Jump to content

Starrberry

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ah, my apologies. I forgot to add onto the post the two files. FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2014 Ran by Starrberry (ATTENTION: The logged in user is not administrator) on KANKRI-V on 07-09-2014 03:39:34 Running from C:\Users\Starrberry\Desktop\other thingers Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Akamai Technologies, Inc.) C:\Users\Starrberry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Starrberry\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [525112 2010-11-11] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] () HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKU\S-1-5-21-3894143249-3169496688-821536860-1008\...\Run: [Akamai NetSession Interface] => C:\Users\Starrberry\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3894143249-3169496688-821536860-1008\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3894143249-3169496688-821536860-1008\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3894143249-3169496688-821536860-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Starrberry\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3894143249-3169496688-821536860-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3894143249-3169496688-821536860-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.) Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 20 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 FireFox: ======== FF ProfilePath: C:\Users\Starrberry\AppData\Roaming\Mozilla\Firefox\Profiles\j7ckf1mz.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files\TabletPlugins\npwacom.dll No File FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Extension: No Name - C:\Users\Starrberry\AppData\Roaming\Mozilla\Firefox\Profiles\j7ckf1mz.default\Extensions\trash [2014-08-26] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Starrberry\AppData\Roaming\Mozilla\Firefox\Profiles\j7ckf1mz.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-09] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Starrberry\AppData\Roaming\Mozilla\Firefox\Profiles\j7ckf1mz.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-08-09] FF Extension: Dictionary Extension - C:\Users\Starrberry\AppData\Roaming\Mozilla\Firefox\Profiles\j7ckf1mz.default\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi [2014-08-14] FF Extension: XKit - C:\Users\Starrberry\AppData\Roaming\Mozilla\Firefox\Profiles\j7ckf1mz.default\Extensions\xkit@studioxenix.com.xpi [2014-08-09] FF Extension: Twitter App - C:\Users\Starrberry\AppData\Roaming\Mozilla\Firefox\Profiles\j7ckf1mz.default\Extensions\{12b6fdcd-4423-4276-82a3-73fdbff5f7e4}.xpi [2014-08-14] FF Extension: Adblock Plus - C:\Users\Starrberry\AppData\Roaming\Mozilla\Firefox\Profiles\j7ckf1mz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-09] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-09] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-09] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-26] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-01-22] Chrome: ======= CHR HomePage: Default -> CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter} CHR CustomProfile: C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-04] CHR Extension: (Google Drive) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-04] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04] CHR Extension: (YouTube) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-04] CHR Extension: (Adblock Plus) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-04] CHR Extension: (Google Search) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-04] CHR Extension: (Stylish) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-06-04] CHR Extension: (XKit) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-06-04] CHR Extension: (Click to Remove Element) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgpghgjhhahcefnfpbncdmhhddedhnk [2014-06-13] CHR Extension: (Bunny) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\liamdcfhclcpdgfdllgpcecaglkhfbde [2014-06-04] CHR Extension: (Google Wallet) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-04] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-06-04] CHR Extension: (Adblock Pro) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-06-06] CHR Extension: (Gmail) - C:\Users\Starrberry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-04] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.) R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [193848 2010-11-11] () R2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [99640 2010-10-06] (Apple Inc.) R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20472 2012-09-12] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [287824 2012-09-12] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed] R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed] R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed] R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [542488 2014-01-13] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AppleBtBc; C:\Windows\System32\DRIVERS\AppleBtBc.sys [18432 2010-09-17] (Apple Inc.) R0 AppleHFS; C:\Windows\system32\Drivers\AppleHFS.sys [49280 2010-11-11] (Apple Inc.) [File not signed] R0 AppleMNT; C:\Windows\system32\Drivers\AppleMNT.sys [6784 2010-11-11] (Apple Inc.) [File not signed] R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2010-10-14] (Apple Inc.) R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29824 2010-10-14] (Apple Inc.) S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-30] (Avanquest Software) [File not signed] R3 CirrusFilter; C:\Windows\System32\DRIVERS\CS420x86.sys [14336 2010-10-14] (Cirrus