Jump to content

Search the Community

Showing results for tags 'Firefox'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. malwarebytes anti-exploit is not detecting these fake firefox update prompts. I posted this in on malwarebytes facebook page and they requested I post it on the forums. Article about the fake firefox updates: fake updates
  2. I am running Malwarebytes Anti-Exploit Premium, but still got the popup malware Firefox-patch.js Are there instructions on how to get rid of this? Thanks
  3. While on several different "legitimate" newspaper sites, the sites have been redirected without warning to this screen: The url at the top is different each time, but is never anything with Mozilla or Firefox in the title. A box will pop up prompting to "update now." I am running MWB Anti-Malware Premium and Avast, but neither has alerted when this occurs. Does anyone know what this is and should I be concerned?
  4. I and others are receiving a full screen popup window in Firefox (47.0.1) indicating that there is an emergency Firefox security patch that needs to be downloaded. The download window shows an https:// address with a binary file typically in the mid 300k size. A search on whois shows the address to be bogus. Norton Security Suite, Malwarebytes and M-AntiExploit are not picking up on this. I have noticed this twice so far and each time the "download" address and size is different. Are you aware of this problem and is mediation in the works? I've attached a copy of one of the download links. Thanks.
  5. Every time I start Firefox, I get this message: Firefox (and add-ons) is now protected by Malwarebytes Anti-Exploit Premium. I then have to close the message box. This doesn't really cause any problem, but is very annoying. How can I make this go away?
  6. Hello, My firefox was infected with a pretty standard adware a couple of months back. It redirected pages to ads, had popups on certain pages and had links embedded on text which linked to ads. I ran MBAM and it detected several threats, all of which I deleted. My computer was fine for a while, but got reinfected again after a while. This time, nothing was detected using MBAM full scan. Running MSE and TDSSKiller came up with nothing too. I found that resetting my Firefox removed the adware, only to be infected a few days later. After a few times of this occurring, I noticed that Firefox would hang, and then crash right before getting re-infected. I also checked all extensions/add-ons and I recognize all of them and they are all pretty standard ones. I reinstalled Firefox and it didn't fix it either. Has anyone else encountered this before? And how do I get rid of this thing? Thanks!
  7. Starting today Firefox and IE11 will not open on my laptop. They worked fine when I last shut down the laptop a couple of days ago. If I try to launch Firefox or IE11 I get the spinning circle for a few seconds then nothing, not even the usual pop up from MBAE that precedes opening of the browsers. I checked the task bar notification window and the icon for MBAE is not there. If I try to launch MBAE from the Start Menu it does not open and I get no error message. At this point if I go to Task Manager I see in Processes that Firefox and IE are listed once each, MBAE is listed twice, once using 128k of memory and again using 4108k of memory. I run the latest MBAM and the latest ESET NOD 32 antivirus, both successfully update their signature files, both are listed in Task Manager. I have Rhapsody, it is able to connect and stream music. However some software that has built in check for updates is not able to complete the check when I try that. Hard restart does not change any of the above. I had not installed any software or updates during the session before this behavior started. I’m running: Win7 Home Premium SP1 with Windows Updates current to what Windows Secrets recommends; MBAE Premium 1.08.1.1189, MBAM Premium latest version, Firefox 45.0.1, IE11 11.0.9600.18230, ESET NOD32 9.0.375.0. Any ideas what is blocking the browsers and MBAE from opening? Thanks!
  8. The http://searchinterneat-a.akamaihd.netmalware is hidden somewhere on my computer and Malwarebytes Premium does not find it. It seems to affect Chrome and Firefox, but not IE. It hijacks my home page. Can someone help, please? Addition.txtFRST.txt
  9. Hi, Everything was working fine until aboutan hour ago or so. Now, MBAE seems to have stopped sheilding Firefox (I'm not getting the little pop-up notoofcation, like I am still for other prgrams). The only new thing is that I just recently updated my Norton Security to 22.5.4.24. Thank you
  10. Hello, First time poster having trouble with firefox. Since yesturday my Firefox will not load any pages at all. Boots up fine, but will not load. As soon as I exit Firefox a window comes up saying it crashed. All other browsers work fine. Im guessing this is malware. Things I have tried: Malware/ virus scans in and out of safe mode. Nothing is found A complete uninstall of firefox, including all firefox folders in appdat, etc. cccleaner I have spent hours trying to figure out whats going on and its driving me nuts. Im really debating on just never using firefox again and use something else. But I dont want malware on my computer if thats what the case is. Firefox crash report: Problem signature: Problem Event Name: APPCRASH Application Name: firefox.exe Application Version: 44.0.0.5866 Application Timestamp: 56a4222c Fault Module Name: MSVCP120.dll Fault Module Version: 12.0.21005.1 Fault Module Timestamp: 524f7ced Exception Code: c0000005 Exception Offset: 0000e439 OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 4105 Additional Information 1: 0a9e Additional Information 2: 0a9e372d3b4ad19135b953a78882e789 Additional Information 3: 0a9e Additional Information 4: 0a9e372d3b4ad19135b953a78882e789 Any help would be greatly appreciated. Thank you
  11. Greetings, Not too long ago, I received a notice on my computer that my copy of Windows 7 was not genuine, even though it was. After some digging, I found its key and reentered it but somehow during that time, all hell broke loose onto my computer. Even though my computer says that it has a connection to the internet, no data is really being downloaded or sent, and Firefox won't open and just crashes nonstop. I was suggested to try Malwarebytes but when I go to install it. I get Runtime error (at 92.137). I've run other scans with Windows Defender and other malware removals but nothing seems to be working. Any help would be appreciated as I want to avoid having to do a clean install of Windows, but if its necessary I will. Thank you for your time.
