06 16:11 - 00151552 _____ () C:\Program Files\Hewlett-Packard\HP Remote\MCStateSink.dll
2015-03-09 18:10 - 2015-03-09 03:21 - 07907459 ____S () C:\Users\nomad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nomad.exe
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2012-03-09 03:59 - 2015-03-05 14:33 - 02503704 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-67058834-1541496094-3279364164-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\nomad\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 64.233.217.2 - 64.233.217.3

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-67058834-1541496094-3279364164-500 - Administrator - Disabled)
Guest (S-1-5-21-67058834-1541496094-3279364164-501 - Limited - Disabled)
nomad (S-1-5-21-67058834-1541496094-3279364164-1000 - Administrator - Enabled) => C:\Users\nomad

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2015 08:15:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/29/2015 08:15:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/29/2015 08:10:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 03:57:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8018

Error: (03/29/2015 03:57:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8018

Error: (03/29/2015 03:57:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2015 03:57:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (03/29/2015 03:57:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (03/29/2015 03:57:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2015 03:57:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6022


System errors:
=============
Error: (03/29/2015 08:10:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/29/2015 01:13:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/29/2015 01:09:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/29/2015 01:07:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/29/2015 01:04:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/29/2015 00:56:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/29/2015 00:45:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/29/2015 00:32:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/29/2015 05:27:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (03/29/2015 03:40:03 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.


Microsoft Office Sessions:
=========================
Error: (03/29/2015 08:15:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/29/2015 08:15:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000A2130F000000000009030000

Error: (03/29/2015 08:10:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/29/2015 03:57:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8018

Error: (03/29/2015 03:57:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8018

Error: (03/29/2015 03:57:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2015 03:57:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020

Error: (03/29/2015 03:57:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020

Error: (03/29/2015 03:57:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2015 03:57:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6022


CodeIntegrity Errors:
===================================
  Date: 2009-11-04 15:37:25.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2009-11-04 15:37:25.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2009-11-04 15:37:25.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2009-11-04 15:37:25.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2009-11-04 15:37:25.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2009-11-04 15:37:25.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2009-11-04 15:37:25.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2009-11-04 15:37:25.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2009-11-04 15:37:25.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2009-11-04 15:37:25.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 44%
Total physical RAM: 6134.23 MB
Available physical RAM: 3398.91 MB
Total Pagefile: 12266.64 MB
Available Pagefile: 9223.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:684.96 GB) (Free:363.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.67 GB) (Free:2.14 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (Mar 29 2015) (CDROM) (Total:0.69 GB) (Free:0.07 GB) UDF
Drive f: () (Removable) (Total:15.12 GB) (Free:6.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=685 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

I hope I have done this right.  Thank You =)  You have made a huge difference in strangers life! =)

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

ESETOnline.png Scan with ESET Online Scanner

 

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

 

Click there Run ESET Online Scanner.

 

If using Internet Explorer:

 


Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:


Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:


Make sure that Remove found threats is checked.
Scan archives is checked.
In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
Under “Enable Stealth Technology select “Change” select any extra drives in that window.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

 

Don't forget to re-enable protection software!

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/30/2015
Scan Time: 1:25:35 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.30.07
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nomad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377733
Time Elapsed: 43 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Here is the scan from MWB I will do the other scans you suggested now.

Link to post
Share on other sites

Here's the ADW SCan

 

# AdwCleaner v4.200 - Logfile created 30/03/2015 at 17:46:34
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : nomad - NOMAD-PC
# Running from : C:\Users\nomad\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater18.3.0

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\nomad\AppData\Local\AVG Secure Search
Folder Found : C:\Users\nomad\AppData\LocalLow\AVG Secure Search

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://isearch.avg.com/tab?cid={2BBCD031-A585-4AED-A625-CAAA5C2E43F7}&mid=006b74545fc447d1bb20d16f5edaa635-7d9252bc4deedfc40fb1db5b555a7ba8f7048de9〈=en&ds=pl011&coid=&cmpid=&pr=sa&d=2012-03-09 02:59:50&v=17.3.0.49&pid=avg&sg=0&sap=nt

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[sywri4zt.default-1376622401111] - Line Found : user_pref("browser.search.hiddenOneOffs", "Bing,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,Twitter");
[sywri4zt.default-1376622401111] - Line Found : user_pref("extensions.xpiState", "{\"app-profile\":{\"2.0@disconnect.me\":{\"d\":\"C:\\\\Users\\\\nomad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\sywri4zt.default-1376622401111\\\\ext[...]

-\\ Google Chrome v

[C:\Users\nomad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [7964 bytes] - [30/03/2015 17:46:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8023 bytes] ##########
 

Link to post
Share on other sites

Kevin,

 

Here's another scan

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.8 (03.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by nomad on Mon 03/30/2015 at 17:49:20.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{87D0A005-E790-4283-A995-0A4D1DBFFE27}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\nomad\AppData\Roaming\mozilla\firefox\profiles\sywri4zt.default-1376622401111\minidumps [99 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/30/2015 at 17:56:52.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

C:\FRST\Quarantine\C\ProgramData\video.exe.xBAD    Win32/CoinMiner.CW trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\nomad\AppData\Local\Temp\{FF716527-CFCA-4950-A179-72457A56030C}.exe.xBAD    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Users\nomad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nomad.exe.xBAD    Win32/CoinMiner.CW trojan    cleaned by deleting - quarantined

This is what the online scan found.   Jeez, I'm glad I did all of these!

 

Thanks Again Kevin.  So you think this should solve it?

Link to post
Share on other sites

ESET log entries are already in quarantine so are safe....

 

Can you also run AdwCleaner one more time, when the scan completes select "CLEAN" to complete the action. Post that log, also give an update on any remaining issues or concerns, if none tell me that...

 

Thanks,

 

Kevin.

Link to post
Share on other sites

# AdwCleaner v4.200 - Logfile created 31/03/2015 at 23:20:51
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : nomad - NOMAD-PC
# Running from : C:\Users\nomad\Downloads\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\nomad\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\nomad\AppData\LocalLow\AVG Secure Search
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{402DBB0D-1FE5-4B08-8A6F-C739B0AD2DF8}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[sywri4zt.default-1376622401111\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Bing,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,Twitter");
[sywri4zt.default-1376622401111\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"2.0@disconnect.me\":{\"d\":\"C:\\\\Users\\\\nomad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\sywri4zt.default-1376622401111\\\\ext[...]

-\\ Google Chrome v

[C:\Users\nomad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [6968 bytes] - [31/03/2015 23:17:03]
AdwCleaner[s0].txt - [6880 bytes] - [31/03/2015 23:20:51]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6939  bytes] ##########
 

Link to post
Share on other sites

Thanks for the updated log, if no remaining issues or concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.