Logic) S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [12088 2013-11-11] (Windows ® Win 7 DDK provider) R3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2010-08-10] (Apple Inc.) R2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [6528 2010-11-11] (Apple Inc.) [File not signed] R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [24064 2010-09-17] (Apple Inc.) R2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [12928 2010-08-05] (Apple Inc.) [File not signed] R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-07] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation) S3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.) R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [72192 2013-02-05] () [File not signed] S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [540288 2008-09-12] (eMPIA Technology, Inc.) S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [443520 2008-09-12] (eMPIA Technology, Inc.) S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [76600 2013-11-11] (Wacom Technology) S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13112 2013-11-11] (Wacom Technology) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\Users\Overlord\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-07 03:37 - 2014-09-07 03:40 - 00000000 ____D () C:\FRST 2014-09-07 03:37 - 2014-09-07 03:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-07 03:37 - 2014-09-07 03:37 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-07 03:37 - 2014-09-07 03:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-07 03:37 - 2014-09-07 03:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-07 03:37 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-07 03:37 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-07 03:37 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-04 20:29 - 2014-09-04 20:29 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-27 19:18 - 2014-08-27 19:18 - 00000000 ____D () C:\Users\Starrberry\Desktop\illustration 2014-08-27 19:15 - 2014-08-27 19:18 - 00000000 ____D () C:\Users\Starrberry\Desktop\games 2014-08-26 20:15 - 2014-08-26 20:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom 2014-08-20 19:49 - 2014-08-20 19:49 - 00000000 ____D () C:\Users\Starrberry\dwhelper 2014-08-18 21:51 - 2014-08-18 21:51 - 00000000 ____D () C:\Users\Starrberry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-08-18 21:31 - 2014-08-27 22:46 - 00000000 ____D () C:\Program Files\Steam 2014-08-18 21:31 - 2014-08-18 21:41 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-08-18 21:31 - 2014-08-18 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-08-09 21:52 - 2014-08-09 21:52 - 00000104 _____ () C:\Users\Starrberry\Desktop\Internet - Shortcut.lnk 2014-08-09 18:07 - 2014-08-09 18:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-09 18:04 - 2014-08-09 18:04 - 00000000 ____D () C:\Users\Starrberry\AppData\Local\Macromedia 2014-08-09 18:02 - 2014-08-09 18:03 - 00000000 ____D () C:\Users\Starrberry\AppData\Roaming\Mozilla 2014-08-09 18:02 - 2014-08-09 18:02 - 00000000 ____D () C:\Users\Starrberry\AppData\Local\Mozilla ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-07 03:40 - 2014-09-07 03:37 - 00000000 ____D () C:\FRST 2014-09-07 03:39 - 2014-06-04 01:40 - 00000000 ____D () C:\Users\Starrberry\Desktop\other thingers 2014-09-07 03:37 - 2014-09-07 03:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-07 03:37 - 2014-09-07 03:37 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-07 03:37 - 2014-09-07 03:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-07 03:37 - 2014-09-07 03:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-07 03:24 - 2006-11-02 07:52 - 01763149 _____ () C:\Windows\WindowsUpdate.log 2014-09-07 03:18 - 2014-06-04 01:32 - 00000000 ____D () C:\Users\Starrberry\AppData\Roaming\Skype 2014-09-07 03:14 - 2013-03-23 16:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-07 02:47 - 2011-11-22 15:58 - 00000000 ____D () C:\Program Files\PaintTool SAI English Pack 2014-09-07 01:59 - 2006-11-02 07:47 - 00004128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-07 01:59 - 2006-11-02 07:47 - 00004128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-07 01:29 - 2006-11-02 07:37 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC 2014-09-06 22:24 - 2013-08-14 10:47 - 00070789 _____ () C:\ProgramData\nvModes.001 2014-09-06 22:24 - 2013-08-14 10:44 - 00070789 _____ () C:\ProgramData\nvModes.dat 2014-09-04 20:29 - 2014-09-04 20:29 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-04 20:29 - 2011-01-23 19:46 - 00000000 ____D () C:\ProgramData\Skype 2014-09-04 19:43 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-27 22:46 - 2014-08-18 21:31 - 00000000 ____D () C:\Program Files\Steam 2014-08-27 19:18 - 2014-08-27 19:18 - 00000000 ____D () C:\Users\Starrberry\Desktop\illustration 2014-08-27 19:18 - 2014-08-27 19:15 - 00000000 ____D () C:\Users\Starrberry\Desktop\games 2014-08-27 18:20 - 2010-12-26 22:37 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-08-27 18:20 - 2006-11-02 08:01 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-27 01:40 - 2014-06-07 18:34 - 00049840 _____ () C:\Windows\setupact.log 2014-08-26 20:15 - 2014-08-26 20:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom 2014-08-26 20:14 - 2013-02-18 23:34 - 00000000 ____D () C:\Program Files\Tablet 2014-08-21 00:31 - 2014-06-07 23:14 - 00000000 ____D () C:\Users\Starrberry\AppData\Local\Procaster 2014-08-20 19:49 - 2014-08-20 19:49 - 00000000 ____D () C:\Users\Starrberry\dwhelper 2014-08-20 19:49 - 2014-06-04 01:21 - 00000000 ____D () C:\Users\Starrberry 2014-08-18 21:51 - 2014-08-18 21:51 - 00000000 ____D () C:\Users\Starrberry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-08-18 21:41 - 2014-08-18 21:31 