  12. I'm just copying and pasting what i posted in another thread. Was asked to make my own topic. It was about ninthclub.com and camelcap.com being blocked with malwarebytes every time I try to browse on firefox or chrome, but when I scan my computer with malwarebytes, it doesn't find and remove the issue. I'm having the same issue on firefox and chrome. My IE wont even open. Malwarebytes blocks something from ninthclub.com and sometimes something from camelcap.com. There has been a couple others but i dont remember them and these are the main 2. Also, video stopped working on firefox everywhere except youtube and chrome stopped loading pages all together. It's like its not even trying to load them. I don't even get to an error message or anything and this also includes the settings page. So I gathered the information that you asked the other guy for and here it is: (In the FRST log I highlighted, underlined and enlarged a line of text for a file that kept popping up with "ydsGNMAAUWqgBBt.exe has stopped working". It stopped happening when I bought malewarebytes but its obviously still affecting something. Every time I track down a version of that file and delete it, it comes back.) Malewarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/30/2015 Scan Time: 6:41 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.30.07 Rootkit Database: v2015.10.28.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Macedizzle Scan Type: Threat Scan Result: Completed Objects Scanned: 367331 Time Elapsed: 53 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) _______________________________________________________ FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015 Ran by Macedizzle (administrator) on MACEDIZZLE (30-10-2015 19:40:23) Running from C:\Users\Macedizzle\Downloads Loaded Profiles: Macedizzle (Available Profiles: Macedizzle & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe () C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-27] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\Run: [3690935216] => regsvr32.exe "C:\ProgramData\Vohve\DehbOmvob.dll" HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 Tcpip\..\Interfaces\{FE07A412-2512-4951-83FE-14D65E5606C6}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Internet Explorer: ================== URLSearchHook: HKU\S-1-5-21-579903058-137395532-2418355931-1000 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM-x32 -> DefaultScope {C25F7D09-7224-4827-97F2-7D895BB05BEB} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-20] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-20] (Oracle Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Macedizzle\AppData\Roaming\Mozilla\Firefox\Profiles\6bggr8l0.default-1446244318840 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-30] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-30] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-20] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-30] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found Chrome: ======= CHR HomePage: Default -> about:home CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN33899355722046212&ctid=CT3279141&SearchSource=48","hxxp://search.conduit.com/?CUI=UN29598048081466128&ctid=CT3279141&SearchSource=48","hxxp://mysearch.avg.com?cid={A7F3CA6C-8462-4C19-8274-5417C2924751}&mid=3834c98ab71c47d38112d16c22623f64-4f9ac4e76022c0346a5580789a9d832360431931〈=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-26 23:14:39&v=17.0.0.12&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3279412&SearchSource=48&CUI=UN39575475273011824&UM=2&sspv=TB_CNI1","hxxp://start.mysearchdial.com/?f=1&a=suma0103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0E0AzzyC0C0BtCtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=145805346&ir=","hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit","hxxp://mysearch.avg.com/?cid={A7F3CA6C-8462-4C19-8274-5417C2924751}&mid=3834c98ab71c47d38112d16c22623f64-4f9ac4e76022c0346a5580789a9d832360431931〈=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-26%2023:14:39&v=17.0.0.12&pid=safeguard&sg=0&sap=hp" CHR Profile: C:\Users\Macedizzle\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.) S3 avchv; system32\DRIVERS\avchv.sys [X] S1 qknfd; system32\drivers\qknfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-30 19:40 - 2015-10-30 19:40 - 00012421 _____ C:\Users\Macedizzle\Downloads\FRST.txt 2015-10-30 19:39 - 2015-10-30 19:40 - 00000000 ____D C:\FRST 2015-10-30 19:39 - 2015-10-30 19:39 - 02198016 _____ (Farbar) C:\Users\Macedizzle\Downloads\FRST64.exe 2015-10-30 18:32 - 2015-10-30 18:32 - 00000000 ____D C:\Users\Macedizzle\Desktop\Old Firefox Data 2015-10-30 17:52 - 2015-10-30 17:52 - 28849904 _____ C:\Users\Macedizzle\Downloads\vlc-2.2.1-win32.exe 2015-10-30 17:49 - 2015-10-30 17:49 - 13155552 _____ (Microsoft Corporation) C:\Users\Macedizzle\Downloads\Silverlight_x64.exe 2015-10-30 17:45 - 2015-10-30 17:45 - 00584288 _____ (Oracle Corporation) C:\Users\Macedizzle\Downloads\jre-8u65-windows-i586-iftw.exe 2015-10-30 17:45 - 2015-10-30 17:45 - 00003194 _____ C:\Windows\System32\Tasks\{D3BF4046-4EC0-4270-AD30-2E35DAE068CB} 2015-10-30 16:40 - 2015-10-30 16:45 - 01068672 _____ C:\Users\Macedizzle\AppData\Local\ec4950f3c9f7662c86fe489dcc1d2a17 2015-10-30 16:39 - 2015-10-30 18:10 - 00570915 _____ C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe 2015-10-30 13:00 - 2015-10-30 13:00 - 00000000 _____ C:\autoexec.bat 2015-10-30 12:56 - 2015-10-30 12:56 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Macedizzle\Downloads\SpyHunter-Installer.exe 2015-10-30 10:31 - 2015-10-30 19:36 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-30 10:31 - 2015-10-30 18:17 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-30 10:31 - 2015-10-30 10:31 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-10-30 10:31 - 2015-10-30 10:31 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-10-30 10:31 - 2015-10-30 10:31 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-30 10:31 - 2015-10-30 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-10-30 10:30 - 2015-10-30 10:30 - 00929872 _____ (Google Inc.) C:\Users\Macedizzle\Downloads\ChromeSetup(1).exe 2015-10-30 09:52 - 2015-10-30 18:16 - 00000280 _____ C:\Windows\setupact.log 2015-10-30 09:52 - 2015-10-30 15:53 - 00003532 _____ C:\Windows\PFRO.log 2015-10-30 09:52 - 2015-10-30 09:52 - 00000000 _____ C:\Windows\setuperr.log 2015-10-30 09:40 - 2015-10-30 09:40 - 00001081 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\VS Revo Group 2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\ProgramData\VS Revo Group 2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\Program Files\VS Revo Group 2015-10-30 09:40 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2015-10-30 09:39 - 2015-10-30 09:39 - 11069616 _____ (VS Revo Group ) C:\Users\Macedizzle\Downloads\RevoUninProSetup.exe 2015-10-29 13:44 - 2015-10-29 13:44 - 00004096 _____ C:\ProgramData\VVQZZGrPEC94.dll 2015-10-29 13:43 - 2015-10-29 13:43 - 00450560 _____ (Microsoft Corporation) C:\Users\Macedizzle\AppData\Roaming\wpstmd.exe 2015-10-28 10:43 - 2015-10-28 10:43 - 01781760 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\lcpafit.exe 2015-10-28 10:42 - 2015-10-28 10:42 - 01794048 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\kzotuj.exe 2015-10-28 10:42 - 2015-10-28 10:42 - 01765376 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\bwdqpmd.exe 2015-10-28 08:05 - 2015-10-28 08:05 - 00929872 _____ (Google Inc.) C:\Users\Macedizzle\Downloads\ChromeSetup.exe 2015-10-28 06:15 - 2015-10-28 06:16 - 343784991 ____R C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E04.HDTV.x264-KILLERS[eztv].mp4 2015-10-28 05:36 - 2015-10-30 18:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-28 05:35 - 2015-10-28 05:35 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-28 05:35 - 2015-10-28 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-28 05:35 - 2015-10-28 05:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-28 05:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-28 05:35 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-28 05:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-28 05:34 - 2015-10-28 05:35 - 22908888 _____ (Malwarebytes ) C:\Users\Macedizzle\Downloads\mbam-setup-2.2.0.1024.exe 2015-10-28 05:22 - 2015-10-28 05:22 - 00003512 _____ C:\Windows\System32\Tasks\ydsGNMAAUWqgBBt 2015-10-26 10:22 - 2015-10-26 10:22 - 00004096 _____ C:\ProgramData\wk4BzK3g0CCA.dll 2015-10-26 02:53 - 2015-10-26 02:54 - 00000000 ____D C:\ProgramData\Vohve 2015-10-26 02:52 - 2015-10-28 06:07 - 00000000 ___HD C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2015-10-26 02:50 - 2015-10-26 02:56 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Walking.Dead.S06E03.HDTV.x264-KILLERS[ettv] 2015-10-22 07:27 - 2015-10-22 07:27 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E03.HDTV.x264-LOL[ettv] 2015-10-21 07:53 - 2015-10-21 07:53 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E03.HDTV.x264-LOL[ettv] 2015-10-14 21:23 - 2015-10-14 21:23 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E02.HDTV.x264-LOL[ettv] 2015-10-14 07:54 - 2015-10-14 07:54 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E02.HDTV.x264-LOL[ettv] 2015-10-07 21:05 - 2015-10-07 21:05 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E01.HDTV.x264-LOL[ettv] 2015-10-06 21:13 - 2015-10-06 21:45 - 269859594 _____ C:\Users\Macedizzle\Downloads\The Flash 2014 S02E01 HDTV x264-LOL.mp4 2015-10-05 08:20 - 2015-10-05 08:22 - 00000000 ____D C:\Users\Macedizzle\Downloads\Fear.The.Walking.Dead.S01E06.HDTV.x264-KILLERS[ettv] 2015-10-04 20:16 - 2015-10-04 20:17 - 00000000 ____D C:\Users\Macedizzle\Downloads\Heroes Reborn S01E03 HDTV XviD-FUM[ettv] ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-30 19:34 - 