Jump to content

Timelord

Honorary Members
  • Posts

    112
  • Joined

  • Last visited

Reputation

0 Neutral
  1. RK Log: RogueKiller V10.0.0.0 (x64) [Oct 7 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Timelord [Administrator] Mode : Scan -- Date : 10/10/2014 02:58:15 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 6 ¤¤¤ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1383894978-2467561526-2943314973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1383894978-2467561526-2943314973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] yofu0qn5.default : user_pref("browser.startup.homepage", "https://startpage.com/eng/"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543225A7A384 +++++ --- User --- [MBR] ee24c993f426bac9ab74c5a828d0acd3 [bSP] 881e3dd2699467a6214aca2bc05bae2c : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 223013 MB User = LL1 ... OK User = LL2 ... OK
  2. After I went through 4 pages of help with the wonderful Mr. Charlie it was finally decided that a fresh install would be best. I took a break and did the fresh install. Being more educated and cautious I changed the way I did things. GUESS WHAT! Didn't matter because now I am right back to the start. I used my old thread as a guideline for the order of things so I have logs ready to go. Any assistance as always greatly appreciated: ​ ​ ​ ​Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01 Ran by Timelord (administrator) on TARDIS on 10-10-2014 03:38:43 Running from C:\Users\Timelord\Desktop\tools Loaded Profile: Timelord (Available profiles: Timelord) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe () C:\Users\Timelord\Desktop\RogueKillerX64.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5589704 2014-07-18] (ESET) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-01-26] (Alcor Micro Corp.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1383894978-2467561526-2943314973-1000\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1383894978-2467561526-2943314973-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC) HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default FF DefaultSearchEngine: Startpage HTTPS FF SelectedSearchEngine: Startpage HTTPS FF Homepage: https://startpage.com/eng/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.0-pre3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @real.com/RhapsodyPlayerEngine -> C:\Users\Timelord\AppData\Roaming\nprhapengine.dll No File FF SearchPlugin: C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\searchplugins\startpage-https.xml FF Extension: Click&Clean - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\clickclean@hotcleaner.com [2014-09-08] FF Extension: HTTPS-Everywhere - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\https-everywhere@eff.org [2014-09-14] FF Extension: BlackFox V2 - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\zigboom@hotmail.com [2014-09-25] FF Extension: DownloadHelper - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-12] FF Extension: Flash and Video Download - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-09-19] FF Extension: Disconnect - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\2.0@disconnect.me.xpi [2014-09-07] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-09-07] FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2014-09-11] FF Extension: Ghostery - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\firefox@ghostery.com.xpi [2014-09-07] FF Extension: FlashDisable - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2014-09-11] FF Extension: Random Agent Spoofer - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2014-09-11] FF Extension: NO Google Analytics - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-09-07] FF Extension: YouTube ALL HTML5 - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2014-09-11] FF Extension: Youtube MP3 Downloader using youtube-mp3.org - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack.xpi [2014-09-11] FF Extension: Redirect Cleaner - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\redirectcleaner@example.net.xpi [2014-09-07] FF Extension: The Addon Bar (restored) - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-09-11] FF Extension: VLC Youtube Shortcut - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\vlc_shortcut@kosan.kosan.xpi [2014-09-11] FF Extension: 1-Click YouTube Video Downloader - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-09-11] FF Extension: Clean Links - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-09-07] FF Extension: FlashGot - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-09-11] FF Extension: Black Youtube Theme - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi [2014-09-07] FF Extension: Bluhell Firewall - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-09-07] FF Extension: Download Status Bar - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-09-11] FF Extension: NoScript - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-07] FF Extension: SoundCloud Downloader - Technowise - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-09-11] FF Extension: Adblock Plus - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-07] FF Extension: BetterPrivacy - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-09-07] FF Extension: Disable Anti-Adblock - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2014-09-07] FF Extension: DownThemAll! - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-11] FF Extension: Google Privacy - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-09-07] FF Extension: WorldIP - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\yofu0qn5.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2014-09-07] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed] R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1347016 2014-07-18] (ESET) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-10] (SurfRight B.V.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-07-18] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-07-18] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-07-18] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-07-18] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-07-18] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-07-18] (ESET) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-10] () S3 VBoxDrv; \??\C:\Program Files\Oracle\VirtualBox\VBoxDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-10 03:38 - 2014-10-10 03:38 - 00000000 ____D () C:\FRST 2014-10-10 03:37 - 2014-10-10 03:38 - 00000000 ____D () C:\Users\Timelord\Desktop\tools 2014-10-10 03:29 - 2014-10-10 03:29 - 00709564 _____ () C:\Users\Timelord\Desktop\delfix_10.8.exe 2014-10-10 02:28 - 2014-10-10 02:28 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-10-10 02:28 - 2014-10-10 02:28 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-10-10 02:16 - 2014-10-10 02:16 - 00000022 _____ () C:\Windows\S.dirmngr 2014-10-10 02:11 - 2014-10-10 02:11 - 00000314 _____ () C:\Windows\PFRO.log 2014-10-10 02:08 - 2014-10-10 02:08 - 00000255 _____ () C:\Users\Timelord\Desktop\revo lution.txt 2014-10-10 02:00 - 2014-10-10 02:21 - 00000000 ____D () C:\AdwCleaner 2014-10-10 01:31 - 2014-10-10 01:32 - 75904920 _____ (Adobe Systems Incorporated) C:\Users\Timelord\Desktop\AdbeRdr11009_en_US.exe 2014-10-10 01:04 - 2014-10-10 01:12 - 00001901 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-10-10 01:04 - 2014-10-10 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-10-10 01:03 - 2014-10-10 01:04 - 00000000 ____D () C:\Program Files\HitmanPro 2014-10-10 01:01 - 2014-10-10 02:10 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-10-09 23:51 - 2014-10-09 23:51 - 11194928 _____ (SurfRight B.V.) C:\Users\Timelord\Desktop\HitmanPro_x64.exe 2014-10-09 23:24 - 2014-10-09 23:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Timelord\Desktop\tdsskiller.exe 2014-10-09 23:23 - 2014-10-09 23:23 - 05582481 _____ (Swearware) C:\Users\Timelord\Desktop\ComboFix.exe 2014-10-09 23:22 - 2014-10-09 23:22 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Timelord\Desktop\rkill.exe 2014-10-09 23:19 - 2014-10-09 23:18 - 02737592 _____ (Malwarebytes ) C:\Users\Timelord\Desktop\mbae-setup-1.04.1.1012.exe 2014-10-09 23:15 - 2014-10-09 23:15 - 01375089 _____ () C:\Users\Timelord\Desktop\adwcleaner_3.311.exe 2014-10-09 23:14 - 2014-10-09 23:13 - 00401920 _____ (Farbar) C:\Users\Timelord\Desktop\MiniToolBox.exe 2014-10-09 22:57 - 2014-10-10 00:58 - 00000000 ____D () C:\Users\Timelord\Desktop\Guitar Pro songbook 2014-10-09 22:37 - 2014-10-09 22:38 - 18482776 _____ () C:\Users\Timelord\Desktop\RogueKillerX64.exe 2014-10-09 21:47 - 2014-10-09 21:47 - 00060824 _____ () C:\Users\Timelord\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-09 21:31 - 2014-10-10 02:11 - 00000280 _____ () C:\Windows\setupact.log 2014-10-09 21:31 - 2014-10-09 21:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-09 21:30 - 2014-10-09 21:42 - 00272008 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-09 17:05 - 2014-10-09 17:05 - 00000030 _____ () C:\Users\Timelord\Desktop\lemonade.txt 2014-10-09 02:49 - 2014-10-09 02:49 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{BBCA3606-899E-4F98-9BD1-2E4DDB5EBA65} 2014-10-09 02:49 - 2014-10-09 02:49 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{2B3C3CB1-7C8A-4E1E-AC2B-B4F322C4CCD1} 2014-10-09 02:32 - 2014-10-10 02:47 - 00000000 ____D () C:\Users\Timelord\Desktop\American Nightmare 2014-10-08 22:29 - 2014-10-08 23:54 - 00000000 ____D () C:\Users\Timelord\Desktop\Home Movies 2014-10-08 18:39 - 2014-10-08 18:39 - 00007625 _____ () C:\Users\Timelord\AppData\Local\Resmon.ResmonCfg 2014-10-07 14:06 - 2014-10-07 14:06 - 00000958 _____ () C:\Users\Timelord\Desktop\gooey.txt 2014-10-07 13:36 - 