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-08-18 21:31 - 2014-08-18 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-08-18 21:29 - 2011-01-23 19:47 - 00000000 ____D () C:\Program Files\Google 2014-08-18 21:28 - 2014-08-05 15:00 - 00000000 ____D () C:\Users\Overlord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2014-08-18 21:28 - 2014-08-05 10:31 - 00000000 ____D () C:\AeriaGames 2014-08-18 21:25 - 2013-02-05 04:30 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin 2014-08-11 08:13 - 2012-11-02 16:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-09 21:52 - 2014-08-09 21:52 - 00000104 _____ () C:\Users\Starrberry\Desktop\Internet - Shortcut.lnk 2014-08-09 18:08 - 2014-08-09 18:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-09 18:04 - 2014-08-09 18:04 - 00000000 ____D () C:\Users\Starrberry\AppData\Local\Macromedia 2014-08-09 18:03 - 2014-08-09 18:02 - 00000000 ____D () C:\Users\Starrberry\AppData\Roaming\Mozilla 2014-08-09 18:02 - 2014-08-09 18:02 - 00000000 ____D () C:\Users\Starrberry\AppData\Local\Mozilla Files to move or delete: ==================== C:\ProgramData\ahYdVD2x7.dat C:\Users\Public\SaiAnimationAssistant.exe Some content of TEMP: ==================== C:\Users\Overlord\AppData\Local\temp\dxwebsetup.exe C:\Users\Overlord\AppData\Local\temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD, see Addition.txt for additional information. ==================== End Of Log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-09-2014 Ran by Starrberry at 2014-09-07 03:42:06 Running from C:\Users\Starrberry\Desktop\other thingers Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C} AS: Microsoft Security Essentials (Disabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated) Adobe AIR (Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.6) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Always Sometimes Monsters (HKLM\...\Steam App 274310) (Version: - Vagabond Dog) Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.) Boot Camp Services (HKLM\...\{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}) (Version: 3.2.0 - Apple Inc.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC) Google Talk Plugin (HKLM\...\{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}) (Version: 2.0.7.0 - Google) Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden JTablet (HKLM\...\JTablet) (Version: - ) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Livestream Procaster (HKLM\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.1.0522.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation) QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.) Roxio Video Capture USB Driver (HKLM\...\TVEpaDrv) (Version: - ) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Steam (HKLM\...\Steam) (Version: - Valve Corporation) STOnline (HKLM\...\{14FE48DA-E172-4CC5-B397-92ECA4B0E088}) (Version: 1.0000 - koramgame) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Video Capture USB (HKLM\...\{D5D52242-0767-4A6E-8A8A-B5CB8015E9BF}) (Version: 1.00.0000 - Roxio) Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.) WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital) WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Windows Driver Package - Apple Inc. (applebt) Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\31BC243044B2C02B454ECDA8F5B44427F3754DD0) (Version: 03/01/2010 3.0.0.5 - Apple Inc.) Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18) (HKLM\...\AD3493E108434977125BBF78F47699626F8AF64B) (Version: 01/11/2008 3.4.3.18 - Apple Inc.) Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10) (HKLM\...\07170A155D5587C8782EABA10E94E4127A86F6E4) (Version: 02/01/2008 3.8.3.10 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB) (Version: 06/27/2007 2.0.0.1 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (03/01/2010 3.1.0.3) (HKLM\...\5D1F13EEF9A42CC17001EAFFC701D57AF8D13E9D) (Version: 03/01/2010 3.1.0.3 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\9324ED54E32F5399037F87E076CA01C6CEB92830) (Version: 10/25/2007 2.0.1.0 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C) (Version: 01/23/2009 3.0.0.0 - Apple Inc.) Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\4D00971668041EDAD7097C5827D1739F03B9E5D7) (Version: 02/21/2008 2.0.4.0 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Keyboard (03/24/2010 3.1.0.3) (HKLM\...\10D2BC6E46256E5119E70339886763898529B437) (Version: 03/24/2010 3.1.0.3 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Multitouch (02/11/2010 3.1.0.0) (HKLM\...\60B5F87397EB801AB1BAB3E940CE0E077830B153) (Version: 02/11/2010 3.1.0.0 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1) (HKLM\...\AEB482706002E9220FBFB86D4A1D24257F71A3D4) (Version: 10/05/2010 3.2.0.1 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Multitouch Mouse (02/11/2010 3.1.0.0) (HKLM\...\5A9DF61C17938C73DCC75C9B4B3A4DE3C74D38ED) (Version: 02/11/2010 3.1.0.0 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1) (HKLM\...\A7A7D84907D2DCB34930D77C6BA911E3834C1E34) (Version: 10/05/2010 3.2.0.1 - Apple Inc.) Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) (HKLM\...\B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69) (Version: 01/17/2008 2.0.2.2 - Apple Inc.) Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\2E2B6DCC02509BB8D2629A009DE8B5C3055B6779) (Version: 05/17/2010 3.1.0.0 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE) (Version: 07/13/2009 3.0.0.1 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\111E266FDD1556398EFC13BE47678F96E8497682) (Version: 07/13/2009 3.0.0.1 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6) (HKLM\...\DE32692B1421420518B0CA8EEDD6DF2A494F279F) (Version: 11/30/2009 3.0.0.6 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Trackpad (04/12/2010 3.1.0.5) (HKLM\...