2013-07-15 03:56 - 01712303 _____ C:\Windows\WindowsUpdate.log 2015-10-30 18:44 - 2013-11-15 08:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-30 18:25 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-30 18:25 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-30 18:16 - 2013-07-17 02:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-10-30 18:16 - 2013-07-17 02:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-10-30 18:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-30 18:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-10-30 17:52 - 2013-07-15 14:47 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\vlc 2015-10-30 17:50 - 2013-07-17 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-10-30 16:36 - 2015-05-21 22:21 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\CrashDumps 2015-10-30 16:25 - 2009-07-14 01:08 - 00026436 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-10-30 12:07 - 2013-07-15 02:17 - 00000000 ____D C:\Users\Macedizzle 2015-10-30 12:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss 2015-10-30 10:32 - 2013-07-15 02:25 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Google 2015-10-30 10:31 - 2013-07-15 02:25 - 00000000 ____D C:\Program Files (x86)\Google 2015-10-30 10:21 - 2013-07-15 14:08 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\uTorrent 2015-10-30 10:20 - 2015-08-03 09:43 - 00000000 ____D C:\Program Files (x86)\Steam 2015-10-30 10:14 - 2015-07-22 10:46 - 00000000 ____D C:\Program Files\Highresolution Enterprises 2015-10-30 10:04 - 2013-11-15 08:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-30 10:04 - 2013-11-15 08:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-30 10:04 - 2013-11-15 08:24 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Adobe 2015-10-30 10:04 - 2011-11-04 01:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-28 09:10 - 2015-08-13 03:11 - 00000000 ____D C:\Program Files\CCleaner 2015-10-28 06:07 - 2014-01-30 00:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-28 06:07 - 2013-11-15 08:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-28 06:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports 2015-10-28 06:03 - 2013-11-30 17:45 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\NativeMessaging 2015-10-26 07:22 - 2013-08-01 15:35 - 00000000 ___HD C:\Users\Macedizzle\Downloads\~Hidden 2015-10-26 07:18 - 2015-06-23 12:48 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\TS3Client 2015-10-25 14:24 - 2013-11-29 23:17 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Battle.net 2015-10-25 13:19 - 2013-11-29 23:32 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-10-25 12:58 - 2013-11-29 23:17 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-10-15 07:44 - 2009-07-14 01:13 - 00833076 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-15 07:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2015-10-28 10:42 - 2015-10-28 10:42 - 1765376 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\bwdqpmd.exe 2015-10-28 10:42 - 2015-10-28 10:42 - 1794048 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\kzotuj.exe 2015-10-28 10:43 - 2015-10-28 10:43 - 1781760 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\lcpafit.exe 2014-02-19 03:07 - 2014-02-19 03:07 - 0000047 _____ () C:\Users\Macedizzle\AppData\Roaming\WB.CFG 2015-10-29 13:43 - 2015-10-29 13:43 - 0450560 _____ (Microsoft Corporation) C:\Users\Macedizzle\AppData\Roaming\wpstmd.exe 2015-10-30 16:40 - 2015-10-30 16:45 - 1068672 _____ () C:\Users\Macedizzle\AppData\Local\ec4950f3c9f7662c86fe489dcc1d2a17 2015-05-02 17:55 - 2015-05-02 17:55 - 0000036 _____ () C:\Users\Macedizzle\AppData\Local\housecall.guid.cache 2014-02-10 16:02 - 2014-02-10 16:02 - 0007606 _____ () C:\Users\Macedizzle\AppData\Local\Resmon.ResmonCfg 2015-10-30 16:39 - 2015-10-30 18:10 - 0570915 _____ () C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe 2013-07-15 04:22 - 2013-07-15 04:29 - 0015221 _____ () C:\ProgramData\ArcadeDeluxe5.log 2015-08-26 14:56 - 2015-08-26 14:58 - 0000032 _____ () C:\ProgramData\PS.log 2015-10-29 13:44 - 2015-10-29 13:44 - 0004096 _____ () C:\ProgramData\VVQZZGrPEC94.dll 2015-10-26 10:22 - 2015-10-26 10:22 - 0004096 _____ () C:\ProgramData\wk4BzK3g0CCA.dll Files to move or delete: ==================== C:\ProgramData\VVQZZGrPEC94.dll C:\ProgramData\wk4BzK3g0CCA.dll Some files in TEMP: ==================== C:\Users\Macedizzle\AppData\Local\Temp\vlc-2.2.1-win32.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-30 11:29 ==================== End of FRST.txt ============================ ___________________________________________________________________________ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-10-2015 Ran by Macedizzle (2015-10-30 19:41:49) Running from C:\Users\Macedizzle\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2013-07-15 06:17:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-579903058-137395532-2418355931-500 - Administrator - Disabled) Guest (S-1-5-21-579903058-137395532-2418355931-501 - Limited - Disabled) Macedizzle (S-1-5-21-579903058-137395532-2418355931-1000 - Administrator - Enabled) => C:\Users\Macedizzle ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.) FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FTL - Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.1.0.11 - GOG.com) FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden Visual Boy Advance Packages (HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\Visual Boy Advance Packages) (Version: - ) <==== ATTENTION VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 28-10-2015 05:30:28 AA11 30-10-2015 09:42:23 Revo Uninstaller Pro's restore point - Adobe Flash Player 19 NPAPI 30-10-2015 09:45:59 Revo Uninstaller Pro's restore point - Acrylic Wi-Fi Free v2.3 30-10-2015 09:48:35 Revo Uninstaller Pro's restore point - Google Chrome 30-10-2015 10:13:58 Revo Uninstaller Pro's restore point - X-Mouse Button Control 2.10.2 30-10-2015 18:12:08 Windows Modules Installer ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1E3E602C-A623-42F4-81B8-1564B1988E4A} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {46032276-9B26-4ABD-B05D-FE5583D76AF3} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe Task: {46C37929-0ACC-4B53-B25B-5FCA5EF5B2B2} - System32\Tasks\ydsGNMAAUWqgBBt => C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe [2015-10-30] () Task: {47547F90-BA48-4A60-993E-B78FC98D59D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.) Task: {890096E1-FC22-4A68-B5EE-6EAA767D1D7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-30] (Adobe Systems Incorporated) Task: {C64F497E-BC0F-4B8D-ACCB-A3F60A2B02A5} - System32\Tasks\{A02E7E3D-E73B-4BA8-935B-10B325559EBF} => pcalua.exe -a C:\Users\Macedizzle\Downloads\pecsetup.exe -d C:\Users\Macedizzle\Downloads Task: {C72F5CD0-DF14-4E80-9415-9A3CC83A3F79} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {C87DE2F2-701B-47CA-8468-E9773B647207} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd) Task: {CE164FF5-71D4-4146-AA1D-C026D30C8951} - System32\Tasks\{D3BF4046-4EC0-4270-AD30-2E35DAE068CB} => pcalua.exe -a C:\Users\Macedizzle\Downloads\jre-8u65-windows-i586-iftw.exe -d C:\Users\Macedizzle\Downloads Task: {CFFB314E-8A98-4E03-A973-4A12B4CB7143} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:48081133 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-579903058-137395532-2418355931-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Macedizzle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 71.10.216.1 - 71.10.216.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: 0184491392062471mcinstcleanup => 2 MSCONFIG\Services: 70e6ca8c => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: DsiWMIService => 2 MSCONFIG\Services: EgisTec Ticket Service => 3 MSCONFIG\Services: ePowerSvc => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: GamesAppIntegrationService => 3 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: GREGService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HTCMonitorService => 2 MSCONFIG\Services: LavasoftAdAwareService11 => 2 MSCONFIG\Services: Live Updater Service => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: NTI IScheduleSvc => 2 MSCONFIG\Services: PassThru Service => 2 MSCONFIG\Services: SbieSvc => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Update FindRight => 2 MSCONFIG\Services: Util FindRight => 2 MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Chrome => C:\PROGRA~3\taskhost.exe MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: RSA3122687153 => C:\Windows\system32\rundll32.exe "C:\Users\Macedizzle\AppData\Roaming\Microsoft\Crypto\RSA\RSA3122687153.dll",DllInitialize MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{77A7AFCC-285F-4841-922D-B331F77B3E12}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E8D2277F-8CC4-49EC-B03D-0BF488B8C886}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1D833432-CB72-4F8F-87E3-6BFCA9CDD8A6}] => (Allow) LPort=2869 FirewallRules: [{07470B16-D9EC-428B-9862-19EBA9785956}] => (Allow) LPort=1900 FirewallRules: [{807E4311-70F0-4F3C-93DA-0B3B445AF9DE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{83755AC7-12BF-4B96-9A08-2BE3559E36C4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{907EFCD7-4FAF-4EE3-9D59-1E381CCC8ABE}] => (Allow) C:\Users\Macedizzle\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6D21687B-6CED-4971-9FAC-5C0230F93FA0}] => (Allow) C:\Users\Macedizzle\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6DD02DE4-D1C6-4A8B-89DD-9B7B2044B25A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{22595AD7-CFDC-4321-8FEA-F159A88A0760}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{9AE41DF3-45C9-46B9-98F5-A33799712766}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{6C9CCB56-7F13-4CEB-ACE1-3DF73433F2A2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{FA39B24B-CCA8-4838-BE65-7640ADA7E817}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe FirewallRules: [{F0386638-F287-4428-BEF4-D06FD51730DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe FirewallRules: [{F02C0E6A-912A-480B-B8A9-A6AF60FA268B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe FirewallRules: [{F341DEEF-E55C-4CDF-9ABF-5C3E0E6EE3EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe FirewallRules: [TCP Query User{CF05B211-94C5-4EC2-AB8C-F105FA427A69}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [uDP Query User{D66A0195-AE25-496A-9438-BA28A28C95D2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{5594012D-A185-422C-9BB9-C7C176EB0F14}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [uDP Query User{71F82D1B-6C9E-4B9E-9797-C774B0D01B90}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{DE4A492B-EEC1-4BC8-BD5A-DB47E1661CDC}] => (Block) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{EC6C2429-E83F-4E5A-B1A2-B8B45A9D6C9D}] => (Block) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{B8DF9CC2-9DDA-4B36-B5AE-6B9AB186641D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5F6EAB6A-FD0A-4C24-BF2A-2965BF94ACBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{6474AF94-D384-4C90-9196-16FC7E89B164}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{261863D2-2FF5-4007-AEE6-03AF6745515E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{BC027C95-0F26-402D-BBBA-44099290F89B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3786E820-8DE4-4E7A-AEAE-C7DB32B8E1C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7FE48A35-881B-4251-9FBD-72E81A68BC05}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4F8EBE22-2F25-4AE2-8100-FB5482BF8200}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{29BE87DA-494D-4B62-96AB-15D3A78EDD9F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [uDP Query User{3C1345B3-D857-4DEE-B48A-5C9315DA83B6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{F2317EF6-8A0B-4538-A84C-A1726E0E07C8}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{F47988AC-3091-49D6-83A0-2CF6B32F7156}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{0C819B4F-CDDF-4A2E-91C8-4264FB72AD71}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe FirewallRules: [{B5F372F3-46EE-4733-88BC-814CCE286E89}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe FirewallRules: [TCP Query User{A389A0F7-9882-456E-A8AC-E70A919EDE03}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [uDP Query User{8A1606BE-D026-4DF0-A868-C53E489EADFF}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [{E3B236AE-FDC3-4A85-BC62-A6E070B02ECC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: qknfd Description: qknfd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: qknfd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/30/2015 06:18:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:33 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f)) System errors: ============= Error: (10/30/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/30/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (10/30/2015 06:17:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: qknfd Error: (10/30/2015 04:27:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: AMD E-350 Processor Percentage of memory in use: 44% Total physical RAM: 2793.9 MB Available physical RAM: 1543.56 MB Total Virtual: 5586.01 MB Available Virtual: 3758.41 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:71.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1F6C7E49) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Any help would be awesome. Thanks for any effort put to this very annoying problem. TDSSKiller.3.1.0.5_30.10.2015_20.09.53_log.txt
  13. Hello, I downloaded something that I can't get rid of. I've ran several programs, deleted a few things detected, ran Malwarebytes (been a paying customer for years, it hasn't detected anything) , uninstalled and reinstalled Firefox then removed it. Installed Chrome (which I never had) and it's now doing it on there. I'll click on a link and a pop up new tab will come up. First it says Terraclick.com then it says lp.musicboxnewtab.com with an ad.. This originally started by a browser hi jack/redirect where every time I opened it, it opened into a non set homepage. I got rid of that, now I have this. I ran Farbar just now. This is what I have: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015Ran by Hypno (administrator) on HYPNORAYGUN (01-10-2015 14:16:03)Running from C:\Users\Hypno\DownloadsLoaded Profiles: Hypno (Available Profiles: Hypno)Platform: Windows 8.1 Connected (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe() C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [519256 2014-02-16] (Waves Audio Ltd.)HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)HKLM-x32\...\Run: [lxdkmon.exe] => C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exe [455336 2010-02-15] ()HKLM-x32\...\Run: [lxdkamon] => C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe [25256 2010-02-15] ()HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-1188468758-1272634306-373300443-1001] => http://stopblock.me/wpad.dat?6a7e33d7632b2a86907a914d4cfeaf5c177020Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2Tcpip\..\Interfaces\{36968F8E-9445-4C71-925E-031F5072C6F6}: [DhcpNameServer] 71.10.216.1 71.10.216.2Tcpip\..\Interfaces\{4A1A0DDE-BD5F-421D-9A83-8F193CC8F565}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-1188468758-1272634306-373300443-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.yahoo.com/HKU\S-1-5-21-1188468758-1272634306-373300443-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJBSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> {D82486F8-9441-4F09-A262-552F2F035E33} URL = FireFox:========FF ProfilePath: C:\Users\Hypno\AppData\Roaming\Mozilla\Firefox\Profiles\ob4zic6x.default-1443596698055FF DefaultSearchEngine.US: GoogleFF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.comFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) Chrome: =======CHR HomePage: Default -> hxxp://www.yahoo.com/CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxp://facebook.com/","hxxp://twitter.com/"CHR Profile: C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-01]CHR Extension: (Google Docs) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-01]CHR Extension: (Google Drive) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-01]CHR Extension: (YouTube) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]CHR Extension: (Google Search) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-01]CHR Extension: (Google Sheets) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-01]CHR Extension: (Google Docs Offline) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-01]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-01]CHR Extension: (Chrome Web Store Payments) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]CHR Extension: (Gmail) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows ® Win 7 DDK provider) [File not signed]R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-01] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-01 14:16 - 2015-10-01 14:16 - 00016759 _____ C:\Users\Hypno\Downloads\FRST.txt2015-10-01 14:15 - 2015-10-01 14:16 - 00000000 ____D C:\FRST2015-10-01 14:15 - 2015-10-01 14:15 - 02192384 _____ (Farbar) C:\Users\Hypno\Downloads\FRST64 (1).exe2015-10-01 14:14 - 2015-10-01 14:14 - 02192384 _____ (Farbar) C:\Users\Hypno\Downloads\FRST64.exe2015-10-01 13:17 - 2015-10-01 13:17 - 00000262 _____ C:\Users\Hypno\Downloads\debug.log2015-10-01 10:44 - 2015-10-01 10:44 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-10-01 10:44 - 2015-10-01 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-10-01 10:43 - 2015-10-01 13:48 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-10-01 10:43 - 2015-10-01 10:48 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-10-01 10:43 - 2015-10-01 10:43 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-10-01 10:43 - 2015-10-01 10:43 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-10-01 10:42 - 2015-10-01 13:17 - 00000000 ____D C:\Users\Hypno\AppData\Local\Google2015-10-01 10:42 - 2015-10-01 10:42 - 00000000 ____D C:\Users\Hypno\AppData\Local\Deployment2015-09-30 20:16 - 2015-09-30 20:16 - 00000000 ___RD C:\Users\Hypno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2015-09-30 09:45 - 2015-10-01 10:59 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\AVAST Software2015-09-29 18:52 - 2015-09-29 18:52 - 00001825 _____ C:\Users\Hypno\Desktop\AdwCleaner[C1].txt2015-09-29 18:45 - 2015-09-30 11:00 - 00000000 ____D C:\AdwCleaner2015-09-29 15:58 - 2015-09-29 15:58 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Hypno\Downloads\sc-cleaner.exe2015-09-24 13:45 - 2015-09-30 19:54 - 00002130 _____ C:\Windows\PFRO.log2015-09-24 13:45 - 2015-09-30 19:54 - 00000464 _____ C:\Windows\setupact.log2015-09-24 13:45 - 2015-09-24 13:45 - 00000000 _____ C:\Windows\setuperr.log2015-09-23 20:45 - 2015-09-23 22:06 - 00000646 _____ C:\Users\Hypno\Downloads\Seneca 1995.mp42015-09-23 16:48 - 2015-10-01 14:14 - 01283803 _____ C:\Windows\WindowsUpdate.log2015-09-23 15:48 - 2015-09-23 15:49 - 06666544 _____ (Piriform Ltd) C:\Users\Hypno\Downloads\ccsetup509pro.exe2015-09-23 15:45 - 2015-10-01 11:00 - 00000000 ____D C:\Program Files (x86)\Adobe2015-09-23 11:08 - 2015-09-23 11:08 - 00000000 ____D C:\ProgramData\Lavasoft2015-09-23 00:03 - 2015-09-30 02:05 - 00000000 ____D C:\Users\Hypno\Desktop\Old Firefox Data2015-09-21 22:49 - 2015-09-21 22:58 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\PTGui2015-09-21 22:34 - 2015-09-21 22:34 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\PTGui Pro2015-09-21 22:20 - 2015-09-21 22:20 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\SpringFiles2015-09-21 