Jump to content

Search the Community

Showing results for tags 'Popup'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello all, I'm running OS X 10.10.4 on Macbook Pro early 2013 and I recently aware that random "popup" ad appear in Safari, Chrome, even in Chrome of Bootcamp while running by Parallel Desktop. By "popup" I mean when I accessed website, another web tab appear showing those ads. When I tried to close these ads, it always ask if I want to "Leave the page" or "Stay on the page". I tried to follow the instruction on Apple Support to Adware Removal, I cannot find any similar file. I tried to run MBAM, also no adware was found. I tried Avast for Mac, also nothing was found. I double checked all Proxy server settings from all browsers settings, nothing was changed. I checked hosts file, no strange entry. Finally I checked the DNS setting on network setting, also checked my router, I changed the DNS server to Google 8.8.8.8, it's all good. Yet, I still receiving random ad from all browsers, so I am very desperate needing some expert advice to find out what's doing these things to me. The AD are usually "investxxxxdom", "reimagexx", maybe one or two more else. Thank you very much.
  2. Thanks first to Firefox for the reply, So I am starting yet another thread on perhaps the same subject, and one that has been pinned but not apparently not resolved. Or perhaps this 'is' a little different as the popup message comes on, not inside the program, but on every reboot in the bottom right corner of Windows 7 64bit. I do not want Malicious web site protection enabled, so I disable it. Please don't suggest that it's a good idea to use it. I set disable ALL notifications, and on every boot, Malwarebytes pops up in a banner window and says "malicous website blocking is disabled"! I know it, i did it on purpose. Running latest version, have uninstalled with Revo, run ccleaner, rebooted and reinstalled with new installer. Thanks Joe Sticky: If you are receiving a message inside the MBAM program that Malicious Website Protection is disabled please do the following to correct the issue. First start by restarting your computer then go to the next stepOn the Dashboard click "Update now" to get the latest database versionRight click the Malwarebytes tray icon and click "Exit"Restart the Malwarebytes application from the programs menu or desktop shortcut.In most cases this resolves the issue, however if the issue still persists, reboot the computer again and the issue should be resolved.If the above procedures still do not correct the issue for you then please download the MBAM installer and reinstall the program which will fix the issue for you.
  3. Hi, I unfortunately am here due to some malware content I have on my computer which occurred by clicking on a link to download a font. The symptoms at first were that there were several added extensions in chrome which would create pop up links from happening. Once I noticed the problem I ran malware bytes and also Adwcleaner which found a few items. I figured that problem was ok since the extensions did not load on every chrome opening, but that was not the case. Now what happens is every time I click on a link that opens in a new window or a gmail desktop notification it will link to a pop-up ad. Let me know if there is any other information you need from me. Thank you in advance! Addition.txt FRST.txt
  4. Hello! I've gone and followed this guide here: https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/ Like the title says, i'm getting annoying pop-op messages about outgoing and ingoing IP's getting blocked. It's mostly the same IP's. I've tried to track down the location of the IP's, and i've tracked one down to Egypt in Africa.... I have no idea what info it wants to send over there. If someone could help me getting rid of these pop-ups or something, then i would be very thankful. OS: Windows 8.1 Addition.txt FRST.txt
  5. Addition.txt FRST.txt Each time I open newspaper website www.theage.com.au I get a popup ]see attached png] requesting I select to "Windows Update You need install critical windows updates." The grammar is wrong, the popup isn't 'official windows' and the run command attaches a "#modal" command at the end of the webaddress - www.theage.com.au#modal As this is my first post - the attached FRST.txt file and Addition.txt files might give a clue. I'm stuck Cheers.