\E0C32821F1E2CE3EB89C177BEA1AEF6558D681D9) (Version: 04/12/2010 3.1.0.5 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7) (HKLM\...\CFC3D985EA69596C8BE0A30313010FCC8CE2C70F) (Version: 08/24/2010 3.1.0.7 - Apple Inc.) Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1) (HKLM\...\F24CB85E5983448F6319803791DEACED91E6565B) (Version: 08/22/2008 2.1.1.1 - Apple Inc.) Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 7.7.0.434) (HKLM\...\0DF30D63AA94091241BEC5BF3F24685040EAEC69) (Version: 11/18/2009 7.7.0.434 - Atheros Communications Inc.) Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3) (HKLM\...\9AA5295F27284963423D072C7FC59D57CDE15ACA) (Version: 05/28/2009 12.2.0.3 - Broadcom) Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8) (HKLM\...\E9575EA5D430B59D0CFF29323C74D0FBA1898F3B) (Version: 08/21/2009 5.60.18.8 - Broadcom) Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/28/2010 6.6001.1.25) (HKLM\...\16E9B4B4A3817C38179BF7D6E12774E0432FD558) (Version: 04/28/2010 6.6001.1.25 - Cirrus Logic, Inc.) Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26) (HKLM\...\680D5EED614F3F01A9AD4547E9D81CFE9B0E4902) (Version: 08/16/2010 6.6001.1.26 - Cirrus Logic, Inc.) Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0) (HKLM\...\B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D) (Version: 02/06/2008 9.12.17.0 - Intel) Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0) (HKLM\...\2AC97D2605162B73D046D68013D1030CB7CFB87E) (Version: 01/08/2008 8.3.9.0 - Intel) Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) (HKLM\...\9747248FCA6A074E791AABC17F527823A8225756) (Version: 07/22/2008 10.3.45.0 - Intel) Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) (HKLM\...\1E934494E1FDB938ED1D9B958D5D5D465A07F06A) (Version: 08/05/2008 10.3.49.0 - Intel) Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0) (HKLM\...\065B919FD23D12E588F6E2BFB21F7836E2F0E704) (Version: 07/16/2008 9.52.10.0 - Intel) Windows Driver Package - Intel Net (02/06/2008 9.12.18.0) (HKLM\...\78C67451B87511098A9A0EC86E75B99B12298F5C) (Version: 02/06/2008 9.12.18.0 - Intel) Windows Driver Package - Intel Net (06/13/2008 9.52.9.0) (HKLM\...\A06888013552B918232820F81FDBA706F5CAAD39) (Version: 06/13/2008 9.52.9.0 - Intel) Windows Driver Package - Intel Net (07/22/2008 10.3.45.0) (HKLM\...\675AAC36E980D647C94EAFFB2F929F247E711708) (Version: 07/22/2008 10.3.45.0 - Intel) Windows Driver Package - Intel Net (08/05/2008 10.3.49.0) (HKLM\...\7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D) (Version: 08/05/2008 10.3.49.0 - Intel) Windows Driver Package - Intel Net (11/07/2007 8.10.1.0) (HKLM\...\627745F8E8BB901B043047C3E308B4A76C1194FE) (Version: 11/07/2007 8.10.1.0 - Intel) Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (HKLM\...\82BE89CA9B7493FA05D2D4D32B415CF07EA08B47) (Version: 07/20/2007 1.2.76.0 - Intel) Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3) (HKLM\...\1D68F7A8B8397256B162B831457A6775BD17F3F4) (Version: 03/23/2007 10.12.7.3 - Marvell) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH) Yahoo! Detect (HKLM\...\YTdetect) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-12-04 22:16 - 2012-07-28 00:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? ==================== Loaded Modules (whitelisted) ============= 2013-11-18 03:20 - 2014-01-13 11:24 - 01019672 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2014-08-09 18:07 - 2014-08-09 18:07 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-07-29 23:41 - 2014-07-29 23:41 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\$NtUninstallKB56838$:SummaryInformation AlternateDataStreams: C:\Windows\$NtUninstallKB8697$:SummaryInformation ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Belkin Local Backup Service => 2 MSCONFIG\Services: Belkin Network USB Helper => 2 MSCONFIG\Services: dot3svc => 3 MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: ehstart => 2 MSCONFIG\Services: napagent => 3 MSCONFIG\Services: SNMPTRAP => 3 MSCONFIG\Services: swprv => 3 MSCONFIG\Services: TBS => 2 MSCONFIG\Services: THREADORDER => 3 MSCONFIG\Services: TrustedInstaller => 3 MSCONFIG\Services: UI0Detect => 3 MSCONFIG\Services: vds => 3 MSCONFIG\Services: VSS => 3 MSCONFIG\Services: wcncsvc => 3 MSCONFIG\Services: WcsPlugInService => 3 MSCONFIG\Services: WdiServiceHost => 3 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\Services: wercplsupport => 3 MSCONFIG\Services: WinDefend => 3 MSCONFIG\Services: WinHttpAutoProxySvc => 3 MSCONFIG\Services: WinRM => 3 MSCONFIG\Services: wmiApSrv => 3 MSCONFIG\Services: WMPNetworkSvc => 3 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: WPFFontCache_v0400 => 3 MSCONFIG\Services: wscsvc => 2 MSCONFIG\Services: wuauserv => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: InstaLAN => "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup MSCONFIG\startupreg: NACAgentUI => C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/07/2014 00:14:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/06/2014 07:37:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/06/2014 07:37:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/06/2014 07:37:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/05/2014 09:58:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/05/2014 06:33:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/04/2014 08:31:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/04/2014 08:31:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/04/2014 08:31:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (09/04/2014 08:31:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\STARRBERRY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) System errors: ============= Error: (09/07/2014 03:24:35 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1831.0 Update Source: %NT AUTHORITY59 Update Stage: 4.1.0522.00 Source Path: 4.1.0522.