2014-10-07 13:37 - 00000000 ____D () C:\Users\Timelord\AppData\Roaming\.kde 2014-10-07 13:32 - 2014-10-07 13:32 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{CD6F7E45-4F81-4BE5-9CD5-DDE513902933} 2014-10-07 13:04 - 2014-10-07 13:27 - 00000000 ____D () C:\Users\Timelord\Desktop\tarman 2014-10-07 12:32 - 2014-10-07 12:32 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{0123C65F-D006-4004-AB88-CE8A5643D7F1} 2014-10-07 12:31 - 2014-10-07 12:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-10-05 17:13 - 2014-10-05 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5 2014-10-05 17:12 - 2014-10-05 17:12 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 5 2014-10-05 16:44 - 2014-10-10 02:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-05 16:44 - 2014-10-05 16:44 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-05 16:44 - 2014-10-05 16:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-05 16:44 - 2014-10-05 16:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-05 16:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-05 16:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-05 16:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-03 21:31 - 2014-10-03 21:31 - 00001080 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2014-10-03 21:31 - 2014-10-03 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2014-10-03 21:31 - 2014-10-03 21:31 - 00000000 ____D () C:\Program Files\Oracle 2014-10-03 21:31 - 2014-09-09 17:29 - 00910920 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2014-10-03 21:31 - 2014-09-09 17:27 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2014-10-03 21:19 - 2014-10-03 21:22 - 110671648 _____ (Oracle Corporation) C:\Users\Timelord\Desktop\VirtualBox-4.3.16-95972-Win.exe 2014-10-03 20:19 - 2014-10-03 20:19 - 00000000 ____D () C:\Users\Timelord\VirtualBox VMs 2014-10-03 20:17 - 2014-10-03 21:34 - 00000000 ____D () C:\Users\Timelord\.VirtualBox 2014-10-02 19:50 - 2014-10-02 19:50 - 00001415 _____ () C:\Users\Timelord\Desktop\fenn.txt 2014-10-01 07:08 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 07:08 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-10-01 06:57 - 2014-10-09 02:49 - 00000000 ____D () C:\Users\Timelord\AppData\Local\Windows Live 2014-10-01 06:55 - 2014-10-01 06:57 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{B45BF3A4-3DE7-4E47-B484-971894892E14} 2014-09-30 16:51 - 2014-09-30 16:51 - 00000045 _____ () C:\Users\Timelord\Desktop\bbaddy.txt 2014-09-30 01:31 - 2014-09-30 01:31 - 00000000 ____D () C:\Users\Timelord\AppData\Roaming\SanDisk 2014-09-27 18:41 - 2014-10-05 03:05 - 00000547 _____ () C:\Windows\cdplayer.ini 2014-09-27 18:29 - 2014-09-27 18:29 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Rhapsody.lnk 2014-09-27 18:29 - 2014-09-27 18:29 - 00000951 _____ () C:\Users\Public\Desktop\Rhapsody.lnk 2014-09-27 18:28 - 2014-09-27 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody 2014-09-27 18:28 - 2014-09-27 18:29 - 00000000 ____D () C:\Program Files (x86)\Rhapsody 2014-09-27 16:00 - 2014-09-30 18:22 - 00000000 ____D () C:\Users\Timelord\Desktop\rhapsody-1.0.2.165 2014-09-25 04:40 - 2014-09-25 04:40 - 00002974 _____ () C:\Windows\System32\Tasks\{CA179B95-E120-472F-B237-2A8DEB060768} 2014-09-25 02:40 - 2014-09-25 02:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 00:39 - 2014-09-25 00:39 - 00000000 ____D () C:\Users\Timelord\AppData\Roaming\Real 2014-09-23 17:16 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 17:16 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 17:12 - 2014-09-23 17:12 - 00001196 _____ () C:\Users\Timelord\AppData\Local\recently-used.xbel 2014-09-23 14:48 - 2014-09-23 15:32 - 00000000 ____D () C:\Users\Timelord\AppData\Local\gtk-2.0 2014-09-21 13:32 - 2014-07-23 18:22 - 109574432 _____ (Oracle Corporation) C:\Users\Timelord\Desktop\VirtualBox-4.3.12-93733-Win.exe 2014-09-21 13:28 - 2014-09-21 13:28 - 00000000 ____D () C:\Users\Timelord\Desktop\Peerblock Lists 2014-09-21 13:24 - 2014-09-21 13:25 - 00000000 ____D () C:\Users\Timelord\Desktop\Holohoax 2014-09-18 21:53 - 2014-09-18 21:54 - 00000000 ____D () C:\Users\Timelord\AppData\Roaming\DivX 2014-09-18 21:53 - 2014-09-18 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-09-18 21:53 - 2014-09-18 21:53 - 00000000 ____D () C:\Program Files\DivX 2014-09-18 21:50 - 2014-09-18 21:54 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-09-18 21:36 - 2014-09-18 21:54 - 00000000 ____D () C:\ProgramData\DivX 2014-09-18 21:28 - 2014-09-18 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-09-18 21:28 - 2014-09-18 21:28 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-09-18 15:34 - 2014-09-18 15:34 - 00003158 _____ () C:\Windows\System32\Tasks\{9C315969-0C8A-46E4-BFDF-5478E2F9893D} 2014-09-17 21:25 - 2014-09-17 21:25 - 02097120 _____ (Mister Group ) C:\Users\Timelord\Desktop\SystemExplorerSetup_594.exe 2014-09-17 15:37 - 2014-09-17 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-09-17 15:36 - 2014-09-17 16:24 - 00000000 ____D () C:\Users\Timelord\Desktop\mbar 2014-09-17 15:26 - 2014-09-19 20:39 - 00000000 ____D () C:\Windows\Minidump 2014-09-14 21:48 - 2014-09-27 16:27 - 00000000 ____D () C:\Program Files (x86)\Real 2014-09-13 17:56 - 2014-09-13 17:56 - 00000425 _____ () C:\Users\Timelord\Desktop\videoaudio.txt 2014-09-13 16:33 - 2014-09-13 16:33 - 00204496 _____ (Malwarebytes) C:\Users\Timelord\Desktop\startuplite-setup-1.07.exe 2014-09-13 04:22 - 2014-10-09 15:59 - 00000000 ____D () C:\Users\Timelord\Desktop\Devil's Note 2014-09-13 00:59 - 2014-09-13 00:59 - 00000000 ____H () C:\Users\Timelord\Documents\Default.rdp 2014-09-12 20:36 - 2014-09-12 20:36 - 00000059 _____ () C:\Users\Timelord\Desktop\blah.txt 2014-09-12 15:31 - 2014-10-03 06:11 - 00000000 ____D () C:\Users\Timelord\AppData\Roaming\dvdcss 2014-09-11 23:46 - 2014-09-11 23:46 - 00014932 _____ () C:\Users\Timelord\Desktop\startup3.txt 2014-09-11 23:45 - 2014-09-11 23:45 - 00014932 _____ () C:\Users\Timelord\Desktop\startup2.txt 2014-09-11 23:45 - 2014-09-11 23:45 - 00014932 _____ () C:\Users\Timelord\Desktop\startup.txt 2014-09-11 20:05 - 2014-10-09 19:50 - 00000000 ____D () C:\Program Files\PeerBlock 2014-09-11 20:05 - 2014-10-01 07:51 - 00001998 _____ () C:\Users\Timelord\Desktop\PeerBlock.lnk 2014-09-11 20:01 - 2014-10-09 19:14 - 00000000 ____D () C:\Users\Timelord\AppData\Roaming\vlc 2014-09-11 20:00 - 2014-09-12 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-09-11 19:59 - 2014-09-11 19:59 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-09-11 19:25 - 2014-09-12 00:53 - 00000000 ____D () C:\Windows\pss 2014-09-11 19:12 - 2014-09-27 16:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-11 19:12 - 2014-09-19 15:18 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-09-11 03:11 - 2014-09-11 03:11 - 00000000 ____D () C:\ProgramData\InstallShield 2014-09-10 23:37 - 2014-09-10 23:37 - 00000000 ____D () C:\Users\Timelord\Documents\Fax 2014-09-10 23:00 - 2014-09-10 23:00 - 00000000 __SHD () C:\Users\Timelord\AppData\Local\EmieUserList 2014-09-10 23:00 - 2014-09-10 23:00 - 00000000 __SHD () C:\Users\Timelord\AppData\Local\EmieSiteList 2014-09-10 20:36 - 2014-09-10 20:36 - 00000000 ____D () C:\Users\Timelord\AppData\Local\Macromedia 2014-09-10 20:35 - 2014-09-13 03:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-10 20:35 - 2014-09-12 00:53 - 00000000 ____D () C:\Windows\system32\Macromed ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-10 03:36 - 2014-09-08 18:18 - 00000000 ____D () C:\Users\Timelord\Desktop\Tools and Utilities 2014-10-10 02:38 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-10 02:38 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-10 02:25 - 2014-09-07 05:40 - 01819246 _____ () C:\Windows\WindowsUpdate.log 2014-10-10 02:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-10 01:43 - 2014-09-07 21:54 - 00003732 _____ () C:\Windows\Sandboxie.ini 2014-10-09 20:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-07 15:10 - 2014-09-08 00:12 - 00000000 ____D () C:\Users\Timelord\AppData\Roaming\gnupg 2014-10-03 20:19 - 2014-09-07 13:23 - 00000000 ____D () C:\Users\Timelord 2014-10-03 01:30 - 2014-09-09 01:17 - 00001081 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-10-03 01:30 - 2014-09-09 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-10-02 16:27 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-02 15:57 - 2014-09-08 01:36 - 00000000 ____D () C:\Users\Timelord\Desktop\Tor Browser 2014-10-01 07:00 - 2014-09-07 05:52 - 00001024 ___RH () C:\Users\Public\Documents\NTILiveUpdateV9.dll 2014-10-01 06:59 - 2014-09-07 05:52 - 00000000 ____D () C:\ProgramData\NTI Launcher 2014-10-01 06:59 - 2014-09-07 05:50 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll 2014-10-01 06:55 - 2014-09-07 05:50 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9REGET.dll 2014-09-30 01:28 - 2011-07-14 10:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-27 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-09-27 16:28 - 2014-09-07 16:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-17 18:34 - 2010-11-20 21:50 - 00000000 ____D () C:\Users\Administrator 2014-09-15 09:06 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-13 03:23 - 2014-09-07 13:23 - 00000000 ____D () C:\Users\Timelord\AppData\Local\Adobe 2014-09-13 03:23 - 2011-07-14 11:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-12 00:54 - 2011-07-14 10:56 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun 2014-09-12 00:53 - 2014-09-07 05:55 - 00000000 ____D () C:\ProgramData\Temp 2014-09-12 00:53 - 2011-07-14 11:41 - 00000000 ____D () C:\ProgramData\BackupManager 2014-09-12 00:53 - 2011-07-14 11:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-09-12 00:53 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-12 00:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration 2014-09-12 00:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat 2014-09-11 22:09 - 2011-07-14 11:29 - 00000000 ____D () C:\Program Files\Acer 2014-09-11 22:09 - 2011-07-14 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2014-09-11 22:04 - 2014-09-07 13:24 - 00000000 ____D () C:\Users\Timelord\AppData\Local\Acer 2014-09-11 22:00 - 2011-07-14 11:28 - 00000000 ____D () C:\Program Files (x86)\Acer 2014-09-11 19:45 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther 2014-09-11 19:32 - 2011-07-14 11:39 - 00002734 _____ () C:\Windows\System32\Tasks\Adobe ARM 2014-09-11 19:31 - 2011-07-14 11:39 - 00002732 _____ () C:\Windows\System32\Tasks\Adobe Reader Speed Launcher 2014-09-10 21:45 - 2011-07-14 10:58 - 00000000 ____D () C:\ProgramData\WildTangent 2014-09-10 20:18 - 2014-09-07 13:23 - 00000000 ____D () C:\Users\Timelord\AppData\Local\VirtualStore Some content of TEMP: ==================== C:\Users\Timelord\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-27 17:24 ==================== End Of Log ============================ ​ ​ ​ ​ ​ ​Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01 Ran by Timelord at 2014-10-10 03:40:15 Running from C:\Users\Timelord\Desktop\tools Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - ) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.0.19480 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) ESET Smart Security (HKLM\...