  6. Good morning! My PC is infected with something and neither Malwarebytes or McAfee can find it. My computer is running crazy slow and the Windows updates are not configuring properly. Also having a large amount of pop ups. Here is the FRST.txt log followed by the Addition.txt log. Thank you so much for your help. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01 Ran by Erwin (administrator) on ERWIN-PC on 10-11-2014 09:20:44 Running from C:\Users\Erwin\Downloads Loaded Profile: Erwin (Available profiles: Erwin) Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files\NETGEAR\A6200\WifiService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Motive Communications, Inc.) C:\Program Files\ATT-SST\McciTrayApp.exe (Yahoo! Inc) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Akamai Technologies, Inc.) C:\Users\Erwin\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (PC Drivers Headquarters) C:\Program Files\Driver Support\Driver Support\DriverSupport.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe () C:\Program Files\Belkin\F1U201.401\usbshare.exe (Dropbox, Inc.) C:\Users\Erwin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (Akamai Technologies, Inc.) C:\Users\Erwin\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\WerFault.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( ) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-14] (Realtek Semiconductor) HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-02-26] (CyberLink Corp.) HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [1529856 2008-09-18] (Motive Communications, Inc.) HKLM\...\Run: [YSearchProtection] => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3565100382-3298192494-2397121306-1000\...\Run: [speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [49664 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-3565100382-3298192494-2397121306-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Erwin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3565100382-3298192494-2397121306-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-3565100382-3298192494-2397121306-1000\...\Run: [Driver Support] => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [4746584 2014-03-13] (PC Drivers Headquarters) HKU\S-1-5-21-3565100382-3298192494-2397121306-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [2425888 2013-09-11] (Hewlett-Packard Co.) HKU\S-1-5-21-3565100382-3298192494-2397121306-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-3565100382-3298192494-2397121306-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\F1U201.401.lnk ShortcutTarget: F1U201.401.lnk -> C:\Program Files\Belkin\F1U201.401\usbshare.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (McAfee) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (McAfee) Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8686DD8560ACE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3565100382-3298192494-2397121306-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7 SearchScopes: HKLM - {a776248f-c424-4ce4-8b5e-65db029465d3} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AGL^xdm002^YY^us&si=CNG4sM_forUCFY-iPAod6CQA0g&ptb=8E225CDF-F3F3-4963-B56F-81C298313C03&ind=2013020617&n=77fc41c9&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {38C72A85-44F9-4DBF-B276-E14657EB5A5C} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 SearchScopes: HKCU - {E17B2EAC-82EE-4A84-91EC-E09CA50BA301} URL = https://www.google.com/search?q={searchTerms} BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files\SafeKey\LPToolbar.dll (McAfee) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files\SafeKey\LPToolbar.dll (McAfee) Toolbar: HKCU - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.6.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: qv - {D6857445-6D99-4719-8C44-27A532D75AEE} - C:\Program Files\QuickVerse 2011\qvprotwrapper.dll (Findex Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\b86i9vnq.default-1412004521964 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll (WebEx Communications, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Erwin\AppData\Roaming\mozilla\plugins\npatgpc.dll (WebEx Communications, Inc) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF Extension: Astrmenda Search - C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\b86i9vnq.default-1412004521964\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-11-01] FF Extension: Astro New Tab - C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\b86i9vnq.default-1412004521964\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi [2014-11-01] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07] FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-03-13] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-07-24] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-24] Chrome: ======= CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-07-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.) R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed] R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed] R2 WNDA6200; C:\Program Files\NETGEAR\A6200\WifiService.exe [53536 2012-11-19] () S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1740904 2012-08-02] (Broadcom Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 netr73; C:\Windows\System32\DRIVERS\WUSB54GCx86.sys [256000 2007-03-12] (Ralink Technology Inc.) R1 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-10 09:20 - 2014-11-10 09:21 - 00022777 _____ () C:\Users\Erwin\Downloads\FRST.txt 2014-11-10 09:20 - 2014-11-10 09:20 - 00000000 ____D () C:\FRST 2014-11-10 09:19 - 2014-11-10 09:19 - 01107968 _____ (Farbar) C:\Users\Erwin\Downloads\FRST.exe 2014-11-10 09:10 - 2014-11-10 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-11-07 10:15 - 2014-11-07 10:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-02 11:50 - 2014-11-02 11:50 - 01375089 _____ () C:\Users\Erwin\Downloads\adwcleaner_3.311(1).exe 2014-11-02 11:47 - 2014-11-02 12:00 - 00000000 ____D () C:\AdwCleaner 2014-11-02 11:46 - 2014-11-02 11:46 - 01375089 _____ () C:\Users\Erwin\Downloads\adwcleaner_3.311.exe 2014-11-02 11:44 - 2014-11-02 11:44 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-11-02 11:43 - 2014-11-02 11:43 - 10284408 _____ (SurfRight B.V.) C:\Users\Erwin\Downloads\HitmanPro.exe 2014-11-02 09:51 - 2014-11-02 09:51 - 00000047 _____ () C:\Users\Erwin\AppData\Roaming\WB.CFG 2014-11-02 08:43 - 2014-11-06 10:19 - 00000000 ____D () C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840 2014-11-01 16:55 - 2014-11-01 16:55 - 06868618 _____ () C:\Users\Erwin\Downloads\Pokemon Emerald.zip 2014-11-01 16:54 - 2014-11-02 12:14 - 00000000 ____D () C:\Users\Erwin\AppData\Roaming\ISpeedPC 2014-11-01 16:49 - 2014-11-02 11:24 - 00000000 ____D () C:\Program Files\Framed Display 2014-11-01 16:49 - 2014-11-01 16:49 - 00650807 _____ () C:\Users\Erwin\Downloads\ba-028.zip 2014-11-01 16:41 - 2014-11-01 16:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-11-01 16:37 - 2014-11-01 16:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-01 16:36 - 2014-11-01 16:36 - 00000000 ____D () C:\Users\Erwin\AppData\Roaming\Sun 2014-10-24 17:42 - 2014-10-24 17:58 - 00000000 ____D () C:\Users\Erwin\Documents\Personal-Home-Work Expenses 2014-10-16 14:55 - 2014-10-16 19:32 - 02479939 _____ () C:\Users\Erwin\Documents\Los Estados Unidos por las estaciones.pptx 2014-10-16 06:35 - 2014-09-16 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-10 09:18 - 2008-09-02 05:05 - 01856048 _____ () C:\Windows\WindowsUpdate.log 2014-11-10 09:13 - 2014-06-17 13:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-10 09:10 - 2014-07-24 21:26 - 00001669 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk 2014-11-10 09:02 - 2012-10-29 09:51 - 00000000 ___RD () C:\Users\Erwin\Dropbox 2014-11-10 09:02 - 2012-10-29 09:45 - 00000000 ____D () C:\Users\Erwin\AppData\Roaming\Dropbox 2014-11-10 08:55 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-10 08:55 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-10 08:55 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-08 13:16 - 2006-11-02 07:58 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-08 12:33 - 2013-08-15 10:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-08 11:54 - 2009-06-12 09:28 - 00000000 ____D () C:\ProgramData\ATTToolbar 2014-11-08 11:52 - 2008-09-09 13:26 - 00002587 _____ () C:\Users\Erwin\Desktop\Microsoft Office Word 2007.lnk 2014-11-08 10:46 - 2012-07-18 08:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-07 10:27 - 2008-09-09 13:04 - 00005892 _____ () C:\Users\Erwin\AppData\Local\d3d9caps.dat 2014-11-04 19:15 - 2014-05-12 18:25 - 00000000 ____D () C:\Users\Erwin\Documents\spencer 2014-11-02 12:28 - 2006-11-02 05:33 - 00694964 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-02 12:09 - 2006-11-02 07:49 - 00122199 _____ () C:\Windows\setupact.log 2014-11-02 12:03 - 2014-06-17 12:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-11-02 12:03 - 2008-01-20 22:02 - 00250608 _____ () C:\Windows\PFRO.log 2014-11-02 10:41 - 2014-06-17 12:31 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-02 10:41 - 2014-06-17 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-02 08:54 - 2006-11-02 05:23 - 00000321 _____ () C:\Windows\win.ini 2014-11-01 16:40 - 2014-08-11 09:33 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-11-01 16:36 - 2008-09-02 10:13 - 00000000 ____D () C:\Program Files\Java 2014-10-30 21:37 - 2014-03-31 08:34 - 00000000 ____D () C:\Shadrach Grill 2014-10-30 10:12 - 2014-07-18 12:32 - 00000000 ____D () C:\HomeSchool 2014-10-26 08:21 - 2012-08-16 08:46 - 00000000 ____D () C:\Users\Erwin\Documents\Sunday School Stuff 2014-10-26 06:44 - 2012-09-29 18:56 - 00000000 ____D () C:\Sunday School Lessons 2014-10-24 18:04 - 2008-09-09 13:26 - 00002545 _____ () C:\Users\Erwin\Desktop\Microsoft Office Excel 2007.lnk 2014-10-24 17:37 - 2009-01-19 21:56 - 00000000 ____D () C:\Users\Erwin\Documents\Business Expenses 2014-10-21 19:37 - 2014-08-18 17:03 - 00000000 ____D () C:\Users\Erwin\AppData\Roaming\HpUpdate 2014-10-21 19:32 - 2009-07-05 10:37 - 00000000 ____D () C:\ProgramData\Yahoo! Companion 2014-10-20 13:06 - 2014-07-24 21:21 - 00000000 ____D () C:\Program Files\McAfee 2014-10-17 05:34 - 2014-04-29 20:27 - 00000000 ____D () C:\Users\Erwin\Documents\Peyton School Work 2014-10-16 06:49 - 2008-09-09 13:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 06:45 - 2013-08-04 16:07 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 06:40 - 2006-11-02 05:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-10-14 13:08 - 2011-06-22 10:06 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-10-14 13:07 - 2011-06-22 10:06 - 00000000 ____D () C:\Program Files\Common Files\Adobe Some content of TEMP: ==================== C:\Users\Erwin\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_qtz5k.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-10 09:04 ==================== End Of Log =========================== Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01 Ran by Erwin at 2014-11-10 09:22:16 Running from C:\Users\Erwin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2x1/4x1 USB Peripheral Switch (HKLM\...\{A3752427-9AAA-4B1C-B428-01723E0E9FFA}) (Version: - ) 7-Zip 9.20 (HKLM\...\7-Zip 9.20) (Version: - ) Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.05 - Adobe Systems) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AT&T Self Support Tool (HKLM\...\ATT-SST) (Version: - ) AT&T Toolbar (HKLM\...\ATTToolbar) (Version: - ) AT&T Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version: - ) ATT-PRT22 (HKLM\...\ATT-PRT22) (Version: - ) Blackboard Collaborate Launcher (HKLM\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell) Business Tools Launcher (HKLM\...\{75685CA8-0B74-45BB-9C64-744A0FB79EDC}) (Version: 1.00.0000 - Dell Inc.) Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - ) Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Driver Support (HKLM\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support) EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - ) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) HP Officejet Pro 8610 Basic Device Software (HKLM\...\{2B206BA2-CFBA-44A5-A740-01446AE70D61}) (Version: 32.0.90.45518 - Hewlett-Packard Co.) HP Officejet Pro 8610 Help (HKLM\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel) iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.290 - Oracle) K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC (HKLM\...\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.) LogoDesignStudio (HKLM\...\{2FCACAAD-A690-42E4-B2CF-1CD53EB6F322}) (Version: 4.0 - Summitsoft Corporation) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee LiveSafe – Internet Security (HKLM\...\MSC) (Version: 12.8.988 - McAfee, Inc.) McAfee SafeKey(uninstall only) (HKLM\...\SafeKey) (Version: 2.1.6 - McAfee, Inc.) McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Meeting 2007 (HKLM\...\{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}) (Version: 8.0.6362.91 - Microsoft Corporation) Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) Mozilla Firefox 33.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MP3 Rocket (HKLM\...\MP3 Rocket) (Version: 6.4.4 PRO - MP3 TechSupport Inc) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NETGEAR A6200 Genie (HKLM\...\{638CBDD4-5014-44D1-930A-1E5AC6083542}) (Version: 1.0.0.0 - NETGEAR) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden OutlookTools 2 (HKLM\...\{C0A88AB8-DB02-42C8-B55A-F29019AE829C}) (Version: 2.2.0 - HowTo-Outlook) Personal Entertainment Launcher (HKLM\...\{37F964E4-9C3F-4066-B933-1747D3AC6737}) (Version: 1.00.0000 - Dell Inc.) Pokémon Trading Card Game Online (HKLM\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.0 - Dell) Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{AF40E1CA-9459-4419-8075-C18710587F60}) (Version: 32.0.90.45518 - Hewlett-Packard Co.) Product Support Launcher (HKLM\...\{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}) (Version: 1.00.0000 - Dell Inc.) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) QuickVerse 2011 (HKLM\...\{E6F707C8-8ED7-4F0D-A1D2-55002ABA0CA1}) (Version: 15.0.1.1 - Findex) RapidPlayer v5.0 ActiveX Control (HKLM\...