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (09/06/2014 10:34:20 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (09/06/2014 06:09:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1219.0 Update Source: %NT AUTHORITY59 Update Stage: 4.1.0522.00 Source Path: 4.1.0522.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (09/06/2014 03:36:57 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1219.0 Update Source: %NT AUTHORITY59 Update Stage: 4.1.0522.00 Source Path: 4.1.0522.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (09/05/2014 06:15:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1219.0 Update Source: %NT AUTHORITY59 Update Stage: 4.1.0522.00 Source Path: 4.1.0522.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (09/05/2014 00:28:52 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1219.0 Update Source: %NT AUTHORITY59 Update Stage: 4.1.0522.00 Source Path: 4.1.0522.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (09/04/2014 11:06:45 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (09/04/2014 07:53:27 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1219.0 Update Source: %NT AUTHORITY59 Update Stage: 4.1.0522.00 Source Path: 4.1.0522.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (09/04/2014 07:43:31 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: ) Description: %Trojan:WinNT/Sirefef.J60 has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: %Trojan:WinNT/Sirefef.J603 Name: Trojan:WinNT/Sirefef.J ID: 2147651153 Severity: %Trojan:WinNT/Sirefef.J600 Category: %Trojan:WinNT/Sirefef.J602 Path: 4.1.0522.02 Detection Origin: 4.1.0522.04 Detection Type: 4.1.0522.08 Detection Source: %Trojan:WinNT/Sirefef.J608 User: {BC5B9F28-A1DB-4387-AA35-33D102D19C9F}9 Process Name: %Trojan:WinNT/Sirefef.J609 Action: {BC5B9F28-A1DB-4387-AA35-33D102D19C9F}1 Action Status: {BC5B9F28-A1DB-4387-AA35-33D102D19C9F}8 Error Code: {BC5B9F28-A1DB-4387-AA35-33D102D19C9F}3 Error description: {BC5B9F28-A1DB-4387-AA35-33D102D19C9F}4 Signature Version: 2014-08-28T00:21:40.863Z1 Engine Version: 2014-08-28T00:21:40.863Z2 Error: (09/04/2014 07:43:22 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:50:05 on 2014/09/04 was unexpected. Microsoft Office Sessions: ========================= Error: (09/07/2014 00:14:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING-TO_DELETE Error: (09/06/2014 07:37:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING Error: (09/06/2014 07:37:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING Error: (09/06/2014 07:37:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING-BACKUP Error: (09/05/2014 09:58:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING-BACKUP Error: (09/05/2014 06:33:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\J7CKF1MZ.DEFAULT\SAFEBROWSING-TO_DELETE Error: (09/04/2014 08:31:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES Error: (09/04/2014 08:31:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES Error: (09/04/2014 08:31:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS Error: (09/04/2014 08:31:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\STARRBERRY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS CodeIntegrity Errors: =================================== Date: 2014-09-07 03:42:02.807 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-07 03:42:02.368 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-07 03:42:01.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-07 03:42:01.510 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-07 03:42:01.087 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-07 03:42:00.664 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-07 03:41:53.657 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-07 03:41:53.094 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-07 03:41:52.541 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-07 03:41:51.969 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz Percentage of memory in use: 65% Total physical RAM: 2805.75 MB Available physical RAM: 976.89 MB Total Pagefile: 5854.16 MB Available Pagefile: 3595.44 MB Total Virtual: 2047.88 MB Available Virtual: 1897.71 MB ==================== Drives ================================ Drive c: (BOOTCAMP) (Fixed) (Total:116.56 GB) (Free:25.64 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (TurboTax 2013) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS Drive f: (Macintosh HD) (Fixed) (Total:116 GB) (Free:76.42 GB) HFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================
  2. Hello! I do hope that I'm posting in the right forum. So I have a bit of a problem that has been persisting for the past few months. Whenever I am using an internet browser (so far it has occured when using Firefox, Chrome and Internet Explorer) the browser window will spontaneously disappear. If I'm clicking on a link or something of the sort when it disappears, the program window that is open beneath it will respond. (I.e. If Winamp is open then it will act as though I switched to Winamp.) It didn't do this a few years ago on this same computer with the same operating system. I run Windows Vista on a MacBook Pro through Bootcamp (or something of the sort, I'm not entirely sure how). The problem occurs without warning no matter what combination of programs are open. It happens while on the net or looking through files on my computer. Let me know if there is any other information you guys need. Thanks in advance!
  3. Ran the scan. Nothing was found. I restarted my computer earlier today and it came back up perfectly. Everything is running, and no redirect problems yet! So thank you very much!