13:43 - 2015-09-21 13:43 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2015-09-15 22:47 - 2015-09-15 22:59 - 14079676 _____ C:\Users\Hypno\Desktop\test.wav2015-09-15 15:18 - 2015-09-15 23:26 - 00000000 ____D C:\Users\Hypno\Documents\Mixpad Projects2015-09-15 14:53 - 2015-09-15 14:53 - 00053672 _____ C:\Users\Hypno\Desktop\newguitar.sfk2015-09-15 14:38 - 2015-09-15 14:50 - 00053672 _____ C:\Users\Hypno\Desktop\EX000_2.sfk2015-09-15 14:38 - 2015-09-15 14:38 - 00055064 _____ C:\Users\Hypno\Desktop\EX000_4.sfk2015-09-08 21:33 - 2015-08-26 21:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-09-08 21:33 - 2015-08-26 13:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-09-08 21:33 - 2015-08-26 13:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-09-08 21:33 - 2015-08-26 13:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-09-08 21:33 - 2015-08-26 13:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-09-08 21:33 - 2015-08-26 09:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-09-08 21:33 - 2015-08-26 09:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-09-08 21:33 - 2015-08-26 09:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-09-08 21:33 - 2015-08-26 09:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2015-09-08 21:33 - 2015-08-26 09:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-09-08 21:33 - 2015-08-26 09:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-09-08 21:33 - 2015-08-26 09:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-09-08 21:32 - 2015-08-22 13:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-09-08 21:32 - 2015-08-22 12:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-09-08 21:32 - 2015-08-22 12:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-09-08 21:32 - 2015-08-22 12:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-09-08 21:32 - 2015-08-22 12:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-09-08 21:32 - 2015-08-22 12:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-09-08 21:32 - 2015-08-22 11:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-09-08 21:32 - 2015-08-22 11:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-09-08 21:32 - 2015-08-22 11:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-09-08 21:32 - 2015-08-22 11:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-09-08 21:32 - 2015-08-22 11:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-09-08 21:32 - 2015-08-22 11:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-09-08 21:32 - 2015-08-22 11:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-09-08 21:32 - 2015-08-22 11:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-09-08 21:32 - 2015-08-22 11:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-09-08 21:32 - 2015-08-22 11:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-09-08 21:32 - 2015-08-22 11:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-09-08 21:32 - 2015-08-22 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-09-08 21:32 - 2015-08-22 11:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-09-08 21:32 - 2015-08-22 11:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-09-08 21:32 - 2015-08-22 11:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-09-08 21:32 - 2015-08-22 11:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-09-08 21:32 - 2015-08-22 11:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-09-08 21:32 - 2015-08-22 11:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-09-08 21:32 - 2015-08-22 11:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-09-08 21:32 - 2015-08-22 11:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-09-08 21:32 - 2015-08-22 11:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-09-08 21:32 - 2015-08-22 10:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-09-08 21:32 - 2015-08-22 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-09-08 21:32 - 2015-07-30 12:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-09-08 21:32 - 2015-07-30 11:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2015-09-08 21:30 - 2015-09-01 21:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-09-08 21:30 - 2015-09-01 21:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-09-08 21:30 - 2015-09-01 21:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-09-08 21:30 - 2015-09-01 21:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-09-08 21:30 - 2015-09-01 21:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-09-08 21:30 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2015-09-08 21:30 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll2015-09-08 21:30 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2015-09-08 21:30 - 2015-07-31 22:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe2015-09-08 21:30 - 2015-07-31 22:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe2015-09-08 21:30 - 2015-07-31 22:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll2015-09-08 21:30 - 2015-07-31 22:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe2015-09-08 21:30 - 2015-07-31 22:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe2015-09-08 21:30 - 2015-07-22 09:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-09-08 21:30 - 2015-07-22 09:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll2015-09-08 21:30 - 2015-07-22 09:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-09-08 21:30 - 2015-07-22 09:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll2015-09-08 21:30 - 2015-07-18 13:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll2015-09-08 21:30 - 2015-07-18 13:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll2015-09-08 21:30 - 2015-07-18 13:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll2015-09-08 21:30 - 2015-07-18 13:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll2015-09-08 21:30 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe2015-09-06 23:40 - 2015-09-06 23:40 - 00000000 ____D C:\Users\Hypno\Desktop\scanned pics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-01 14:14 - 2015-01-28 02:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-10-01 11:03 - 2014-11-30 00:14 - 01752064 ___SH C:\Users\Hypno\Downloads\Thumbs.db2015-10-01 11:03 - 2014-11-25 20:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1188468758-1272634306-373300443-10012015-10-01 11:01 - 2015-01-02 01:22 - 00000000 ____D C:\Program Files (x86)\NCH Software2015-10-01 10:44 - 2015-02-11 23:49 - 00000000 ____D C:\Program Files (x86)\Google2015-10-01 10:42 - 2015-01-06 00:13 - 00000000 ____D C:\Users\Hypno\AppData\Local\Apps\2.02015-09-30 20:21 - 2014-09-21 02:14 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery2015-09-30 20:15 - 2014-11-28 13:59 - 00367104 ___SH C:\Users\Hypno\Desktop\Thumbs.db2015-09-30 20:15 - 2014-11-25 20:56 - 00000000 ____D C:\Users\Hypno\OneDrive2015-09-30 19:54 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\FileManager2015-09-30 19:54 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-09-30 19:53 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI2015-09-30 19:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru2015-09-30 15:12 - 2014-09-21 02:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell2015-09-30 14:18 - 2014-03-18 04:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI2015-09-30 10:55 - 2014-12-20 11:28 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\BitTorrent2015-09-29 16:19 - 2014-12-02 14:49 - 00020519 _____ C:\Windows\system32\lvcoinst.log2015-09-23 16:03 - 2015-01-03 07:36 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\MPC-HC2015-09-23 16:02 - 2014-11-28 22:59 - 00000000 ____D C:\Users\Hypno\AppData\Local\CrashDumps2015-09-23 16:02 - 2014-09-21 02:01 - 00000000 ____D C:\Windows\Panther2015-09-23 15:48 - 2014-11-28 13:52 - 00000000 ____D C:\Users\Hypno\AppData\Local\Adobe2015-09-23 15:44 - 2014-12-30 02:11 - 00000000 ____D C:\ProgramData\Adobe2015-09-22 23:47 - 2014-11-25 20:49 - 00001444 _____ C:\Users\Hypno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-09-22 15:19 - 2015-01-02 01:22 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2015-09-21 14:01 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp2015-09-15 22:46 - 2015-01-02 01:22 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\NCH Software2015-09-15 15:18 - 2015-01-02 01:22 - 00000000 ____D C:\ProgramData\NCH Software2015-09-14 20:18 - 2015-04-17 11:04 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-09-14 20:18 - 2015-04-17 11:04 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-09-12 22:16 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\LiveKernelReports2015-09-12 15:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache2015-09-09 19:17 - 2013-08-22 09:44 - 00359856 _____ C:\Windows\system32\FNTCACHE.DAT2015-09-08 23:56 - 2014-03-18 04:38 - 00000000 ____D C:\Program Files\Windows Journal2015-09-08 23:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions2015-09-08 21:59 - 2014-12-01 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help2015-09-08 21:52 - 2014-11-30 15:19 - 00000000 ____D C:\Windows\system32\MRT2015-09-07 01:30 - 2014-11-25 20:48 - 00000000 ____D C:\Users\Hypno ==================== Files in the root of some directories ======= 2014-09-21 02:04 - 2014-09-21 02:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2014-09-21 02:03 - 2014-09-21 02:03 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log2014-09-21 01:59 - 2014-09-21 02:00 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log2014-09-21 02:00 - 2014-09-21 02:02 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log2014-09-21 02:02 - 2014-09-21 02:03 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log2014-09-21 01:58 - 2014-09-21 01:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP:====================C:\Users\Hypno\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-29 16:19 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015Ran by Hypno (2015-10-01 14:17:36)Running from C:\Users\Hypno\DownloadsWindows 8.1 Connected (X64) (2014-11-26 01:48:48)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1188468758-1272634306-373300443-500 - Administrator - Disabled)Guest (S-1-5-21-1188468758-1272634306-373300443-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1188468758-1272634306-373300443-1003 - Limited - Enabled)Hypno (S-1-5-21-1188468758-1272634306-373300443-1001 - Administrator - Enabled) => C:\Users\Hypnosydel_000 (S-1-5-21-1188468758-1272634306-373300443-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) HiddenDell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)Dropbox (HKU\S-1-5-21-1188468758-1272634306-373300443-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)K-Lite Codec Pack 10.9.