I'm uncertain whether I inadvertently allowed a pop up on a new tab for news or it was bundled into Free Studio download from cnet, either way it's caused me tremendous grief.
First the pop ups, then the tabs on firefox would not open - frozen, I tried to download a new version but that took 15 minutes to enter 3 fields and then nothing. I was able to access START so from there I ran EMSISOFT, SOPHOS, Super Anti-Spyware, MalwareBytes
Uninstalled Free Studio.
I restarted the system and all my previous session was lost and no home address would come up.
Emsisoft Emergency Kit - Version 9.0
Last update: 14/02/2015 11:20:07 AM
User account: GT60130712\Sandra
Scan settings:
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\windows\, C:\Program Files\, C:\Program Files (x86)\
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 14/02/2015 4:17:59 PM
Scanned 194872
Found 0
Scan end: 14/02/2015 4:38:52 PM
Scan time: 0:20:53
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Sandra (administrator) on GT60130712 on 14-02-2015 16:44:57
Running from C:\Users\Sandra\Downloads
Loaded Profiles: Sandra (Available profiles: UpdatusUser & Sandra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\ACT\SideACT.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Dropbox, Inc.) C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Micro-Star International Co.,Ltd.) C:\Program Files (x86)\S-Bar\S-Bar.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3009336 2012-11-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax"
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-08] (COMODO)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [S-Bar] => C:\Program Files (x86)\S-Bar\S-Bar.exe [5504416 2012-12-03] (Micro-Star International Co.,Ltd.)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [88576 2012-01-31] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-08-13] (MSI)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [VMware hqtray] => "C:\Users\Sandra\Desktop\hqtray.exe"
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3468240 2014-08-26] (Micro-Star International)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2015-01-01] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-226031397-426934007-3279398888-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-27] (SUPERAntiSpyware)
HKU\S-1-5-21-226031397-426934007-3279398888-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-226031397-426934007-3279398888-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-226031397-426934007-3279398888-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-226031397-426934007-3279398888-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-226031397-426934007-3279398888-1001\...\RunOnce: [Adobe Speed Launcher] => 1423953660
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SideACT!.lnk
ShortcutTarget: SideACT!.lnk -> C:\Program Files (x86)\ACT\SideACT.exe ()
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-226031397-426934007-3279398888-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-226031397-426934007-3279398888-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-226031397-426934007-3279398888-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.com/
SearchScopes: HKLM -> DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL =
SearchScopes: HKU\S-1-5-21-226031397-426934007-3279398888-1001 -> DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL =
SearchScopes: HKU\S-1-5-21-226031397-426934007-3279398888-1001 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} http://alta.registries.gov.ab.ca/SpinII/cabs/WayToIndex.CAB
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/emsisoft_webscan.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog9 12 C:\Users\Sandra\Desktop\vsocklib.dll File Not found ()
Winsock: Catalog9 13 C:\Users\Sandra\Desktop\vsocklib.dll File Not found ()
Winsock: Catalog9-x64 12 C:\Users\Sandra\Desktop\x64\vsocklib.dll File Not found ()
Winsock: Catalog9-x64 13 C:\Users\Sandra\Desktop\x64\vsocklib.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\ifizuk8i.default-1423954135987
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]
Chrome:
=======
CHR Profile: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-15]
CHR Extension: (Google Docs) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-15]
CHR Extension: (Google Drive) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-16]
CHR Extension: (YouTube) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-15]
CHR Extension: (Google Search) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-15]
CHR Extension: (Google Sheets) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-15]
CHR Extension: (Skype Click to Call) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-09]
CHR Extension: (Google Wallet) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-15]
CHR Extension: (Gmail) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-10] (Emsisoft GmbH)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2015-01-05] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2015-01-05] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-08] (COMODO)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2015-01-01] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI) [File not signed]
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1722320 2014-08-26] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-08-19] (MSI)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-07] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 ufad-ws60; C:\Users\Sandra\Desktop\vmware-ufad.exe -d "C:\Users\Sandra\Desktop\\" -s ufad-p2v.xml
S2 VMAuthdService; "C:\Users\Sandra\Desktop\vmware-authd.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-20] (Emsisoft GmbH)
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-03-04] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-07] (Bigfoot Networks, Inc.)