  4. I couldn't delete the files manually, but after I ran Combo Fix it said it deleted it. [it said I needed "permission" and even though I put in the password for the administrator account it still denied my access. Is there a reason for that?] And then Combo Fix gave me a log [it started literally rapidly opening and closing its window for a while though] ComboFix 11-12-04.04 - Overlord 12/04/2011 21:06:51.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2806.1675 [GMT -6:00] Running from: c:\users\Starrberry\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ncX3718X.exe c:\users\Starrberry\TDSSKiller.exe c:\windows\system32\ELR12B.com c:\windows\system32\ELR12B.com_ . . ((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 ))))))))))))))))))))))))))))))) . . 2011-12-05 03:16 . 2011-12-05 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-05 02:52 . 2011-12-05 02:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0BAA2CE-C055-409F-946A-0DE8DA75615C}\offreg.dll 2011-12-02 10:08 . 2011-12-02 10:08 -------- d-----w- c:\programdata\Malwarebytes 2011-12-02 10:08 . 2011-12-02 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-02 10:08 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-02 09:46 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0BAA2CE-C055-409F-946A-0DE8DA75615C}\mpengine.dll 2011-12-02 09:08 . 2011-12-05 03:15 -------- d-----w- c:\users\Starrberry 2011-11-30 20:56 . 2011-11-30 20:56 -------- d-----w- c:\program files\EasyToon 2011-11-30 20:55 . 2011-11-30 20:55 -------- d-----w- c:\program files\VisualBoyAdvance 2011-11-30 20:52 . 2011-12-04 19:08 -------- d-----w- c:\users\Public\Public Desktop 2011-11-30 00:27 . 2011-11-30 01:12 -------- d-----w- c:\users\Public\textures 2011-11-26 23:38 . 2011-11-26 23:38 -------- d-----w- c:\program files\Poop Shop 2011-11-22 20:58 . 2011-12-05 00:10 -------- d-----w- c:\program files\PaintTool SAI English Pack 2011-11-22 20:50 . 2011-11-22 20:51 -------- d-----w- c:\users\Overlord 2011-11-13 22:38 . 2011-11-13 22:38 -------- d-----w- c:\windows\system32\HostFontCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-17 21:51 . 2011-05-31 18:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-13 22:05 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-11-21 04:04 . 2011-12-04 19:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2010-11-12 525112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400] "NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-08-19 454400] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 . R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 152064] R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 49152] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 136176] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 16240] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2010-11-12 193848] S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2010-10-07 99640] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2010-11-12 6528] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-08-05 12928] S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-08-19 783616] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 4869488] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 416112] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056] S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752] S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352] S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2010-09-18 18432] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2010-10-15 10880] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2010-10-15 29824] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2010-09-18 260648] S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x86.sys [2010-10-15 14336] S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2010-08-10 16512] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2010-09-18 24064] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-18 68200] S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 247320] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 00:47] . 2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 00:47] . . ------- Supplementary Scan ------- . LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . AddRemove-PaintToolSAI - c:\users\Starr Berry\Downloads\PaintToolSAI\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-04 21:16 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-12-04 21:19:40 ComboFix-quarantined-files.txt 2011-12-05 03:19 . Pre-Run: 65,687,134,208 bytes free Post-Run: 66,661,388,288 bytes free . - - End Of File - - D3D2D577D1F2080C6FC268772014EDAA
  5. http://www.virustotal.com/file-scan/report.html?id=6637c35f8c56c70070fa70830e26af24aa9df1197f2ef7b3eca74df0240889b1-1323045663 That's the link to it.
  6. Wait nevermind the website loaded now. :1 I sent ELR12B.com File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: 6892aee1ecace53ef21b2f30e0ee183c Date first seen: 2011-11-21 18:41:24 (UTC) Date last seen: 2011-12-04 13:19:55 (UTC) Detection ratio: 31/43 What do you wish to do? Selected "View Last Report" Antivirus Version Last Update Result AhnLab-V3 2011.12.04.00 2011.12.04 Trojan/Win32.Inject AntiVir 7.11.18.206 2011.12.04 TR/Crypt.ZPACK.Gen Antiy-AVL 2.0.3.7 2011.12.04 Trojan/Win32.Inject.gen Avast 6.0.1289.0 2011.12.04 Win32:Malware-gen AVG 10.0.0.1190 2011.12.04 Generic25.CMYL BitDefender 7.2 2011.12.05 Trojan.CryptRedol.Gen.3 ByteHero 1.0.0.1 2011.11.29 Trojan.Win32.Heur.089 CAT-QuickHeal 12.00 2011.12.04 Trojan.Inject.bvx ClamAV 0.97.3.0 2011.12.04 - Commtouch 5.3.2.6 2011.12.04 - Comodo 10842 2011.12.04 TrojWare.Win32.Kryptik.QLX DrWeb 5.0.2.03300 2011.12.05 - Emsisoft 5.1.0.11 2011.12.05 Gen.Trojan.Heur!IK eSafe 7.0.17.0 2011.12.04 Win32.Trojan eTrust-Vet 37.0.9600 2011.12.02 - F-Prot 4.6.5.141 2011.11.29 - F-Secure 9.0.16440.0 2011.12.05 Trojan.CryptRedol.Gen.3 