\{83A7ADD8-3F54-470E-9ABA-39F986990D94}) (Version: 8.0.103.0 - ESET, spol s r. o.) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Gpg4win (2.2.2) (HKLM-x32\...\GPG4Win) (Version: 2.2.2 - The Gpg4win Project) Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden Oracle VM VirtualBox 4.3.16 (HKLM\...\{D7FAEA32-7CE3-4D9F-9139-F7B87BCC50AF}) (Version: 4.3.16 - Oracle Corporation) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6374 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.) Rhapsody (HKLM-x32\...\Rhapsody) (Version: - ) Rhapsody Player Engine (HKLM-x32\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) Skype™ 5.3 (HKLM-x32\...\{5335DADB-34BA-4AE8-A519-648D78498846}) (Version: 5.3.116 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0-pre3 - VideoLAN) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 04-10-2014 01:15:00 Installed Oracle VM VirtualBox 4.3.12 04-10-2014 02:24:53 Revo Uninstaller Pro's restore point - Oracle VM VirtualBox 4.3.12 04-10-2014 02:31:02 Installed Oracle VM VirtualBox 4.3.16 05-10-2014 20:40:23 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.0.2.1012 05-10-2014 21:29:25 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.0.2.1012 07-10-2014 19:37:19 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {4AEE1687-9AE2-4F0F-8C8E-D35459F93943} - \Acer Registration - Reminder Recall task No Task File <==== ATTENTION Task: {7E34B673-3AD2-41E0-9320-C2F13DB8085D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: {BE59CE40-0017-43DB-AA9B-4DCF2E94D295} - System32\Tasks\{CA179B95-E120-472F-B237-2A8DEB060768} => C:\Program Files (x86)\Best Buy Rhapsody\rhapsody.exe Task: {C7AC5BD3-61C8-460E-9CC9-54B1D021D24E} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15] (Adobe Systems Incorporated) Task: {FF24BFFC-3F13-4F08-A706-5C4A27331BF4} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15] (Adobe Systems Incorporated) ==================== Loaded Modules (whitelisted) ============= 2011-07-14 11:20 - 2011-03-25 04:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-09-03 06:07 - 2014-09-03 06:07 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe 2014-10-09 22:37 - 2014-10-09 22:38 - 18482776 _____ () C:\Users\Timelord\Desktop\RogueKillerX64.exe 2011-04-23 20:29 - 2011-04-23 20:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2014-09-03 05:53 - 2014-09-03 05:53 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll 2014-09-03 05:48 - 2014-09-03 05:48 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll 2014-09-03 05:41 - 2014-09-03 05:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll 2014-09-03 05:53 - 2014-09-03 05:53 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll 2014-09-03 05:56 - 2014-09-03 05:56 - 00742400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll 2011-04-23 20:29 - 2011-04-23 20:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2011-04-23 20:29 - 2011-04-23 20:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2014-09-09 18:52 - 2014-09-09 18:52 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e39f250f44c042610b447ddce43d1aa2\IsdiInterop.ni.dll 2011-07-14 10:50 - 2010-09-13 20:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2014-09-25 02:40 - 2014-09-25 02:41 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-09-10 20:35 - 2014-09-13 03:23 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ WinCinema Manager.lnk => C:\Windows\pss\ WinCinema Manager.lnk.CommonStartup MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe ========================= Accounts: ========================== Administrator (S-1-5-21-1383894978-2467561526-2943314973-500 - Administrator - Disabled) Guest (S-1-5-21-1383894978-2467561526-2943314973-501 - Limited - Disabled) Timelord (S-1-5-21-1383894978-2467561526-2943314973-1000 - Administrator - Enabled) => C:\Users\Timelord ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Semiconductor Corp. Service: RTL8192Ce Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/10/2014 02:17:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2014 10:22:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2014 09:47:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2014 09:47:23 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/09/2014 09:47:23 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/09/2014 09:47:23 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/09/2014 09:47:23 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (10/09/2014 09:47:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/09/2014 09:47:22 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (10/09/2014 09:47:22 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (10/10/2014 02:22:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (10/10/2014 02:14:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The WLAN AutoConfig service hung on starting. Error: (10/09/2014 10:31:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Intel® Management and Security Application User Notification Service service hung on starting. Error: (10/09/2014 10:28:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Defender service hung on starting. Error: (10/09/2014 10:25:03 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (10/09/2014 10:19:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The WLAN AutoConfig service hung on starting. Error: (10/09/2014 09:51:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (10/09/2014 09:47:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/09/2014 09:47:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (10/09/2014 09:45:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ESET Service service failed to start due to the following error: %%1053 Microsoft Office Sessions: ========================= Error: (10/10/2014 02:17:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2014 10:22:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2014 09:47:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2014 09:47:23 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/09/2014 09:47:23 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/09/2014 09:47:23 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/09/2014 09:47:23 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (10/09/2014 09:47:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (10/09/2014 09:47:22 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (10/09/2014 09:47:22 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt ==================== Memory info =========================== Processor: Intel® Celeron® CPU B800 @ 1.50GHz Percentage of memory in use: 68% Total physical RAM: 1899.86 MB Available physical RAM: 595.24 MB Total Pagefile: 3799.72 MB Available Pagefile: 1940.33 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:217.79 GB) (Free:136.71 GB) NTFS Drive d: (Guitar Pro 5) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 619800CF) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=217.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ ​
  3. I know thats what I have been saying lol. It just kept getting worse and worse without me doing anything but watching. Now I can't iniate a new install. Acess denied
  4. As my current assistance is approaching 5 pages with not much having been learned as to what exactly is causing all these problems(my hat is tipped to Mr. C for the neverending help he has given me). Seems to be quite a good bit of MBAM users having similar issues as myself. It has become a full time job trying to prevent and/or removal of thieving *** malicious software or whatever it is called today(seems some new catergory pops up every other day. Whats next underware?) It used to be fun browsing the web,playing EQ or just gaining knowledge. I know the staff has a daunting task trying to keep up with the faster than a rolling O,able to leap a capital T in a single bound malware. I just want to say THANK YOU for all the effort past, present and future. It is not going to go unappreciated by me and I am sure MANY others. UPDATE: Final Ruling is it is best I re-install OS. My computer got worse and worse with me basically just watching. Stupid thieves that think all there is in life is money so we all have to deal with their greed and reckless abandon. Good Luck to all with issues going on at the moment. I'm sure won't be long until I pick something else up.