R3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-03-04] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-08] (COMODO)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-01-01] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-08] (COMODO)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19952 2013-02-01] (Windows ® Win 7 DDK provider)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-07] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-15] (Synaptics Incorporated)
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
S2 vstor2-ws60; \??\C:\Users\Sandra\Desktop\vstor2-ws60.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 16:44 - 2015-02-14 16:44 - 00000000 ____D () C:\Users\Sandra\Downloads\FRST-OlderVersion
2015-02-14 15:33 - 2015-02-14 15:33 - 04176437 _____ () C:\Users\Sandra\Downloads\tdsskiller(1).zip
2015-02-13 23:15 - 2015-02-13 23:15 - 00005136 _____ () C:\windows\SysWOW64\LavasoftTcpService.ini
2015-02-13 23:15 - 2015-02-13 23:15 - 00002832 _____ () C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-13 23:15 - 2015-02-13 23:15 - 00002832 _____ () C:\windows\system32\LavasoftTcpServiceOff.ini
2015-02-13 23:15 - 2015-01-23 06:39 - 00378832 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-02-13 23:15 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-02-13 23:14 - 2015-02-13 23:30 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-13 23:13 - 2015-02-13 23:13 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\RHEng
2015-02-13 23:12 - 2015-02-13 23:30 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\DVDVideoSoft
2015-02-12 09:44 - 2015-02-12 09:44 - 00004898 _____ () C:\Users\Sandra\Downloads\winmail.dat
2015-02-01 16:29 - 2015-02-01 16:29 - 00010926 _____ () C:\Users\Sandra\Documents\Book1.xlsx
2015-01-26 11:19 - 2015-01-26 11:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 22:05 - 2015-01-24 22:05 - 00002135 _____ () C:\Users\Public\Desktop\StudioTax 2014.lnk
2015-01-24 22:05 - 2015-01-24 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2014
2015-01-24 22:01 - 2015-01-24 22:01 - 31023968 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTax2014Install.exe
2015-01-24 21:10 - 2015-01-25 15:25 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\BHOK
2015-01-24 20:58 - 2015-01-24 20:58 - 00002131 _____ () C:\Users\Public\Desktop\StudioTax 2012.lnk
2015-01-24 20:58 - 2015-01-24 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2012
2015-01-24 20:51 - 2015-01-24 20:51 - 00002053 _____ () C:\Users\Public\Desktop\StudioTax 2011.lnk
2015-01-24 20:51 - 2015-01-24 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2011
2015-01-24 19:53 - 2015-01-24 19:53 - 00002131 _____ () C:\Users\Public\Desktop\StudioTax 2010.lnk
2015-01-24 19:53 - 2015-01-24 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2010
2015-01-24 18:37 - 2015-01-24 20:51 - 00000000 ____D () C:\Program Files\BHOK IT Consulting
2015-01-24 18:37 - 2015-01-24 18:37 - 00002049 _____ () C:\Users\Public\Desktop\StudioTax 2009.lnk
2015-01-24 18:37 - 2015-01-24 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2009
2015-01-24 18:29 - 2015-01-24 18:29 - 08502792 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTax2006Install.exe
2015-01-24 18:29 - 2015-01-24 18:29 - 06715840 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTax2005Install.exe
2015-01-24 18:29 - 2015-01-24 18:29 - 05892400 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTax2004Install.exe
2015-01-24 18:28 - 2015-01-24 18:29 - 27499392 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTax2011Install.exe
2015-01-24 18:28 - 2015-01-24 18:29 - 25736544 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTax2012Install.exe
2015-01-24 18:28 - 2015-01-24 18:29 - 09623592 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTaxInstall07.exe
2015-01-24 18:28 - 2015-01-24 18:29 - 08340824 _____ (BHOK It Consulting) C:\Users\Sandra\Downloads\StudioTaxInstall08.exe
2015-01-24 18:27 - 2015-01-24 18:27 - 19559664 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTaxInstall10.exe
2015-01-24 18:26 - 2015-01-24 18:26 - 11039584 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTaxInstall09.exe
2015-01-24 18:23 - 2015-01-24 18:23 - 00000000 ____D () C:\Users\Sandra\AppData\Local\IsolatedStorage
2015-01-24 18:21 - 2015-01-24 22:05 - 00000000 ____D () C:\Program Files (x86)\BHOK IT Consulting
2015-01-24 18:21 - 2015-01-24 18:21 - 00002135 _____ () C:\Users\Public\Desktop\StudioTax 2013.lnk
2015-01-24 18:20 - 2015-01-24 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2013
2015-01-24 18:19 - 2015-01-24 18:19 - 28544096 _____ (BHOK IT Consulting) C:\Users\Sandra\Downloads\StudioTax2013Install.exe
2015-01-24 17:26 - 2015-01-24 17:26 - 00000953 _____ () C:\Users\Public\Desktop\easyCTAX.lnk
2015-01-24 17:26 - 2015-01-24 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\easyCTAX
2015-01-24 17:26 - 2015-01-24 17:26 - 00000000 ____D () C:\Program Files (x86)\easyCTAX
