Jump to content

Search the Community

Showing results for tags 'ninthclub'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. I'm just copying and pasting what i posted in another thread. Was asked to make my own topic. It was about ninthclub.com and camelcap.com being blocked with malwarebytes every time I try to browse on firefox or chrome, but when I scan my computer with malwarebytes, it doesn't find and remove the issue. I'm having the same issue on firefox and chrome. My IE wont even open. Malwarebytes blocks something from ninthclub.com and sometimes something from camelcap.com. There has been a couple others but i dont remember them and these are the main 2. Also, video stopped working on firefox everywhere except youtube and chrome stopped loading pages all together. It's like its not even trying to load them. I don't even get to an error message or anything and this also includes the settings page. So I gathered the information that you asked the other guy for and here it is: (In the FRST log I highlighted, underlined and enlarged a line of text for a file that kept popping up with "ydsGNMAAUWqgBBt.exe has stopped working". It stopped happening when I bought malewarebytes but its obviously still affecting something. Every time I track down a version of that file and delete it, it comes back.) Malewarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/30/2015 Scan Time: 6:41 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.30.07 Rootkit Database: v2015.10.28.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Macedizzle Scan Type: Threat Scan Result: Completed Objects Scanned: 367331 Time Elapsed: 53 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) _______________________________________________________ FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015 Ran by Macedizzle (administrator) on MACEDIZZLE (30-10-2015 19:40:23) Running from C:\Users\Macedizzle\Downloads Loaded Profiles: Macedizzle (Available Profiles: Macedizzle & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe () C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-27] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\Run: [3690935216] => regsvr32.exe "C:\ProgramData\Vohve\DehbOmvob.dll" HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 Tcpip\..\Interfaces\{FE07A412-2512-4951-83FE-14D65E5606C6}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Internet Explorer: ================== URLSearchHook: HKU\S-1-5-21-579903058-137395532-2418355931-1000 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM-x32 -> DefaultScope {C25F7D09-7224-4827-97F2-7D895BB05BEB} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-20] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-20] (Oracle Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Macedizzle\AppData\Roaming\Mozilla\Firefox\Profiles\6bggr8l0.default-1446244318840 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-30] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-30] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-20] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-30] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found Chrome: ======= CHR HomePage: Default -> about:home CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN33899355722046212&ctid=CT3279141&SearchSource=48","hxxp://search.conduit.com/?CUI=UN29598048081466128&ctid=CT3279141&SearchSource=48","hxxp://mysearch.avg.com?cid={A7F3CA6C-8462-4C19-8274-5417C2924751}&mid=3834c98ab71c47d38112d16c22623f64-4f9ac4e76022c0346a5580789a9d832360431931〈=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-26 23:14:39&v=17.0.0.12&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3279412&SearchSource=48&CUI=UN39575475273011824&UM=2&sspv=TB_CNI1","hxxp://start.mysearchdial.com/?f=1&a=suma0103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0E0AzzyC0C0BtCtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=145805346&ir=","hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit","hxxp://mysearch.avg.com/?cid={A7F3CA6C-8462-4C19-8274-5417C2924751}&mid=3834c98ab71c47d38112d16c22623f64-4f9ac4e76022c0346a5580789a9d832360431931〈=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-26%2023:14:39&v=17.0.0.12&pid=safeguard&sg=0&sap=hp" CHR