  5. What the hell is this? I hadn't noticed it until just now going through event logs. The pic is from administrative events log full of errors and warnings. Log Name: Application Source: Microsoft-Windows-User Profiles Service Date: 9/4/2014 1:27:01 PM Event ID: 1530 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: tardis Description: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2560925396-3286970015-408714028-1000: Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000 Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000 Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000 Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000 Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\Root Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\Disallowed Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\My Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\CA Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\trust Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\TrustedPeople Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\SystemCertificates Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\SystemCertificates Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\SystemCertificates Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\SystemCertificates Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" /> <EventID>1530</EventID> <Version>0</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2014-09-04T18:27:01.401318300Z" /> <EventRecordID>104218</EventRecordID> <Correlation /> <Execution ProcessID="336" ThreadID="4708" /> <Channel>Application</Channel> <Computer>tardis</Computer> <Security UserID="S-1-5-18" /> </System> <EventData Name="EVENT_HIVE_LEAK"> <Data Name="Detail">15 user registry handles leaked from \Registry\User\S-1-5-21-2560925396-3286970015-408714028-1000: Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000 Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000 Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000 Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000 Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\Root Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\Disallowed Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\My Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\CA Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\trust Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\SystemCertificates\TrustedPeople Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\SystemCertificates Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\SystemCertificates Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\SystemCertificates Process 2344 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\SystemCertificates </Data> </EventData> </Event>
  6. same log as before and two errors: Log Name: Application Source: Chkdsk Date: 9/6/2014 3:44:33 PM Event ID: 26212 Task Category: None Level: Information Keywords: Classic User: N/A Computer: tardis Description: Chkdsk was executed in read-only mode on a volume snapshot. Checking file system on C: The type of the file system is NTFS. Volume label is Acer. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 171520 file records processed. File verification completed. 2509 large file records processed. 0 bad file records processed. 0 EA records processed. 59 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 219256 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 171520 file SDs/SIDs processed. Cleaning up 1661 unused index entries from index $SII of file 0x9. Cleaning up 1661 unused index entries from index $SDH of file 0x9. Cleaning up 1661 unused security descriptors. Security descriptor verification completed. 23869 data files processed. CHKDSK is verifying Usn Journal... 34228232 USN bytes processed. Usn Journal verification completed. The Volume Bitmap is incorrect. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. 228365311 KB total disk space. 192597052 KB in 142639 files. 89840 KB in 23870 indexes. 0 KB in bad sectors. 281071 KB in use by the system. 65536 KB occupied by the log file. 35397348 KB available on disk. 4096 bytes in each allocation unit. 57091327 total allocation units on disk. 8849337 allocation units available on disk. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Chkdsk" /> <EventID Qualifiers="0">26212</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-09-06T20:44:33.000000000Z" /> <EventRecordID>104358</EventRecordID> <Channel>Application</Channel> <Computer>tardis</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. Volume label is Acer. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 171520 file records processed. File verification completed. 2509 large file records processed. 0 bad file records processed. 0 EA records processed. 59 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 219256 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 171520 file SDs/SIDs processed. Cleaning up 1661 unused index entries from index $SII of file 0x9. Cleaning up 1661 unused index entries from index $SDH of file 0x9. Cleaning up 1661 unused security descriptors. Security descriptor verification completed. 23869 data files processed. CHKDSK is verifying Usn Journal... 34228232 USN bytes processed. Usn Journal verification completed. The Volume Bitmap is incorrect. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. 228365311 KB total disk space. 192597052 KB in 142639 files. 89840 KB in 23870 indexes. 0 KB in bad sectors. 281071 KB in use by the system. 65536 KB occupied by the log file. 35397348 KB available on disk. 4096 bytes in each allocation unit. 57091327 total allocation units on disk. 8849337 allocation units available on disk. </Data> <Binary>009E0200768A02002BDA040000000000A70900003B0000000000000000000000</Binary> </EventData> </Event> ERROR 1: Log Name: Application Source: VSS Date: 9/6/2014 3:43:21 PM Event ID: 8193 Task Category: None Level: Error Keywords: Classic User: N/A Computer: tardis Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000110,(null),0,REG_BINARY,000000000346EA10.72). hr = 0x80070005, Access is denied. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="VSS" /> <EventID Qualifiers="0">8193</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-09-06T20:43:21.000000000Z" /> <EventRecordID>104357</EventRecordID> <Channel>Application</Channel> <Computer>tardis</Computer> <Security /> </System> <EventData> <Data>RegSetValueExW(0x00000110,(null),0,REG_BINARY,000000000346EA10.72)</Data> <Data>0x80070005, Access is denied. </Data> <Data> Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet</Data> <Binary>2D20436F64653A20524547524547534330303030303338332D2043616C6C3A20524547524547534330303030303336342D205049443A202030303030343339322D205449443A202030303030343637362D20434D443A202022433A5C57696E646F77735C53797374656D33325C63686B64736B2E6578652220202020202020202D20557365723A204E616D653A207461726469735C54696D656C6F72642C205349443A532D312D352D32312D323536303932353339362D333238363937303031352D3430383731343032382D31303030</Binary> </EventData> </Event> ERROR Log 2: Log Name: Application Source: VSS Date: 9/6/2014 3:43:15 PM Event ID: 8193 Task Category: None Level: Error Keywords: Classic User: N/A Computer: tardis Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000110,(null),0,REG_BINARY,000000000019E540.72). hr = 0x80070005, Access is denied. . Operation: Take a Shadow Copy Context: Execution Context: Requestor Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="VSS" /> <EventID Qualifiers="0">8193</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-09-06T20:43:15.000000000Z" /> <EventRecordID>104356</EventRecordID> <Channel>Application</Channel> <Computer>tardis</Computer> <Security /> </System> <EventData> <Data>RegSetValueExW(0x00000110,(null),0,REG_BINARY,000000000019E540.72)</Data> <Data>0x80070005, Access is denied. </Data> <Data> Operation: Take a Shadow Copy Context: Execution Context: Requestor</Data> <Binary>2D20436F64653A20524547524547534330303030303338332D2043616C6C3A20524547524547534330303030303336342D205049443A202030303030343339322D205449443A202030303030343531322D20434D443A202022433A5C57696E646F77735C53797374656D33325C63686B64736B2E6578652220202020202020202D20557365723A204E616D653A207461726469735C54696D656C6F72642C205349443A532D312D352D32312D323536303932353339362D333238363937303031352D3430383731343032382D31303030</Binary> </EventData> </Event>
  7. Tried a few times but I am not being allowed to run chkdsk with /f. When I try computer does zilch,
  8. Keeps giving me this log Log Name: Application Source: Chkdsk Date: 9/6/2014 1:32:43 PM Event ID: 26212 Task Category: None Level: Information Keywords: Classic User: N/A Computer: tardis Description: Chkdsk was executed in read-only mode on a volume snapshot. Checking file system on C: The type of the file system is NTFS. Volume label is Acer. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 171520 file records processed. File verification completed. 2509 large file records processed. 0 bad file records processed. 0 EA records processed. 59 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 219250 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 171520 file SDs/SIDs processed. Cleaning up 1661 unused index entries from index $SII of file 0x9. Cleaning up 1661 unused index entries from index $SDH of file 0x9. Cleaning up 1661 unused security descriptors. Security descriptor verification completed. 23866 data files processed. CHKDSK is verifying Usn Journal... 37636376 USN bytes processed. Usn Journal verification completed. The Volume Bitmap is incorrect. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. 228365311 KB total disk space. 192587428 KB in 142383 files. 89580 KB in 23867 indexes. 0 KB in bad sectors. 284207 KB in use by the system. 65536 KB occupied by the log file. 35404096 KB available on disk. 4096 bytes in each allocation unit. 57091327 total allocation units on disk. 8851024 allocation units available on disk. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Chkdsk" /> <EventID Qualifiers="0">26212</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-09-06T18:32:43.000000000Z" /> <EventRecordID>104324</EventRecordID> <Channel>Application</Channel> <Computer>tardis</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. Volume label is Acer. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 171520 file records processed. File verification completed. 2509 large file records processed. 0 bad file records processed. 0 EA records processed. 59 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 219250 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 171520 file SDs/SIDs processed. Cleaning up 1661 unused index entries from index $SII of file 0x9. Cleaning up 1661 unused index entries from index $SDH of file 0x9. Cleaning up 1661 unused security descriptors. Security descriptor verification completed. 23866 data files processed. CHKDSK is verifying Usn Journal... 37636376 USN bytes processed. Usn Journal verification completed. The Volume Bitmap is incorrect. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. 228365311 KB total disk space. 192587428 KB in 142383 files. 89580 KB in 23867 indexes. 0 KB in bad sectors. 284207 KB in use by the system. 65536 KB occupied by the log file. 35404096 KB available on disk. 4096 bytes in each allocation unit. 57091327 total allocation units on disk. 8851024 allocation units available on disk. </Data> <Binary>009E02007389020029D8040000000000A70900003B0000000000000000000000</Binary> </EventData> </Event>