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.0 - )LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) HiddenLeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) HiddenMalwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) HiddenNero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)PeaZip 5.5.2 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) HiddenPrism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30174 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)Sonic Foundry Sound Forge 5.0 (HKLM-x32\...\{F3D6581A-FEA1-11D4-8170-00C04F612EA4}) (Version: 5.0.0.117 - Sonic Foundry)Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)Visualizer for SketchUp (HKLM\...\{3758A735-50FD-4033-B3F5-77F30ED63F87}) (Version: 1.3.13.0 - Imagination)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.02 - NCH Software)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-09-2015 21:03:51 Scheduled Checkpoint23-09-2015 11:08:27 AA1130-09-2015 15:08:29 AA11 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E62425E-B9BE-42CC-8005-CA0C8EF8775A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {10EE6506-8997-4F4E-A67A-37CD9C08DBF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)Task: {144F19A1-EA57-4434-81BA-6E171E23EDED} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)Task: {15D482E8-322C-4BAF-B433-A1ED3ACEC0DF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)Task: {29F7DA91-8C96-4AD7-9300-DCBF16C47DC7} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)Task: {4596C201-2628-4889-B91B-D0BD8A2B7ACB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)Task: {AE84B036-97E8-4103-8630-2AFA375077D1} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()Task: {B92C98E1-8C51-47F3-9694-4753FAD43955} - System32\Tasks\PocketCloudUpdater => C:\ProgramTask: {C2999CD8-B496-4022-935F-0E3E8B0848C8} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()Task: {D7CEC631-295E-4D58-A790-E34A6FBA9D25} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)Task: {D8346D27-6119-4C6C-A3CB-8ED9596512A2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)Task: {DC186D02-EC65-489D-AA6A-4CE6E2ABCF95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)Task: {DD6781DB-F70A-49F9-ADE5-36411CF35E2C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)Task: {F3CBD649-00E7-4839-9B70-42C9EBAAECBE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)Task: {F8A8E634-C2A1-49B4-BFA9-971F236BFA17} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll2014-01-10 16:53 - 2014-01-10 16:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll2014-01-10 16:53 - 2014-01-10 16:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll2014-01-10 16:53 - 2014-01-10 16:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll2014-01-10 17:24 - 2014-01-10 17:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll2014-01-10 17:24 - 2014-01-10 17:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll2013-10-30 01:11 - 2013-10-30 01:11 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll2013-10-30 01:07 - 2013-10-30 01:07 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll2013-10-30 01:15 - 2013-10-30 01:15 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe2014-12-24 14:26 - 2010-02-15 13:26 - 00025256 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe2015-06-25 13:52 - 2015-05-19 20:26 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll2015-06-25 13:52 - 2015-05-19 20:26 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll2014-12-24 14:26 - 2010-02-09 08:41 - 00028672 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.Monitor.Common.dll2014-12-24 14:26 - 2010-02-09 08:41 - 00036864 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.Monitor.Core.dll2014-12-24 14:26 - 2010-02-09 08:40 - 00057344 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll2014-12-24 14:26 - 2008-06-06 07:45 - 00011776 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll2014-09-21 01:59 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2015-02-26 11:07 - 2015-02-09 10:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll2014-09-21 02:15 - 2012-11-26 01:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll2015-02-26 11:07 - 2014-02-18 13:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll2015-10-01 10:44 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll2015-10-01 10:44 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll2015-10-01 10:44 - 2015-09-23 21:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfmAlternateDataStreams: C:\Users\Hypno\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1188468758-1272634306-373300443-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hypno\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpgDNS Servers: 71.10.216.1 - 71.10.216.2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "AdAwareTray" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{383E65B5-108A-458B-8E11-809EE0183915}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exeFirewallRules: [{1357C1E0-7FD2-49F2-B39B-B256F27CB5C7}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exeFirewallRules: [{59ADB38E-8A52-4249-952D-4F04962D3C12}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exeFirewallRules: [{5DFCAFB9-BB3F-4BBB-B636-C9986FA1D940}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXEFirewallRules: [{259B95C8-2A7A-42C1-A97C-8EC75A84C379}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exeFirewallRules: [{679E6E4A-EECC-471B-80E1-49F83AF09666}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{6F44041F-DBD4-44DF-AA62-E5552C33A1FF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{FCFB9474-DD07-4F0A-94CE-54369B8723B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{89ED3E5C-7937-4417-9684-631BEB559A8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{C8EB96E7-41CD-46E6-AC55-F9551754F357}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{6683267F-3D59-4181-A6D2-0811535700BE}] => (Allow) C:\Windows\SysWOW64\lxdkcoms.exeFirewallRules: [{B421CB7C-9258-4316-9495-76642D720C5A}] => (Allow) C:\Windows\SysWOW64\lxdkcoms.exeFirewallRules: [{38A75B82-EFC5-4673-BEE4-7CA7F6B1DF00}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exeFirewallRules: [{7CD468EA-53CE-4D7C-BED9-C8BC6C333AFF}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exeFirewallRules: [{38AEFA95-0615-43EB-A4F3-E0E4BA332047}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\frun.exeFirewallRules: [{7528B128-953D-4620-9B07-0A8BFEC86CC1}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\frun.exeFirewallRules: [{D1C18F20-F63F-44ED-B7A8-5864BC6FCD5A}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exeFirewallRules: [{3B192F3D-C4B3-4967-B688-6678C9F2FDE7}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exeFirewallRules: [{36813081-8EDA-4EEA-B207-27D6B04186E3}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exeFirewallRules: [{5A7CF105-0277-4C0A-905F-5C599EA2FC7F}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exeFirewallRules: [{16B5E429-C15E-472B-9BC9-FE89722ED227}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exeFirewallRules: [{D2C08777-2A95-4F43-B96E-8AF6EBB7543C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exeFirewallRules: [{80EF4F7C-6AF2-490F-9F61-2DDA1ED59615}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nssB7D2.tmp\CnetInstaller-10735947.exeFirewallRules: [{ABDD6C01-93A2-430D-813F-C982BB85BF9A}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nssB7D2.tmp\CnetInstaller-10735947.exeFirewallRules: [{7CE86586-756A-42B9-AE89-5196B48EE9CC}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nse2E4A.tmp\CnetInstaller-10735947.exeFirewallRules: [{2F32C58D-E333-4356-ABAC-6AF76062DF80}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nse2E4A.tmp\CnetInstaller-10735947.exeFirewallRules: [{BED5D576-2BB4-4177-933D-7E72BE5E0282}] => (Allow) C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{C31C22FB-99F4-401F-8DA8-8BB7B830CA35}] => (Allow) C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{FB3DE7B6-AC1C-4A61-9090-01CD20B1B9E2}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exeFirewallRules: [{E15A7092-62A3-4B20-89DB-76112E66D679}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exeFirewallRules: [{6E726B8D-1DBC-4E70-AE84-3FDEA445DC49}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exeFirewallRules: [{9C824CA5-DFA9-425D-87F6-4D4A28807D35}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exeFirewallRules: [{0E0D26A8-2742-4785-ADF0-86B872985C28}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exeFirewallRules: [{4F0C4838-03AC-4B02-9618-4E6716284820}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Dell Wireless 1705 802.11b/g/n (2.4GHZ)Description: Dell Wireless 1705 802.11b/g/n (2.4GHZ)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Atheros Communications Inc.Service: athrProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (09/30/2015 07:55:11 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/30/2015 03:12:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: HYPNORAYGUN)Description: Application or service 'Dell Update Service' could not be restarted. Error: (09/29/2015 06:52:03 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/29/2015 02:15:48 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (09/23/2015 02:11:42 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/22/2015 03:46:47 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program MixPad.