\{31C2F32D-C5DD-4583-8181-B48591CA231C}) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio) Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio) Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio) Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio) Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio) Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio) Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio) Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio) Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio) Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1200}) (Version: 12.18.0.82 - APN, LLC) <==== ATTENTION Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions) SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc) Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - ) Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version: - ) <==== ATTENTION Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - ) YNAB 4 version 4.3.196 (HKLM\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.196 - YouNeedABudget.com) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Facebook\axfbootloader.dll ( ) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3565100382-3298192494-2397121306-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Erwin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 29-10-2014 13:03:10 Windows Update 30-10-2014 07:00:22 Scheduled Checkpoint 30-10-2014 07:00:23 Windows Update 31-10-2014 11:55:58 Windows Update 01-11-2014 21:30:34 Windows Update 02-11-2014 16:28:49 Removed iSpeedPC 02-11-2014 16:31:33 Removed iSpeedPC 02-11-2014 17:12:44 Removed iSpeedPC 03-11-2014 15:38:56 Windows Update 04-11-2014 08:00:32 Windows Update 05-11-2014 14:16:11 Windows Update 06-11-2014 15:24:18 Windows Update 07-11-2014 14:11:34 Windows Update 08-11-2014 16:00:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2011-01-07 20:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {07FA5AE0-0A3C-4807-A288-56505EE835A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {4D3D4EC5-2003-48FD-8897-4A5C04EE3E51} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Erwin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {4ED15C00-E2F7-4C0C-B550-AF587B707973} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5B0C8248-1F4C-49C2-B7F9-49F20E328FC6} - System32\Tasks\ISpeedPC_Daily => C:\Program Files\iSpeedPC\ISpeedPC.exe Task: {899124DB-2CA7-4048-8C51-ADE50C2191A0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2013-09-11] (Hewlett-Packard Co.) Task: {A4DF95E1-39F1-4FBC-950F-EB0BB2EA0E54} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters) Task: {B40103DA-CB68-4550-9670-F812D510AAE8} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters) Task: {BC3DC10E-C6E9-47A1-9809-41759EB1DA39} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-03-13] (PC Drivers Headquarters) Task: {CFC46918-CC00-41BA-B727-1160A5712902} - \BrowserSafeguard Update Task No Task File <==== ATTENTION Task: {E9AC12A9-E38C-4E88-8A06-CA1710D8D956} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files\iSpeedPC\ISpeedPC.exe Task: {EB66A18E-D1A4-480A-92CF-51700BC3D54C} - \WSE_Astromenda No Task File <==== ATTENTION Task: {F30075AD-0454-4871-8F52-1C4F829A716D} - System32\Tasks\Smart PC Cleaner Schedule => C:\Program Files\Smart PC Cleaner\SPCLauncher.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-07 12:31 - 2012-11-19 09:04 - 00053536 _____ () C:\Program Files\NETGEAR\A6200\WifiService.exe 2008-09-02 12:59 - 2007-09-25 06:46 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll 2014-03-13 11:37 - 2014-03-13 11:37 - 00428416 _____ () C:\Program Files\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll 2008-09-09 13:14 - 2003-04-08 13:42 - 00135168 _____ () C:\Program Files\Belkin\F1U201.401\usbshare.exe 2014-11-10 09:01 - 2014-11-10 09:01 - 00043008 _____ () c:\users\erwin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_qtz5k.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Erwin\AppData\Roaming\Dropbox\bin\libcef.dll 2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll 2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2014-11-07 10:15 - 2014-11-07 10:15 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) HKU\S-1-5-21-3565100382-3298192494-2397121306-1000\Software\Classes\.exe: exefile => <===== ATTENTION! ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3565100382-3298192494-2397121306-500 - Administrator - Disabled) Erwin (S-1-5-21-3565100382-3298192494-2397121306-1000 - Administrator - Enabled) => C:\Users\Erwin Guest (S-1-5-21-3565100382-3298192494-2397121306-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/10/2014 08:56:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/08/2014 11:59:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application McSvHost.exe, version 3.8.703.0, time stamp 0x51f7de31, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x0003dd6d, process id 0x1c0c, application start time 0xMcSvHost.exe0. Error: (11/08/2014 10:48:28 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2014 10:28:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2014 09:53:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/07/2014 09:06:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/06/2014 06:34:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/06/2014 04:35:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/06/2014 11:32:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application printfilterpipelinesvc.exe, version 6.0.6002.18392, time stamp 0x4d38460b, faulting module hpbxpsrender.dll, version 0.3.7600.16385, time stamp 0x513f7794, exception code 0xc0000005, fault offset 0x00371c99, process id 0x1280, application start time 0xprintfilterpipelinesvc.exe0. Error: (11/06/2014 11:25:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/10/2014 09:03:10 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (11/10/2014 09:01:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: 0x80071aa7Security Update for Windows Vista (KB2998579){5E366828-B8BB-48A2-B907-8878CCC3EC69}201 Error: (11/10/2014 09:01:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: 0x80071aa7Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2972098){14FF2565-B1D0-4F61-9A2F-3D0558E29BC3}201 Error: (11/10/2014 09:01:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: 0x80071aa7Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2979568){88D74A6D-A6C0-402A-BE18-A74209348F4C}203 Error: (11/10/2014 09:01:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: 0x80071aa7Security Update for Windows Vista (KB3000061){9844698F-1B08-4787-8F4B-FF6F913717F7}202 Error: (11/10/2014 09:01:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: 0x80071aa7Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2987107){C2C6D591-A45A-42A9-A80F-967B09D745D0}201 Error: (11/10/2014 09:01:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: 0x80071aa7Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2968292){6A2B30DF-D228-486D-9A7C-9BB53AE1635C}201 Error: (11/10/2014 08:59:21 AM) (Source: Microsoft-Windows-Servicing) (EventID: 4375) (User: ) Description: Windows Servicing failed to complete the process of setting package Package_for_KB3000061_client~31bf3856ad364e35~x86~~6.0.1.2 () into Absent(Absent) state Error: (11/10/2014 08:59:21 AM) (Source: Microsoft-Windows-Servicing) (EventID: 4375) (User: ) Description: Windows Servicing failed to complete the process of setting package Package_for_KB3000061_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Absent(Absent) state Error: (11/10/2014 08:59:21 AM) (Source: Microsoft-Windows-Servicing) (EventID: 4375) (User: ) Description: Windows Servicing failed to complete the process of setting package Package_for_KB2998579_client~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state Microsoft Office Sessions: ========================= Error: (11/15/2013 08:43:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 131 seconds with 120 seconds of active time. This session ended with a crash. Error: (10/28/2013 00:46:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 26 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/28/2010 03:59:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-11-10 09:14:55.968 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-10 08:58:19.975 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-08 13:15:37.941 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-08 13:15:37.722 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-08 13:15:37.504 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-08 13:15:37.285 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-08 12:17:13.989 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-08 12:17:13.787 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-08 12:17:13.584 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-08 12:17:13.365 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHz Percentage of memory in use: 64% Total physical RAM: 3060.45 MB Available physical RAM: 1088.22 MB Total Pagefile: 3359.44 MB Available Pagefile: 1284.78 MB Total Virtual: 2047.88 MB Available Virtual: 1891.09 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:113.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.44 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 20000000) Partition 1: (Not Active) - (Size=47 MB) - (Type=DE) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  7. I like the Malicious Website Block feature. I just wish I could not be warned after the first per-session attempt from a site/port/direction. In other words, I'm requesting options dealing with how often I have to see the popup window.