  9. Check Disc warning of some sort: Log Name: Application Source: Chkdsk Date: 9/6/2014 12:38:09 PM Event ID: 26212 Task Category: None Level: Information Keywords: Classic User: N/A Computer: tardis Description: Chkdsk was executed in read-only mode on a volume snapshot. Checking file system on C: The type of the file system is NTFS. Volume label is Acer. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 171520 file records processed. File verification completed. 2509 large file records processed. 0 bad file records processed. 0 EA records processed. 59 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 219248 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 171520 file SDs/SIDs processed. Cleaning up 1662 unused index entries from index $SII of file 0x9. Cleaning up 1662 unused index entries from index $SDH of file 0x9. Cleaning up 1662 unused security descriptors. Security descriptor verification completed. 23865 data files processed. CHKDSK is verifying Usn Journal... 37282552 USN bytes processed. Usn Journal verification completed. The Volume Bitmap is incorrect. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. 228365311 KB total disk space. 192617624 KB in 142246 files. 89580 KB in 23866 indexes. 0 KB in bad sectors. 283951 KB in use by the system. 65536 KB occupied by the log file. 35374156 KB available on disk. 4096 bytes in each allocation unit. 57091327 total allocation units on disk. 8843539 allocation units available on disk. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Chkdsk" /> <EventID Qualifiers="0">26212</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-09-06T17:38:09.000000000Z" /> <EventRecordID>104320</EventRecordID> <Channel>Application</Channel> <Computer>tardis</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. Volume label is Acer. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 171520 file records processed. File verification completed. 2509 large file records processed. 0 bad file records processed. 0 EA records processed. 59 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 219248 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 171520 file SDs/SIDs processed. Cleaning up 1662 unused index entries from index $SII of file 0x9. Cleaning up 1662 unused index entries from index $SDH of file 0x9. Cleaning up 1662 unused security descriptors. Security descriptor verification completed. 23865 data files processed. CHKDSK is verifying Usn Journal... 37282552 USN bytes processed. Usn Journal verification completed. The Volume Bitmap is incorrect. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. 228365311 KB total disk space. 192617624 KB in 142246 files. 89580 KB in 23866 indexes. 0 KB in bad sectors. 283951 KB in use by the system. 65536 KB occupied by the log file. 35374156 KB available on disk. 4096 bytes in each allocation unit. 57091327 total allocation units on disk. 8843539 allocation units available on disk. </Data> <Binary>009E0200E98802001BD7040000000000A70900003B0000000000000000000000</Binary> </EventData> </Event>
  10. MBAM is no longer on my computer and can't reinstall it. BSOD when attempting to open programs/tools dealing with security. It is slowly taking control of anything I do. Windows update failing every attempt. Here is a couple screen shots:
  11. Seems somebody else downloaded the fixlist as well. Here is fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02 Ran by Timelord at 2014-09-02 21:09:25 Run:4 Running from C:\Users\Timelord\Desktop\New folder Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} FF DefaultSearchEngine: DuckDuckGo FF SelectedSearchEngine: DuckDuckGo FF Homepage: hxxp://duckduckgo.com/ FF SearchPlugin: C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\duckduckgo.xml FF Extension: DuckDuckGo Plus - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-08-26] ***************** HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} => Value not found. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. Firefox homepage deleted successfully. C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\duckduckgo.xml => Moved successfully. C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi => Moved successfully. ==== End of Fixlog ====
  12. I manged to run frst. If I try and run RK its blue screen every time. Other tools just won't function. I Highlighted in red a few things that I thought looked suspect. If I am wrong no problem I am just trying to learn. Anyway here is the 2 from FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02 Ran by Timelord (administrator) on TARDIS on 02-09-2014 00:14:11 Running from C:\Users\Timelord\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Mozilla Corporation) C:\Sandbox\Timelord\DefaultBox\drive\C\Program Files (x86)\Mozilla Firefox\firefox.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default FF NewTab: user_pref("browser.newtab.url", ""); FF DefaultSearchEngine: DuckDuckGo FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SelectedSearchEngine: DuckDuckGo FF Homepage: hxxp://duckduckgo.com/ FF NetworkProxy: "user_pref("extensions.preferencesmonitor.revonstrg", "{\"extensions.autoDisableScopes\":15,\"general.useragent.compatMode.firefox\":false,\"browser.startup.homepage\":\"http://duckduckgo.com/\",\"browser.newtab.preload\":true,\"general.useragent.site_specific_overrides\":true,\"network.proxy.autoconfig_url\":\"\",\"browser.startup.page\":1,\"browser.newtab.url\":\"\",\"keyword.enabled\":true,\"general.useragent.locale\":\"en-US\",\"browser.startup.homepage_override.buildID\":\"20140825202822\"}"); FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll No File FF Plugin-x32: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @real.com/RhapsodyPlayerEngine -> C:\Users\Timelord\AppData\Roaming\nprhapengine.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\plug2.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\plug3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\plug4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\plug5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\plug6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\plug7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\plug8.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\plug9.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Timelord\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\duckduckgo.xml FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2013-01-21] FF Extension: Click&Clean - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\clickclean@hotcleaner.com [2014-04-25] FF Extension: HTTPS-Everywhere - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\https-everywhere@eff.org [2014-06-25] FF Extension: MaskMe - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\idme@abine.com [2014-03-04] FF Extension: Windows Media Player Extension for Firefox - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2013-10-25] FF Extension: BlackFox V2 - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\zigboom@hotmail.com [2014-08-06] FF Extension: WOT - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26] FF Extension: DownloadHelper - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24] FF Extension: Flash and Video Download - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-07-16] FF Extension: Disconnect - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\2.0@disconnect.me.xpi [2014-03-12] FF Extension: about:addons-memory - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\about-addons-memory@tn123.org.xpi [2014-06-27] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-10-24] FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-06-28] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-12-17] FF Extension: Firebug - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-15] FF Extension: Ghostery - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\firefox@ghostery.com.xpi [2013-08-02] FF Extension: FlashDisable - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2012-12-23] FF Extension: Lightbeam - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-10-26] FF Extension: NO Google Analytics - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-01-18] FF Extension: YouTube ALL HTML5 - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2014-06-15] FF Extension: DuckDuckGo Plus - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-08-26] FF Extension: JSONView - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\jsonview@brh.numbera.com.xpi [2014-06-17] FF Extension: MD5 Reborned Hasher - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\md5rehasher@phoneixs.es.xpi [2012-11-07] FF Extension: Clickjacking Reveal - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\no-clickjacking@daohoangson.com.xpi [2013-11-25] FF Extension: Redirect Cleaner - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\redirectcleaner@example.net.xpi [2013-12-05] FF Extension: RequestPolicy - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\requestpolicy@requestpolicy.com.xpi [2013-12-05] FF Extension: Smart Referer - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2013-12-05] FF Extension: Text to Voice - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\text2voice@vik.josh.xpi [2014-03-24] FF Extension: The Addon Bar (restored) - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-05-29] FF Extension: TRUSTe Tracker Protection - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\trusttheweb@truste.com.xpi [2014-04-24] FF Extension: 1-Click YouTube Video Downloader - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-03-12] FF Extension: Flagfox - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08] FF Extension: Clean Links - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-01-18] FF Extension: FlashGot - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-11-02] FF Extension: Black Youtube Theme - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi [2014-03-12] FF Extension: RefControl - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2013-12-05] FF Extension: Preferences Monitor - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{517f9e52-c795-4764-bf77-5e2db596cee6}.xpi [2014-07-06] FF Extension: Bluhell Firewall - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-04-24] FF Extension: Download Status Bar - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-06-27] FF Extension: NoScript - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-30] FF Extension: Adblock Plus - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-24] FF Extension: BetterPrivacy - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-10-24] FF Extension: Disable Anti-Adblock - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2014-04-24] FF Extension: DownThemAll! - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-01-21] FF Extension: Greasemonkey - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-11-02] FF Extension: Google Privacy - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2013-12-03] FF Extension: WorldIP - C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2013-11-02] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-08-10] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [nggoipkhmjbchdnlgiljnhangiingnmc] - C:\Program Files (x86)\TGF Interactive\Translate Genius\TranslateGenius.crx [2012-08-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821096 2014-08-13] (Mister Group) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S2 DirMngr; "C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe" --service [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S2 MCSTRM; No ImagePath S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] () R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36456 2014-09-01] () S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-03-26] (Oracle Corporation) S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-02 00:14 - 2014-09-02 00:14 - 00021264 _____ () C:\Users\Timelord\Desktop\FRST.txt 2014-09-02 00:12 - 2014-09-02 00:12 - 00000000 ____D () C:\Users\Timelord\Desktop\FRST-OlderVersion 2014-09-02 00:04 - 2014-09-02 00:04 - 00000302 _____ () C:\Windows\PFRO.log 2014-09-01 23:53 - 2014-09-01 23:53 - 05427288 _____ () C:\Users\Timelord\Desktop\RogueKillerX64.exe 2014-09-01 23:47 - 2014-09-01 23:47 - 258964963 _____ () C:\Windows\MEMORY.DMP 2014-09-01 23:47 - 2014-09-01 23:47 - 00262144 _____ () C:\Windows\Minidump\090114-30810-01.dmp 2014-08-30 22:17 - 2014-08-30 22:15 - 02657800 _____ (Sandboxie Holdings, LLC) C:\Users\Timelord\Desktop\SandboxieInstall-413-3.exe 2014-08-30 21:27 - 2014-08-30 21:27 - 00279360 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 20:35 - 2014-09-01 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-30 20:06 - 2014-09-02 00:05 - 00000336 _____ () C:\Windows\setupact.log 2014-08-30 20:06 - 2014-08-30 20:06 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-30 19:48 - 2014-08-30 19:48 - 00058416 _____ () C:\Users\Timelord\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-30 18:34 - 2014-08-30 18:34 - 00000332 _____ () C:\Start_.cmd 2014-08-30 18:34 - 2014-08-30 18:34 - 00000000 ____D () C:\ComboFix 2014-08-29 21:26 - 2014-08-29 21:26 - 00361655 _____ () C:\Users\Timelord\Desktop\bookmarks-2014-08-29.json 2014-08-29 17:45 - 2014-08-30 18:34 - 00000000 ___SD () C:\32788R22FWJFW 2014-08-28 22:59 - 2014-08-28 22:59 - 00361720 _____ () C:\Users\Timelord\Desktop\bookmarks-2014-08-28 starting the censored over 2014-08-28 21:15 - 2014-08-28 21:58 - 00000000 ____D () C:\Users\Timelord\Desktop\mbar 2014-08-28 17:07 - 2014-08-28 17:09 - 88281088 _____ () C:\Users\Timelord\Desktop\ess_nt64_ENU.msi 2014-08-28 16:26 - 2014-08-28 16:26 - 00003637 _____ () C:\Users\Timelord\Desktop\RKreport_SCN_08282014_162025..txt 2014-08-28 15:12 - 2014-08-28 15:12 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{9A8AC25A-55C1-45BE-8719-05EE1505133C} 2014-08-27 21:20 - 2014-08-27 21:20 - 00000900 _____ () C:\Users\Timelord\Desktop\aswMBR.txt 2014-08-27 17:13 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-27 17:12 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-27 17:12 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-27 02:13 - 2014-08-27 02:13 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{F2D899D9-A751-4FB4-8BF5-3597AEA7D9C6} 2014-08-24 19:28 - 2014-08-24 19:28 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{E84998DC-8607-4759-90AB-99292C354F9F} 2014-08-24 01:55 - 2014-08-24 01:56 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{ECB89438-1835-4107-B143-2492C9524E2E} 2014-08-23 13:55 - 2014-08-23 13:55 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{740D9937-7610-4E4D-A5F2-A9ED6086FB11} 2014-08-22 16:33 - 2014-08-22 16:33 - 00067839 _____ () C:\Users\Timelord\Documents\Untit (7).wma 2014-08-22 16:25 - 2014-08-22 16:25 - 00058859 _____ () C:\Users\Timelord\Documents\Untitled (6).wma 2014-08-22 16:24 - 2014-08-22 16:24 - 00431529 _____ () C:\Users\Timelord\Documents\Untitled (5).wma 2014-08-22 16:04 - 2014-08-22 16:04 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{CA042E48-9F9E-474A-A27A-57CDCA5E8108} 2014-08-22 02:42 - 2014-08-22 02:42 - 00135189 _____ () C:\Users\Timelord\Documents\Untitled (4).wma 2014-08-22 02:01 - 2014-08-22 02:01 - 00422549 _____ () C:\Users\Timelord\Documents\65.wma 2014-08-22 01:38 - 2014-08-22 01:38 - 00108249 _____ () C:\Users\Timelord\Documents\Untitled (3).wma 2014-08-22 01:06 - 2014-08-22 01:07 - 00350709 _____ () C:\Users\Timelord\Documents\1.wma 2014-08-22 00:56 - 2014-08-22 00:56 - 00130699 _____ () C:\Users\Timelord\Documents\Untitled (2).wma 2014-08-22 00:53 - 2014-08-22 00:53 - 00126209 _____ () C:\Users\Timelord\Documents\Untitled.wma 2014-08-22 00:47 - 2014-08-22 00:47 - 01360959 _____ () C:\Users\Timelord\Documents\an4.wma 2014-08-22 00:40 - 2014-08-22 00:40 - 01096049 _____ () C:\Users\Timelord\Documents\an3.wma 2014-08-21 21:19 - 2014-08-21 21:19 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{7EBAEB28-D766-4E5D-AC39-80A3251B70D5} 2014-08-21 17:27 - 2014-08-21 17:27 - 00000261 _____ () C:\DelFix.txt 2014-08-21 15:35 - 2014-09-02 00:12 - 02104832 _____ (Farbar) C:\Users\Timelord\Desktop\FRST64.exe 2014-08-20 19:24 - 2014-08-20 19:24 - 00014434 _____ () C:\ComboFix.txt 2014-08-20 17:00 - 2014-08-20 17:52 - 00000000 ____D () C:\Users\Timelord\Downloads\fresh as a day in may 2014-08-20 13:44 - 2014-08-21 15:20 - 00000000 ____D () C:\Users\Timelord\Desktop\logger 2014-08-19 22:03 - 2014-08-19 22:03 - 02096400 _____ (Mister Group ) C:\Users\Timelord\Desktop\SystemExplorerSetup_592.exe 2014-08-19 16:53 - 2014-08-20 09:17 - 00000000 ____D () C:\Users\Timelord\AppData\Local\gtk-2.0 2014-08-17 20:50 - 2014-08-17 20:50 - 00000097 _____ () C:\Users\Timelord\Desktop\phone#.txt 2014-08-17 20:30 - 2014-08-17 20:29 - 00023720 _____ () C:\Users\Timelord\Downloads\#2062084152_2024558888_14083237677808318.WAV 2014-08-17 03:02 - 2014-08-17 03:02 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-17 03:01 - 2014-08-17 03:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-16 15:19 - 2014-09-02 00:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 15:18 - 2014-08-20 09:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-16 15:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-16 15:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-16 15:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-14 18:18 - 2014-08-14 18:18 - 00000041 _____ () C:\Users\Timelord\Desktop\synfigmanual.txt 2014-08-14 16:04 - 2014-08-19 20:08 - 00000000 ____D () C:\Users\Timelord\Synfig 2014-08-14 16:03 - 2014-08-20 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synfig 2014-08-14 15:57 - 2014-08-14 16:03 - 00000000 ____D () C:\Program Files (x86)\Synfig 2014-08-14 03:06 - 2014-08-20 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-14 03:06 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-14 03:06 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-14 03:06 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-14 03:06 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-12 23:10 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-12 23:10 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-12 23:10 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-12 23:10 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-12 23:10 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-12 23:10 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-12 23:09 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-12 23:09 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-12 23:07 - 2014-07-24 14:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-12 23:07 - 2014-07-24 14:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-12 23:07 - 2014-07-24 14:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-12 23:07 - 2014-07-24 14:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-12 23:07 - 2014-07-24 14:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-12 23:07 - 2014-07-24 14:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-12 23:07 - 2014-07-24 14:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-12 23:07 - 2014-07-24 14:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-12 23:07 - 2014-07-24 14:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-12 23:07 - 2014-07-24 14:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-12 23:07 - 2014-07-24 14:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-12 23:07 - 2014-07-24 14:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-12 23:07 - 2014-07-24 14:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-12 23:07 - 2014-07-24 14:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-12 23:07 - 2014-07-24 14:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-12 23:07 - 2014-07-24 14:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-12 23:07 - 2014-07-24 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-12 23:07 - 2014-07-24 14:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-12 23:07 - 2014-07-24 14:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-12 23:07 - 2014-07-24 14:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-12 23:07 - 2014-07-24 14:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-12 23:07 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-12 23:07 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-12 23:07 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-12 23:07 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-12 23:07 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-12 23:07 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-12 23:07 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-08-12 23:07 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-12 23:07 