2015-01-18 12:24 - 2015-01-18 12:24 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 16:44 - 2014-03-05 11:48 - 00026466 _____ () C:\Users\Sandra\Downloads\FRST.txt
2015-02-14 16:44 - 2014-03-05 11:47 - 00000000 ____D () C:\FRST
2015-02-14 16:44 - 2014-03-05 11:45 - 02134528 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64.exe
2015-02-14 16:40 - 2015-01-05 15:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Skype
2015-02-14 16:31 - 2013-07-17 12:00 - 1160324096 _____ () C:\Users\Sandra\Desktop\Old Outlook.pst
2015-02-14 16:17 - 2013-07-18 13:49 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-14 15:51 - 2015-01-01 05:31 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-02-14 15:49 - 2013-11-18 15:56 - 00000000 ____D () C:\Users\Sandra\Desktop\Old Firefox Data
2015-02-14 15:44 - 2009-07-13 21:45 - 00031712 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-14 15:44 - 2009-07-13 21:45 - 00031712 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-14 15:42 - 2013-07-12 13:25 - 01418298 _____ () C:\windows\WindowsUpdate.log
2015-02-14 15:42 - 2009-07-13 22:13 - 00943938 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-14 15:41 - 2013-10-15 11:04 - 00000000 ___RD () C:\Users\Sandra\Dropbox
2015-02-14 15:41 - 2013-07-18 15:42 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Dropbox
2015-02-14 15:40 - 2014-12-05 14:42 - 00000508 _____ () C:\windows\Tasks\Malwarebytes Anti-Exploit.job
2015-02-14 15:40 - 2013-11-23 12:58 - 00000000 ____D () C:\Temp
2015-02-14 15:40 - 2013-08-30 17:19 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-14 15:37 - 2014-04-22 12:41 - 00000000 ____D () C:\ProgramData\VMware
2015-02-14 15:37 - 2014-03-20 08:39 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-02-14 15:37 - 2013-10-06 14:17 - 00032628 _____ () C:\windows\setupact.log
2015-02-14 15:37 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-14 15:36 - 2010-11-20 20:47 - 01763494 _____ () C:\windows\PFRO.log
2015-02-14 15:36 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system
2015-02-14 15:31 - 2014-12-05 14:21 - 00002420 _____ () C:\Users\Sandra\Desktop\Rkill.txt
2015-02-14 15:30 - 2012-03-14 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S-Bar
2015-02-14 15:30 - 2012-03-14 23:28 - 00000000 ____D () C:\Program Files (x86)\S-Bar
2015-02-14 15:17 - 2014-07-23 16:54 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 12:56 - 2012-03-14 23:00 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-02-12 12:50 - 2013-07-30 16:26 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-08 11:35 - 2014-09-01 14:59 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Adobe
2015-02-07 09:41 - 2014-12-15 10:33 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 09:41 - 2014-12-15 10:33 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 09:41 - 2014-12-15 10:33 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 09:41 - 2014-07-23 21:58 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 21:39 - 2014-12-15 10:39 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 13:17 - 2014-12-09 18:58 - 05070512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-04 13:17 - 2013-07-18 13:49 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 13:17 - 2013-07-18 13:49 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 13:17 - 2013-07-18 13:49 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 22:25 - 2014-12-09 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-01-27 10:21 - 2013-07-12 13:32 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\MAGIX
2015-01-21 11:32 - 2010-11-20 20:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-18 12:24 - 2013-07-25 16:53 - 00023040 _____ (Apple Inc.) C:\windows\system32\Drivers\netaapl64.sys
==================== Files in the root of some directories =======
2005-12-08 19:51 - 2005-12-08 19:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2014-07-23 21:58 - 2014-07-23 21:58 - 50063360 _____ () C:\Program Files (x86)\GUTCF60.tmp
2014-06-03 05:08 - 2014-06-03 05:08 - 0000149 _____ () C:\Users\Sandra\AppData\Roaming\mbam.context.scan
2013-11-19 16:07 - 2013-11-19 16:07 - 0124494 _____ () C:\Users\Sandra\AppData\Local\ars.cache
2013-11-19 17:00 - 2013-11-19 17:00 - 0278466 _____ () C:\Users\Sandra\AppData\Local\census.cache
2013-11-19 12:12 - 2013-12-10 13:38 - 0000000 _____ () C:\Users\Sandra\AppData\Local\Driver_LOM_8161Present.flag
2013-11-19 15:30 - 2013-11-19 15:30 - 0000036 _____ () C:\Users\Sandra\AppData\Local\housecall.guid.cache
2013-07-18 11:24 - 2013-07-18 12:05 - 0001229 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpynqfwk.dll
C:\Users\Sandra\AppData\Local\Temp\_isA407.exe
C:\Users\Sandra\AppData\Local\Temp\_isCE7F.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 16:03
==================== End Of Log ============================
No other file : addition.txt popped up
Thank you in advance for your help.