  8. Hello everyone! Thanks for checking this out. My computer is having lots of problems and one of them is this popup spyware that shows up after a scan, even after it's been quarantined before. I added an attachment of the results. I can run some cleanup utilities, have the temporary files, browser cache and cookies wiped and it still comes back. Anyone seen this one before? Malware 7-31-14.txt
  9. Hi, I noticed that just about every time I start up or resume my computing sessions, desktop and laptop, the Malwarebytes system tray popup is there first thing, telling me something or other is out of date, with a big bright green button to click to rectify the situation. But I thought the software is supposed to just work on its own, in the background!! :-\ I have the lifetime version, so it's the new Premium Malwarebytes that I have, but it's the old lifetime license -- actually, I purchased a license each for my desktop and laptop -- so I don't think I should have to manually deal with this every day like I have the free version. Please advise!
  10. Getting constant databases out of date popup. Clicking on update databases does nothing. Help please. Serena
  11. I am getting a popup that says "Malwarebytes Anti-Malware Databases Out of Date Your database is out of date. It is important to keep protected by installing the latest updates. Update Now". My Malware is up to date. Clicking on "Update Now" does nothing. The popup will not go away. I have a Windows 7 operating system 64 bit. How do I get rid of these popups? I copied the screen to Word but this program will not allow me to attach the file.
  12. When I click to "Watch" an item on eBay, and at many other times, I get a Pop-Up to the Web Site Jsn.DoneCore.Net . Fortunately MalwareBytes blocks content, but seeing this Pop-Up hundreds of times a day is getting old - fast. I suppose I could turn on a Pop-Up Blocker for eBay, but as I use this site a lot, and Pop-Ups are needed there, that's not practical. I've run Full Scans across all my Drives; many items were discovered and removed, but the problem remains. I'd hate to have to do yet another full reinstall of my OS. Advice for things I have not tried ? Please ?
  13. Hi i'm getting this popup thats getting blocked by MBAM, it seems to be popping when i load new sites or refreshes. I'm getting this message from MBAM - "2013/11/10 23:00:52 +0100 MJ-PC MJ IP-BLOCK 128.204.198.72 (Type: outgoing, Port: 49407, Process: firefox.exe)". I already did all the steps to get here, i would really appreciate some help. Regards Mamakiks. Attach and dds uploaded. attach.txt dds.txt
  14. While I greatly appreciate reminers, is there any way to disable the pop-up screen that asks me to purchase or decline the Pro version of Malwarebytes? Your product is great, but I cannot afford to purchase it at this time, and I would like to not have to keep clicking "decline" every time I open the program. Ideally, the purpose is to use it at least once per week, but that pop-up screen is really getting to me. I would be extemely grateful if someone could advise me how to disable this or revert to an older version that did not utilize the nag screen perhaps. Thank you very much, and kudos on such a wonderful product being offered for free.
  15. Hello, I think my desktop has been infrected with the annoying recommendations pop-up malware. I have attached the requested files. thanks, Steve Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.