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-12 23:07 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-12 23:07 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-12 23:07 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-12 23:07 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-12 23:07 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-12 23:07 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-12 23:07 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-12 23:07 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-12 23:07 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-08-12 23:07 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-08-12 23:07 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-08-12 23:07 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-12 23:06 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-12 23:06 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-12 23:06 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-12 23:06 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-12 23:06 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-12 23:06 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-12 23:06 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-12 23:06 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-12 23:06 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-12 23:06 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-12 23:06 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-12 23:06 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-12 23:06 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-12 23:06 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-12 23:06 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-12 23:06 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-12 23:06 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-12 23:06 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-12 23:06 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-12 23:06 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-12 23:06 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-12 23:06 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-12 23:06 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-12 23:06 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-12 23:06 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-12 23:06 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-12 22:11 - 2014-08-28 18:34 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-08-12 16:04 - 2014-08-30 16:04 - 00000000 ____D () C:\Users\Timelord\Desktop\more censoreding time pent on security issues tuesday 2014-08-12 00:34 - 2014-08-12 00:36 - 00000126 _____ () C:\Users\Timelord\Desktop\batman.txt 2014-08-11 23:48 - 2014-08-11 23:48 - 00001066 _____ () C:\Users\Public\Desktop\DivX Player.lnk 2014-08-10 09:59 - 2014-08-12 22:06 - 00000000 ____D () C:\ProgramData\ESET 2014-08-10 09:59 - 2014-08-10 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-08-10 09:59 - 2014-08-10 09:59 - 00000000 ____D () C:\Program Files\ESET 2014-08-06 03:11 - 2014-08-06 03:11 - 00001408 _____ () C:\Users\Timelord\Desktop\profile.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-02 00:14 - 2014-09-02 00:14 - 00021264 _____ () C:\Users\Timelord\Desktop\FRST.txt 2014-09-02 00:14 - 2014-02-15 21:02 - 00000000 ____D () C:\FRST 2014-09-02 00:12 - 2014-09-02 00:12 - 00000000 ____D () C:\Users\Timelord\Desktop\FRST-OlderVersion 2014-09-02 00:12 - 2014-08-21 15:35 - 02104832 _____ (Farbar) C:\Users\Timelord\Desktop\FRST64.exe 2014-09-02 00:12 - 2014-06-12 00:28 - 00000000 ____D () C:\Users\Timelord\Desktop\New folder 2014-09-02 00:10 - 2009-07-13 23:45 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-02 00:10 - 2009-07-13 23:45 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-02 00:08 - 2014-04-29 15:47 - 01565663 _____ () C:\Windows\WindowsUpdate.log 2014-09-02 00:05 - 2014-08-30 20:06 - 00000336 _____ () C:\Windows\setupact.log 2014-09-02 00:05 - 2014-08-16 15:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-02 00:05 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-02 00:04 - 2014-09-02 00:04 - 00000302 _____ () C:\Windows\PFRO.log 2014-09-02 00:04 - 2014-01-03 21:30 - 00000000 ____D () C:\AdwCleaner 2014-09-02 00:04 - 2012-05-04 01:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-01 23:53 - 2014-09-01 23:53 - 05427288 _____ () C:\Users\Timelord\Desktop\RogueKillerX64.exe 2014-09-01 23:53 - 2014-07-16 15:04 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-09-01 23:49 - 2014-08-30 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-01 23:47 - 2014-09-01 23:47 - 258964963 _____ () C:\Windows\MEMORY.DMP 2014-09-01 23:47 - 2014-09-01 23:47 - 00262144 _____ () C:\Windows\Minidump\090114-30810-01.dmp 2014-09-01 23:47 - 2014-02-28 11:11 - 00000000 ____D () C:\Windows\Minidump 2014-08-31 18:19 - 2013-12-04 18:41 - 00000000 ____D () C:\Program Files\PeerBlock 2014-08-30 22:15 - 2014-08-30 22:17 - 02657800 _____ (Sandboxie Holdings, LLC) C:\Users\Timelord\Desktop\SandboxieInstall-413-3.exe 2014-08-30 21:27 - 2014-08-30 21:27 - 00279360 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 20:06 - 2014-08-30 20:06 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-30 19:48 - 2014-08-30 19:48 - 00058416 _____ () C:\Users\Timelord\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-30 19:14 - 2014-04-22 00:07 - 00000000 ___DC () C:\Users\Timelord\AppData\Local\MigWiz 2014-08-30 19:11 - 2013-11-07 18:38 - 00000000 ____D () C:\Users\Timelord\AppData\Local\CrashDumps 2014-08-30 18:34 - 2014-08-30 18:34 - 00000332 _____ () C:\Start_.cmd 2014-08-30 18:34 - 2014-08-30 18:34 - 00000000 ____D () C:\ComboFix 2014-08-30 18:34 - 2014-08-29 17:45 - 00000000 ___SD () C:\32788R22FWJFW 2014-08-30 16:04 - 2014-08-12 16:04 - 00000000 ____D () C:\Users\Timelord\Desktop\more censoreding time pent on security issues tuesday 2014-08-30 09:44 - 2012-03-26 22:58 - 00000000 ____D () C:\Users\Timelord\AppData\Roaming\vlc 2014-08-29 21:26 - 2014-08-29 21:26 - 00361655 _____ () C:\Users\Timelord\Desktop\bookmarks-2014-08-29.json 2014-08-29 21:18 - 2013-04-13 13:16 - 00014336 _____ () C:\Users\Timelord\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-29 20:14 - 2012-04-25 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win 2014-08-29 19:56 - 2011-08-20 21:37 - 00000000 ____D () C:\ProgramData\Temp 2014-08-29 18:28 - 2013-01-20 16:40 - 00000000 ____D () C:\Users\Timelord\Desktop\Movie Workshop 2014-08-29 18:27 - 2014-02-23 20:56 - 00000000 ____D () C:\Users\Timelord\.VirtualBox 2014-08-28 22:59 - 2014-08-28 22:59 - 00361720 _____ () C:\Users\Timelord\Desktop\bookmarks-2014-08-28 starting the censored over 2014-08-28 21:58 - 2014-08-28 21:15 - 00000000 ____D () C:\Users\Timelord\Desktop\mbar 2014-08-28 21:42 - 2014-02-19 00:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-08-28 18:34 - 2014-08-12 22:11 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-08-28 17:09 - 2014-08-28 17:07 - 88281088 _____ () C:\Users\Timelord\Desktop\ess_nt64_ENU.msi 2014-08-28 16:26 - 2014-08-28 16:26 - 00003637 _____ () C:\Users\Timelord\Desktop\RKreport_SCN_08282014_162025..txt 2014-08-28 15:12 - 2014-08-28 15:12 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{9A8AC25A-55C1-45BE-8719-05EE1505133C} 2014-08-27 22:04 - 2012-10-14 12:35 - 00000000 ____D () C:\Users\Timelord\Desktop\trojan tools 2014-08-27 21:28 - 2014-05-22 15:34 - 00152064 ___SH () C:\Users\Timelord\Desktop\Thumbs.db 2014-08-27 21:20 - 2014-08-27 21:20 - 00000900 _____ () C:\Users\Timelord\Desktop\aswMBR.txt 2014-08-27 18:28 - 2009-07-14 00:13 - 00819142 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-27 17:24 - 2012-09-22 00:37 - 00002052 _____ () C:\Windows\epplauncher.mif 2014-08-27 02:26 - 2014-07-09 01:53 - 00000000 ____D () C:\Users\Timelord\Desktop\sheepwalkers 2014-08-27 02:13 - 2014-08-27 02:13 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{F2D899D9-A751-4FB4-8BF5-3597AEA7D9C6} 2014-08-26 02:17 - 2014-05-23 18:19 - 00002748 _____ () C:\Windows\Sandboxie.ini 2014-08-25 17:50 - 2014-06-19 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-08-25 04:52 - 2012-09-25 02:55 - 00000000 ____D () C:\ProgramData\SystemExplorer 2014-08-24 19:28 - 2014-08-24 19:28 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{E84998DC-8607-4759-90AB-99292C354F9F} 2014-08-24 01:56 - 2014-08-24 01:55 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{ECB89438-1835-4107-B143-2492C9524E2E} 2014-08-23 13:55 - 2014-08-23 13:55 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{740D9937-7610-4E4D-A5F2-A9ED6086FB11} 2014-08-22 21:07 - 2014-08-27 17:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-22 20:45 - 2014-08-27 17:12 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-22 19:59 - 2014-08-27 17:13 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 16:33 - 2014-08-22 16:33 - 00067839 _____ () C:\Users\Timelord\Documents\Untit (7).wma 2014-08-22 16:25 - 2014-08-22 16:25 - 00058859 _____ () C:\Users\Timelord\Documents\Untitled (6).wma 2014-08-22 16:24 - 2014-08-22 16:24 - 00431529 _____ () C:\Users\Timelord\Documents\Untitled (5).wma 2014-08-22 16:04 - 2014-08-22 16:04 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{CA042E48-9F9E-474A-A27A-57CDCA5E8108} 2014-08-22 02:42 - 2014-08-22 02:42 - 00135189 _____ () C:\Users\Timelord\Documents\Untitled (4).wma 2014-08-22 02:01 - 2014-08-22 02:01 - 00422549 _____ () C:\Users\Timelord\Documents\65.wma 2014-08-22 01:38 - 2014-08-22 01:38 - 00108249 _____ () C:\Users\Timelord\Documents\Untitled (3).wma 2014-08-22 01:07 - 2014-08-22 01:06 - 00350709 _____ () C:\Users\Timelord\Documents\1.wma 2014-08-22 00:56 - 2014-08-22 00:56 - 00130699 _____ () C:\Users\Timelord\Documents\Untitled (2).wma 2014-08-22 00:53 - 2014-08-22 00:53 - 00126209 _____ () C:\Users\Timelord\Documents\Untitled.wma 2014-08-22 00:47 - 2014-08-22 00:47 - 01360959 _____ () C:\Users\Timelord\Documents\an4.wma 2014-08-22 00:40 - 2014-08-22 00:40 - 01096049 _____ () C:\Users\Timelord\Documents\an3.wma 2014-08-21 21:19 - 2014-08-21 21:19 - 00000000 ____D () C:\Users\Timelord\AppData\Local\{7EBAEB28-D766-4E5D-AC39-80A3251B70D5} 2014-08-21 17:27 - 2014-08-21 17:27 - 00000261 _____ () C:\DelFix.txt 2014-08-21 17:27 - 2013-10-25 00:04 - 00000000 ____D () C:\Windows\ERUNT 2014-08-21 15:20 - 2014-08-20 13:44 - 00000000 ____D () C:\Users\Timelord\Desktop\logger 2014-08-21 02:18 - 2009-07-13 21:34 - 00000471 _____ () C:\Windows\win.ini 2014-08-21 02:14 - 2013-12-18 19:08 - 00819142 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-08-20 19:24 - 2014-08-20 19:24 - 00014434 _____ () C:\ComboFix.txt 2014-08-20 19:24 - 2014-01-03 10:20 - 00000000 ____D () C:\Qoobox 2014-08-20 19:19 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini 2014-08-20 17:52 - 2014-08-20 17:00 - 00000000 ____D () C:\Users\Timelord\Downloads\fresh as a day in may 2014-08-20 09:19 - 2014-08-16 15:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-20 09:19 - 2012-09-25 02:55 - 00000000 ____D () C:\Program Files (x86)\System Explorer 2014-08-20 09:17 - 2014-08-19 16:53 - 00000000 ____D () C:\Users\Timelord\AppData\Local\gtk-2.0 2014-08-20 09:17 - 2014-08-14 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synfig 2014-08-20 09:17 - 2014-08-14 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-20 09:17 - 2014-06-08 16:45 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-08-20 09:17 - 2014-03-31 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2014-08-20 09:17 - 2013-11-09 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-08-20 09:17 - 2012-09-25 02:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer 2014-08-20 09:17 - 2012-01-31 22:59 - 00000000 ____D () C:\Users\Timelord 2014-08-20 09:17 - 2011-07-14 11:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-08-20 09:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration 2014-08-20 09:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat 2014-08-19 22:09 - 2014-02-21 17:18 - 00001090 _____ () C:\Users\Public\Desktop\System Explorer.lnk 2014-08-19 22:03 - 2014-08-19 22:03 - 02096400 _____ (Mister Group ) C:\Users\Timelord\Desktop\SystemExplorerSetup_592.exe 2014-08-19 20:08 - 2014-08-14 16:04 - 00000000 ____D () C:\Users\Timelord\Synfig 2014-08-17 20:50 - 2014-08-17 20:50 - 00000097 _____ () C:\Users\Timelord\Desktop\phone#.txt 2014-08-17 20:29 - 2014-08-17 20:30 - 00023720 _____ () C:\Users\Timelord\Downloads\#2062084152_2024558888_14083237677808318.WAV 2014-08-17 04:55 - 2013-02-02 01:25 - 00000000 ____D () C:\Users\Timelord\Desktop\Full albums 2014-08-17 03:02 - 2014-08-17 03:02 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-17 03:01 - 2014-08-17 03:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-16 15:18 - 2014-03-04 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-15 17:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-08-14 18:18 - 2014-08-14 18:18 - 00000041 _____ () C:\Users\Timelord\Desktop\synfigmanual.txt 2014-08-14 16:03 - 2014-08-14 15:57 - 00000000 ____D () C:\Program Files (x86)\Synfig 2014-08-14 15:42 - 2014-04-28 20:04 - 00000000 ____D () C:\Users\Timelord\Documents\ccreg backup 2014-08-14 03:07 - 2013-11-04 00:35 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-14 03:06 - 2014-01-15 21:07 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-12 23:32 - 2013-07-18 19:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-12 23:24 - 2012-03-04 21:39 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-12 22:06 - 2014-08-10 09:59 - 00000000 ____D () C:\ProgramData\ESET 2014-08-12 21:20 - 2013-10-25 14:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive 2014-08-12 17:26 - 2011-07-14 11:44 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-08-12 00:36 - 2014-08-12 00:34 - 00000126 _____ () C:\Users\Timelord\Desktop\batman.txt 2014-08-11 23:49 - 2012-02-11 03:57 - 00000000 ____D () C:\ProgramData\DivX 2014-08-11 23:48 - 2014-08-11 23:48 - 00001066 _____ () C:\Users\Public\Desktop\DivX Player.lnk 2014-08-11 23:48 - 2012-02-11 03:58 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-08-10 09:59 - 2014-08-10 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-08-10 09:59 - 2014-08-10 09:59 - 00000000 ____D () C:\Program Files\ESET 2014-08-09 20:36 - 2011-07-14 10:50 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2014-08-06 19:30 - 2014-07-30 18:52 - 00000000 ____D () C:\Program Files (x86)\Best Buy Digital Music Store Powered by Rhapsody 2014-08-06 03:11 - 2014-08-06 03:11 - 00001408 _____ () C:\Users\Timelord\Desktop\profile.txt 2014-08-05 16:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF Some content of TEMP: ==================== C:\Users\Timelord\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-12-30 01:44 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02 Ran by Timelord at 2014-09-02 00:15:23 Running from C:\Users\Timelord\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden Any Video Converter 5.5.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden Best Buy Digital Music Store (HKLM-x32\...\Best Buy Digital Music Store) (Version: - ) Best Buy Rhapsody (HKLM-x32\...\Best Buy Rhapsody) (Version: - ) Bitcoin (HKCU\...\Bitcoin) (Version: 0.6.3 - Bitcoin project) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC) ESET Smart Security (HKLM\...\{5E6F6CE8-1A35-4629-A550-376D4FF74F9B}) (Version: 7.0.317.4 - ESET, spol s r. o.) EULAlyzer 2.2 (HKLM-x32\...\EULAlyzer_is1) (Version: 2.2.0 - BrightFort LLC) FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Intel® SDK for OpenCL* Applications 2012 (HKLM-x32\...\{ECAD1063-CF2B-45F3-7946-A8B970007A80}) (Version: 2.0.0.31360 - Intel Corporation) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6374 - Realtek Semiconductor Corp.) Rhapsody Player Engine (HKLM-x32\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated) Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 0.64.1 - ) System Explorer 5.9.2 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group) Translate Genius (HKLM-x32\...\{5AC6FC35-8E40-4380-8E21-E117199738D3}) (Version: 1.0.5 - TGF Interactive) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.8 - Tweaking.com) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Wise Program Uninstaller 1.63 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.63 - WiseCleaner.com, Inc.) xplorer² lite 32 bit (HKLM-x32\...\xplorer2l) (Version: 2.4.0.1 - Zabkat) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 30-08-2014 01:09:13 gpabackup 31-08-2014 01:01:01 Windows Update 31-08-2014 20:22:59 beta ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-08-21 02:19 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2C764AD2-2EF7-4524-BD98-95121FED6862} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {2EB38FF9-DBD3-41B6-8816-809384DF36A2} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe Task: {973EEC77-0BAE-42CE-9E30-0AD0B4D972BC} - System32\Tasks\{03EC9265-94AD-4F29-B881-5974A05B7D01} => C:\Program Files (x86)\Best Buy Rhapsody\rhapsody.exe [2006-10-24] (RealNetworks, Inc.) Task: {9CB8082A-2242-4203-B6EE-A2DCAF1A64F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {BF421B21-8F78-4932-8C20-D5E9718212C0} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe Task: {C5E634AD-6AD0-4911-AABD-7B06A24E3DA3} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe Task: {C7AC5BD3-61C8-460E-9CC9-54B1D021D24E} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {CF3350B4-C308-40C5-8FBD-9D01123C245B} - System32\Tasks\{13B57ACA-BC33-467F-B4D0-A75C763D263C} => C:\Program Files (x86)\Best Buy Rhapsody\rhapsody.exe [2006-10-24] (RealNetworks, Inc.) Task: {FEA8D82B-7892-4FB8-A0E1-74DB107A0D36} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated) Task: {FF24BFFC-3F13-4F08-A706-5C4A27331BF4} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:84098FD3 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15945333.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15945333.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: HitmanProScheduler => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ WinCinema Manager.lnk => C:\Windows\pss\ WinCinema Manager.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: SansaDispatch => C:\Users\Timelord\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: SystemExplorerAutoStart => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY MSCONFIG\startupreg: Uninstall C: => ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Semiconductor Corp. Service: RTL8192Ce Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VirtualBox Host-Only Ethernet Adapter Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/31/2014 03:23:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {ad24c824-546a-4f46-9580-b37dfb0a5c01} Error: (08/30/2014 09:28:47 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2560925396-3286970015-408714028-1000}/">. Error: (08/30/2014 09:27:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/30/2014 09:27:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/30/2014 09:27:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/30/2014 09:27:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (08/30/2014 09:27:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/30/2014 09:27:49 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (08/30/2014 09:27:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/30/2014 09:27:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (09/02/2014 00:05:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MCSTRM service failed to start due to the following error: %%2 Error: (09/02/2014 00:05:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DirMngr service failed to start due to the following error: %%2 Error: (09/01/2014 11:49:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/01/2014 11:49:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/01/2014 11:49:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/01/2014 11:48:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1068 Error: (09/01/2014 11:48:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/01/2014 11:48:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/01/2014 11:48:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/01/2014 11:48:12 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Microsoft Office Sessions: ========================= Error: (08/31/2014 03:23:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {ad24c824-546a-4f46-9580-b37dfb0a5c01} Error: (08/30/2014 09:28:47 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: 300x80040d07iehistory://{S-1-5-21-2560925396-3286970015-408714028-1000}/ Error: (08/30/2014 09:27:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/30/2014 09:27:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/30/2014 09:27:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/30/2014 09:27:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (08/30/2014 09:27:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (08/30/2014 09:27:49 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (08/30/2014 09:27:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (08/30/2014 09:27:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) 4700 ==================== Memory info =========================== Processor: Intel® Celeron® CPU B800 @ 1.50GHz Percentage of memory in use: 61% Total physical RAM: 1899.86 MB Available physical RAM: 733.07 MB Total Pagefile: 3799.72 MB Available Pagefile: 2179.39 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:217.79 GB) (Free:36.54 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.