Fortinet 4.3.388.0 2011.12.04 W32/Xed.24 GData 22 2011.12.05 Trojan.CryptRedol.Gen.3 Ikarus T3.1.1.109.0 2011.12.04 Gen.Trojan.Heur Jiangmin 13.0.900 2011.12.04 - K7AntiVirus 9.119.5589 2011.12.03 Riskware Kaspersky 9.0.0.837 2011.12.05 Trojan.Win32.Inject.bvxv McAfee 5.400.0.1158 2011.12.05 Generic.dx!bb3c McAfee-GW-Edition 2010.1D 2011.12.04 Microsoft 1.7903 2011.12.04 TrojanDownloader:Win32/Obvod.H NOD32 6681 2011.12.04 a variant of Win32/Kryptik.VRX Norman 6.07.13 2011.12.04 W32/Suspicious_Gen2.SUHPG nProtect 2011-12-04.01 2011.12.04 Trojan.CryptRedol.Gen.3 Panda 10.0.3.5 2011.12.04 Generic Trojan PCTools 8.0.0.5 2011.12.05 Trojan.Generic Prevx 3.0 2011.12.05 - Rising 23.86.04.02 2011.12.02 - Sophos 4.71.0 2011.12.05 Mal/EncPk-ZC SUPERAntiSpyware 4.40.0.1006 2011.12.03 Trojan.Agent/Gen Symantec 20111.2.0.82 2011.12.05 Trojan.Gen TheHacker 6.7.0.1.352 2011.12.01 Trojan/Inject.bvxv TrendMicro 9.500.0.1008 2011.12.04 Mal_Xed-24 TrendMicro-HouseCall 9.500.0.1008 2011.12.05 Mal_Xed-24 VBA32 3.12.16.4 2011.12.03 - VIPRE 11203 2011.12.04 Trojan.Win32.Generic!BT ViRobot 2011.12.3.4807 2011.12.04 - VirusBuster 14.1.99.0 2011.12.04 - Additional information MD5 : 6892aee1ecace53ef21b2f30e0ee183c SHA1 : 6e8b3141c790b012e3da0ad7588eefe25416daea SHA256: 6637c35f8c56c70070fa70830e26af24aa9df1197f2ef7b3eca74df0240889b1 VT Community The other files I put in there it didn't load anything.
  7. I saw those earlier and have no idea what they're for. COINCIDENTLY it says they were created the same day as the problems started happening. The link you provided won't open for some reason in my browser.. [to the virustotal website] TDSSKiller didn't detect anything either.. "No threats found"
  8. Nevermind I downloaded it! DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24 Run by Overlord at 13:39:03 on 2011-12-04 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2806.1460 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe C:\Windows\system32\AppleOSSMgr.exe C:\Windows\system32\AppleTimeSrv.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Boot Camp\Bootcamp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\ELR12B.com C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\ELR12B~1.COM C:\Windows\system32\ELR12B~1.COM C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [Apple_KbdMgr] c:\program files\boot camp\Bootcamp.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: c:\windows\system32\wpclsp.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E17E5C58-962A-43F5-9228-E8250FC47EBA} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R0 AppleHFS;AppleHFS;c:\windows\system32\drivers\AppleHFS.sys [2010-11-11 49280] R0 AppleMNT;AppleMNT;c:\windows\system32\drivers\AppleMNT.sys [2010-11-11 6784] R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2010-11-11 193848] R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2010-10-6 99640] R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-7-7 152064] R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-7-7 49152] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-12-27 21504] R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2010-11-11 6528] R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-8-5 12928] R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-8-19 783616] R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-7-28 4869488] R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-7-28 416112] R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056] R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752] R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352] R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\drivers\AppleBtBc.sys [2010-12-26 18432] R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\drivers\applemtm.sys [2011-9-13 10880] R3 applemtp;Apple Multitouch;c:\windows\system32\drivers\applemtp.sys [2011-9-13 29824] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-12-26 260648] R3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\drivers\CS420x86.sys [2011-9-13 14336] R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2010-12-26 16512] R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2010-12-26 24064] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-26 68200] R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-7-7 247320] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-23 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-23 136176] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-7-28 16240] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-12-03 07:47:01 112128 ----a-w- c:\windows\system32\ELR12B.com 2011-12-03 06:36:44 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b0baa2ce-c055-409f-946a-0de8da75615c}\offreg.dll 2011-12-02 10:08:48 -------- d-----w- c:\users\overlord\appdata\roaming\Malwarebytes 2011-12-02 10:08:21 -------- d-----w- c:\programdata\Malwarebytes 2011-12-02 10:08:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-02 10:08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-02 10:01:12 112128 ----a-w- c:\programdata\ncX3718X.exe_ 2011-12-02 10:01:12 112128 ----a-w- c:\programdata\ncX3718X.exe 2011-12-02 09:46:56 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b0baa2ce-c055-409f-946a-0de8da75615c}\mpengine.dll 2011-11-30 20:56:38 -------- d-----w- c:\program files\EasyToon 2011-11-30 20:55:09 -------- d-----w- c:\program files\VisualBoyAdvance 2011-11-26 23:38:34 -------- d-----w- c:\program files\Poop Shop 2011-11-25 01:26:22 112128 ----a-w- c:\windows\system32\ELR12B.com_ 2011-11-23 04:13:37 -------- d-----w- c:\users\overlord\appdata\local\Windows Live 2011-11-22 20:59:16 -------- d-----w- c:\users\overlord\appdata\local\Mozilla 2011-11-22 20:58:40 -------- d-----w- c:\program files\PaintTool SAI English Pack 2011-11-22 20:51:25 -------- d-----w- c:\users\overlord\appdata\local\Western Digital 2011-11-22 20:51:00 -------- d-----w- c:\users\overlord\appdata\local\VirtualStore 2011-11-13 22:38:23 -------- d-----w- c:\windows\system32\HostFontCache . ==================== Find3M ==================== . 