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1efc Start Time: 01d0f573f5a71f58 Termination Time: 569 Application Path: C:\Program Files (x86)\NCH Software\MixPad\MixPad.exe Report Id: ff039ad2-616a-11e5-8277-38b1db634512 Faulting package full name: Faulting package-relative application ID: Error: (09/18/2015 08:22:46 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 510 Start Time: 01d0f278f33cc1f5 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: e8f6c413-5e6c-11e5-8277-38b1db634512 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (09/12/2015 10:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a7c Start Time: 01d0edd136c540de Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 2a92dbe7-59c5-11e5-8277-38b1db634512 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (09/09/2015 07:18:29 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/07/2015 03:02:51 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1Exception code: 0xc0000374Fault offset: 0x000e5904Faulting process id: 0xce0Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 System errors:=============Error: (09/30/2015 08:20:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80. Error: (09/30/2015 08:20:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80. Error: (09/30/2015 08:15:49 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:40 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:40 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity:=================================== Date: 2015-09-30 19:49:34.971 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:34.549 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:34.111 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:17.529 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:17.107 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:16.685 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:15.935 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:15.514 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:15.060 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:13.826 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Celeron® CPU J1800 @ 2.41GHzPercentage of memory in use: 51%Total physical RAM: 3987.2 MBAvailable physical RAM: 1915.6 MBTotal Virtual: 5459.2 MBAvailable Virtual: 2469.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:456.3 GB) (Free:411.51 GB) NTFSDrive d: (Elements) (Fixed) (Total:1863.01 GB) (Free:921.68 GB) NTFSDrive f: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.42 GB) NTFSDrive x: (PBR Image) (Fixed) (Total:8.08 GB) (Free:0.7 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 240AD42F) Partition: GPT. ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000F408A)Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  14. Hi, I noticed my browsers (Firefox, IE) was loading very slowly yesterday night so this morning I run Avast and Anti-Malware but nothing was found. After I updated Anti-Malware I could no longer access any websites unless I turn off Anti-Malware. I'm attaching CheckResults.txt, FRST.txt and Addition.txt files. Also I tried Zoek (since I saw a similar issue from previous post) but it didn't solve the problem. I'm attaching the Zoek results file too. Thank you in advance Addition.txt CheckResults.txt FRST.txt zoek-results.txt
  15. Hi, I am running the premium version of Malwarebytes, but once in a while, when I'm opening a site in Firefox, I get the Malicious Website Blocked... and the Type is always Outbound, with the Process C:\Program Files (x86)\Mozilla Firefox\firefox.exe. The domain and IP are not always the same. I have run scans, without it finding anything. My computer runs fine and I don't notice anything out of the ordinary. What do I need to do to check further? Thank you! em
  16. I first received a notification from avast that it blocked a harmful webpage while browsing google chrome. After that I tried deleting and reinstalling google chrome, and I also deleted the appdata. It started showing up again in Firefox. It shows up no matter what browser I use. The notification contains the link to a harmful website, and the object states URL:MAL Here are the logs: can result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015Ran by selec_000 (administrator) on JOSH (01-08-2015 18:05:03)Running from C:\Users\selec_000\DownloadsLoaded Profiles: selec_000 (Available Profiles: selec_000)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe(Valve Corporation) C:\Games\Steam\Steam.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Valve Corporation) C:\Games\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe() C:\Games\Modding Tools\ModOrganizer\ModOrganizer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\selec_000\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)HKU\S-1-5-21-2450985420-56091920-2760118653-1001\...\Run: [steam] => C:\Games\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)HKU\S-1-5-21-2450985420-56091920-2760118653-1001\...\Run: [Google Update] => C:\Users\selec_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-05-15] (Google Inc.)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\selec_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-09] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:59610;https=127.0.0.1:59610HKU\S-1-5-21-2450985420-56091920-2760118653-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-09] (Avast Software s.r.o.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-22] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-22] (Oracle Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{FF92A986-E8ED-4B99-9729-DE754A90F58C}: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\selec_000\AppData\Roaming\Mozilla\Firefox\Profiles\hq45mnug.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-22] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-22] (Oracle Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-01] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-01] (Google Inc.)FF Plugin HKU\S-1-5-21-2450985420-56091920-2760118653-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\selec_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No FileFF Plugin HKU\S-1-5-21-2450985420-56091920-2760118653-1001: @talk.google.com/O1DPlugin -> C:\Users\selec_000\AppData\Roaming\Mozilla\plugins\npo1d.dll No FileFF Plugin HKU\S-1-5-21-2450985420-56091920-2760118653-1001: @tools.google.com/Google Update;version=3 -> C:\Users\selec_000\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin HKU\S-1-5-21-2450985420-56091920-2760118653-1001: @tools.google.com/Google Update;version=9 -> C:\Users\selec_000\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09] Chrome: =======CHR Profile: C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-01]CHR Extension: (Google Docs) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-01]CHR Extension: (Google Drive) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-01]CHR Extension: (YouTube) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-01]CHR Extension: (Google Search) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-01]CHR Extension: (Avast SafePrice) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-08-01]CHR Extension: (Google Sheets) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-01]CHR Extension: (Avast Online Security) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-01]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-01]CHR Extension: (Chrome Web Store Payments) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]CHR Extension: (Gmail) - C:\Users\selec_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-01]CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-09]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-09] (Avast Software)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-11] ()S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)R3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [838336 2015-07-23] (Valve Corporation) [File not signed]S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-09] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-09] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-09] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-09] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-09] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-09] (Avast Software s.r.o.)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-09] ()R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-09] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  17. I started getting this message from my Avast virus protection today while surfing Google Chrome Avast Web Shield has blocked a harmful webpage or file object: http://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=aol type of infection: URL:MAL I tried deleting and reinstalling google chrome and appdata left on my pc from the browser. I started getting it on other browsers also. I tried Malwarebytes software and it claimed to get rid of it, but it didn't.
  18. Hello I am wondering if anyone can help me. Recently I have been recieving a pop up from MBAM saying that it is blocking an outboud malicous website. It seems to happen everytime I delete spam from my Yahoo e-mail (weird). I've run scans several times but it says no malware. It says its blocking defense47.com and it is going throuh firefox.exe. Should I be worried? Please help.
  19. Yesterday, the internet stopped working for a moment, so I turned it off and then on again, but I noticed Firefox (my usual browser) was trying to open popup windows and often when I tried to visit a page it would instead send me to an ad page. I turned off the internet and ran a Malwarebytes Anti-Malware (free) scan. It found 12 potential threats, which it identified as spyware.keylogger and trojan.downloader or similar. It "quarantined" these, and subsequent scans have found nothing. I have attached the scans from Malwarebytes. Firefox was still fill of adware. There were a bunch of weird processes running which weren't running earlier (like rundll32.exe *32) which looked similar to actual processes but shouldn't be running. After ending those processes I tried Firefox again but it is still infected (warning saying 38 pop-ups were blocked). I then ran internet explorer which is working fine. I think the malware may have entered through the shockwave flash plugin on Firefox. I have downloaded FRST64.exe and run a scan and attached the FRST.txt and Addition.txt files. Any help would be appreciated. FRST.txt Addition.txt mbam-log-2015-04-27 (23-25-00).xml protection-log-2015-04-27.xml
  20. I just received a notice that "An Exploit code has been blocked in Mozilla Firefox (and add-ons)." That's all. If Anti-Exploit can block something why isn't there more info about what exactly was blocked? Do I have an Add-on that should be removed? I have always been amazed that whether it's a notice from Windows or some 3rd party software the scarcity of information that is provided when some intervention is made. If the software knows that something is wrong it should be able to be verbose about what it is.
  21. The only symptoms are described in the title. Began about a week ago, I'd been streaming video with Chrome and suddenly the advertisements started ignoring my ABP. Did not have Firefox open at the time, but Firefox was also affected with similar symptoms, random adware extensions downloading and running. I found the two random-character folders in ProgramData while following instructions for removal of one of the extensions, trying to figure out where they might be coming from. I couldn't delete them at first, they were a regular pain in the rear end until I took ownership of the folders and toyed with permissions for a while. I don't know if they're related to the adware issue, but I did want to make them known just in case. Reinstalled Chrome clean just a few days ago when the browser refused to let me download an extension I actually wanted to download. That fixed the problem. Ran MBAM the same night and found a PUP (can't remember what kind or the full name) as well as IndepthEdit issues, all removed. Today's MBAM quick scan resulted in no threats. Uninstalled uTorrent. I think all torrent files are gone. Thank you in advance! FRST Log: When I tried to post the topic with Addition.txt, the post editor said I had to shorten the post 'a little'. Very unhelpful. Can we get a max character counter please? Addition.txt
  22. It happens everyday, several times a day. This is the log of my last crash: AdapterDeviceID: 0x1401 AdapterDriverVersion: 9.18.13.4752 AdapterSubsysID: 36901458 AdapterVendorID: 0x10de Add-ons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.18,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.4,abs%40avira.com:1.4.5,%7B95322c08-05ff-4f3c-85fd-8ceb821988dd%7D:35.0,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.6.8,%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:5.0.1,jid1-ach2kaGSshPJCg%40jetpack:0.1,jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw%40jetpack:2.0.rev0 AvailablePageFile: 13440159744 AvailablePhysicalMemory: 5927145472 AvailableVirtualMemory: 3128160256 BIOS_Manufacturer: American Megatrends Inc. BlockedDllList: BreakpadReserveAddress: 45940736 BreakpadReserveSize: 67108864 BuildID: 20150320202338 CrashTime: 1427725157 EMCheckCompatibility: true FramePoisonBase: 00000000f0de0000 FramePoisonSize: 65536 InstallTime: 1427059007 Notes: AdapterVendorID: 0x10de, AdapterDeviceID: 0x1401, AdapterSubsysID: 36901458, AdapterDriverVersion: 9.18.13.4752 D2D? D2D1.1? D2D1.1+ D2D+ DWrite? DWrite+ D3D11 Layers? D3D11 Layers+ ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384} ProductName: Firefox ReleaseChannel: release SecondsSinceLastCrash: 43859 StartupTime: 1427722692 SystemMemoryUsePercentage: 30 Theme: classic/1.0 Throttleable: 1 TotalPageFile: 17042923520 TotalPhysicalMemory: 8522412032 TotalVirtualMemory: 4294836224 URL: https://www.tumblr.com/dashboard Vendor: Mozilla Version: 36.0.4 Winsock_LSP: MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll MSAFD Tcpip [uDP/IP] : 2 : 2 : MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll MSAFD Tcpip [TCP/IPv6] : 2 : 1 : MSAFD Tcpip [uDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll MSAFD Tcpip [RAW/IPv6] : 2 : 3 : Proveedor de servicios RSVP TCPv6 : 2 : 1 : %SystemRoot%\system32\mswsock.dll Proveedor de servicios RSVP TCP : 2 : 1 : Proveedor de servicios RSVP UDPv6 : 2 : 2 : %SystemRoot%\system32\mswsock.dll Proveedor de servicios RSVP UDP : 2 : 2 : useragent_locale: es-ES Do you guys think this is a malware issue? Thanks in advance.
  23. After reading https://www.malwarebytes.org/antiexploit/ (compare table) and https://www.malwarebytes.org/antiexploit/premium/ (browser components section), I want to ask this despite the fact this might be obvious for other people. I think that if MBAE would show both the number of shielded applications and the number of shielded processes would make things a lot clearer, rendering questions like this unnecessary. What is not very clear for me is that by cross reading from these 2 pages I can understand that MBAE Free can protect browser and browser add-ons not just Flash and Java but any add-on running in browser process space. Correct? Also it is not absolutely clear what browser process space mean. It is the browser process or the browser process and all its potential child processes?
  24. Shortly after installing MBAM and MBAE on this Win7 machine, I discovered that I was not able to print to my Brother printer (command caused Chrome to close). I can print from Firefox, but intentionally closing Firefox causes an error. Can't quote exact message since I am sending this via Firefox, but it's something like "plugin-container.exe stopped working". Tried to uninstall MBAM and MBAE to see if these caused the problems, but cannot do either: message is "Setup was unable to create the directory 'C:\Users\Joyce\AppData\Local\Temp\is-HUJQC.tmp'" (final characters vary with each try).
  25. Hello, I apologize for the length of the post but I thought to much info was probably better than to little. What Happened: Recently I downloaded Mozilla firefox and ended up with both vosteran and Optimizer Pro being installed at the same time. This was on a system running windows 7 home pro from a striped 500gb ssd C: drive with an internal second 1Tb drive, and two usb WD My Book external drives . At the time I also had two usb sticks with various Flight Sim (FSX) scenery packages with installers plugged in. What I did: I had MSE running but It did not catch anything even with a full scan after I realized what had happened. I immediately updated and ran Malwarebytes free which detected about 970 vosteran files, folders and registry entries plus the Optimizer Pro files! I selected to quarantine all the files, then deleted the quarantine. At this point mbam requested a reboot which I selected. The system seemed to hang on the "shutting down" screen for a few minutes then blue screened and finally gave me the "Windows did not shut down properly..." message. I chose to restart normally and the system came up seemingly fine. Then I noticed I had no internet connection. When I attempted to reconnect I got a strange message box stating it needed my network security code. I certainly was not about to do that, so I closed it and looked around some. I noticed that all the vosteran stuff seemed to be removed but Optimizer Pro was still there. I googled it and, using a suggestion from various forums, I simply uninstalled it. Results: A reboot worked fine, both vosteran & OP seem to be gone, my network connection automatically re-established and is working. Questions: Even though I thought I had gotten the firefox download from the official Mozilla.org site did I get "redirected" at some point in the download process? I did have to go through several pages to identify what package to download (i.e. 32 bit or 64 bit & win version). Is mbam alone, capable of completely removing vosteran as it appears to have done? Should I uninstall firefox before using it, then go back to the mozilla site and, carefully, download and install firefox again? I greatly appreciate your help and advice!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.