2011-11-17 21:51:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 13:39:57.17 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 12/26/2010 3:22:19 AM System Uptime: 12/3/2011 12:36:14 AM (37 hours ago) . Motherboard: Apple Inc. | | Mac-F222BEC8 Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz | U2E1 | 798/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 117 GiB total, 61.406 GiB free. D: is CDROM () E: is Removable F: is FIXED (HFS) - 116 GiB total, 93.105 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Description: Device ID: ROOT\HIDCLASS\0001 Manufacturer: Wacom Name: PNP Device ID: ROOT\HIDCLASS\0001 Service: . ==== System Restore Points =================== . RP224: 11/24/2011 4:00:28 PM - Scheduled Checkpoint RP225: 11/25/2011 11:37:19 PM - Scheduled Checkpoint RP226: 11/28/2011 2:25:52 AM - Scheduled Checkpoint RP227: 11/30/2011 4:35:57 PM - Scheduled Checkpoint RP228: 11/30/2011 9:23:21 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later. RP229: 12/2/2011 12:00:07 AM - Scheduled Checkpoint RP230: 12/2/2011 3:45:25 AM - Windows Update RP231: 12/3/2011 5:10:29 AM - Scheduled Checkpoint RP232: 12/4/2011 12:00:01 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X (10.0.1) Apple Software Update Bamboo Belkin Setup and Router Monitor Belkin USB Print and Storage Center Boot Camp Services Cisco NAC Agent D3DX10 Epson Event Manager EPSON NX125 NX127 Series Printer Uninstall EPSON Scan Google Chrome Google Talk Plugin Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java Auto Updater Java 6 Update 24 Junk Mail filter update Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 8.0.1 (x86 en-US) MSVCRT NVIDIA Display Control Panel NVIDIA Drivers PaintTool SAI Ver.1 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Segoe UI Skype Toolbars Skype™ 5.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) WD SmartWare WebTablet IE Plugin WebTablet Netscape Plugin Windows Driver Package - Apple Inc. (applebt) Bluetooth (03/01/2010 3.0.0.5) Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18) Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10) Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (03/01/2010 3.1.0.3) Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) Windows Driver Package - Apple Inc. Apple Keyboard (03/24/2010 3.1.0.3) Windows Driver Package - Apple Inc. Apple Multitouch (02/11/2010 3.1.0.0) Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1) Windows Driver Package - Apple Inc. Apple Multitouch Mouse (02/11/2010 3.1.0.0) Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1) Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6) Windows Driver Package - Apple Inc. Apple Wireless Trackpad (04/12/2010 3.1.0.5) Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7) Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1) Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 7.7.0.434) Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3) Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8) Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/28/2010 6.6001.1.25) Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26) Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0) Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0) Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0) Windows Driver Package - Intel Net (02/06/2008 9.12.18.0) Windows Driver Package - Intel Net (06/13/2008 9.52.9.0) Windows Driver Package - Intel Net (07/22/2008 10.3.45.0) Windows Driver Package - Intel Net (08/05/2008 10.3.49.0) Windows Driver Package - Intel Net (11/07/2007 8.10.1.0) Windows Driver Package - Intel System (07/20/2007 1.2.76.0) Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 12/3/2011 12:38:14 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists. 12/3/2011 12:38:14 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists. 12/2/2011 9:12:01 AM, Error: EventLog [6008] - The previous system shutdown at 9:10:03 AM on 12/2/2011 was unexpected. 12/2/2011 7:47:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6 12/2/2011 7:47:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/2/2011 7:47:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/2/2011 7:47:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/2/2011 7:47:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 12/2/2011 7:47:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/2/2011 7:46:55 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21 12/2/2011 7:46:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/2/2011 3:03:29 AM, Error: EventLog [6008] - The previous system shutdown at 3:02:20 AM on 12/2/2011 was unexpected. 12/2/2011 2:02:06 PM, Error: EventLog [6008] - The previous system shutdown at 1:59:58 PM on 12/2/2011 was unexpected. 11/30/2011 9:42:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.253.19.82 for the Network Card with network address F0B479187F54 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
  9. For some reason I cannot download the 'DDS' thing..
  10. Hello! I'm a bit at loss here I have recently gotten a virus or something from someplace [i have no clue]. It loves to redirect my browsers [Firefox, Chrome, IE] to this "get-answers-fast.com" link and then it quickly redirects me to another site. The main problem is that whenever I search something in google like "12 Angry Men movie", it'll open four tabs redirecting to a website that is somehow related to each word I type in. I tried to erase my browsing history and all of that, but it still finds a way to do it and it's driving me nuts! I read alot about how some people go in and manually remove it, but I don't have any of those files that they removed! So I really need help! :c
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.