Profile: C:\Users\Macedizzle\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.) S3 avchv; system32\DRIVERS\avchv.sys [X] S1 qknfd; system32\drivers\qknfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-30 19:40 - 2015-10-30 19:40 - 00012421 _____ C:\Users\Macedizzle\Downloads\FRST.txt 2015-10-30 19:39 - 2015-10-30 19:40 - 00000000 ____D C:\FRST 2015-10-30 19:39 - 2015-10-30 19:39 - 02198016 _____ (Farbar) C:\Users\Macedizzle\Downloads\FRST64.exe 2015-10-30 18:32 - 2015-10-30 18:32 - 00000000 ____D C:\Users\Macedizzle\Desktop\Old Firefox Data 2015-10-30 17:52 - 2015-10-30 17:52 - 28849904 _____ C:\Users\Macedizzle\Downloads\vlc-2.2.1-win32.exe 2015-10-30 17:49 - 2015-10-30 17:49 - 13155552 _____ (Microsoft Corporation) C:\Users\Macedizzle\Downloads\Silverlight_x64.exe 2015-10-30 17:45 - 2015-10-30 17:45 - 00584288 _____ (Oracle Corporation) C:\Users\Macedizzle\Downloads\jre-8u65-windows-i586-iftw.exe 2015-10-30 17:45 - 2015-10-30 17:45 - 00003194 _____ C:\Windows\System32\Tasks\{D3BF4046-4EC0-4270-AD30-2E35DAE068CB} 2015-10-30 16:40 - 2015-10-30 16:45 - 01068672 _____ C:\Users\Macedizzle\AppData\Local\ec4950f3c9f7662c86fe489dcc1d2a17 2015-10-30 16:39 - 2015-10-30 18:10 - 00570915 _____ C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe 2015-10-30 13:00 - 2015-10-30 13:00 - 00000000 _____ C:\autoexec.bat 2015-10-30 12:56 - 2015-10-30 12:56 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Macedizzle\Downloads\SpyHunter-Installer.exe 2015-10-30 10:31 - 2015-10-30 19:36 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-30 10:31 - 2015-10-30 18:17 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-30 10:31 - 2015-10-30 10:31 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-10-30 10:31 - 2015-10-30 10:31 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-10-30 10:31 - 2015-10-30 10:31 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-30 10:31 - 2015-10-30 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-10-30 10:30 - 2015-10-30 10:30 - 00929872 _____ (Google Inc.) C:\Users\Macedizzle\Downloads\ChromeSetup(1).exe 2015-10-30 09:52 - 2015-10-30 18:16 - 00000280 _____ C:\Windows\setupact.log 2015-10-30 09:52 - 2015-10-30 15:53 - 00003532 _____ C:\Windows\PFRO.log 2015-10-30 09:52 - 2015-10-30 09:52 - 00000000 _____ C:\Windows\setuperr.log 2015-10-30 09:40 - 2015-10-30 09:40 - 00001081 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\VS Revo Group 2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\ProgramData\VS Revo Group 2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\Program Files\VS Revo Group 2015-10-30 09:40 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2015-10-30 09:39 - 2015-10-30 09:39 - 11069616 _____ (VS Revo Group ) C:\Users\Macedizzle\Downloads\RevoUninProSetup.exe 2015-10-29 13:44 - 2015-10-29 13:44 - 00004096 _____ C:\ProgramData\VVQZZGrPEC94.dll 2015-10-29 13:43 - 2015-10-29 13:43 - 00450560 _____ (Microsoft Corporation) C:\Users\Macedizzle\AppData\Roaming\wpstmd.exe 2015-10-28 10:43 - 2015-10-28 10:43 - 01781760 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\lcpafit.exe 2015-10-28 10:42 - 2015-10-28 10:42 - 01794048 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\kzotuj.exe 2015-10-28 10:42 - 2015-10-28 10:42 - 01765376 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\bwdqpmd.exe 2015-10-28 08:05 - 2015-10-28 08:05 - 00929872 _____ (Google Inc.) C:\Users\Macedizzle\Downloads\ChromeSetup.exe 2015-10-28 06:15 - 2015-10-28 06:16 - 343784991 ____R C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E04.HDTV.x264-KILLERS[eztv].mp4 2015-10-28 05:36 - 2015-10-30 18:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-28 05:35 - 2015-10-28 05:35 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-28 05:35 - 2015-10-28 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-28 05:35 - 2015-10-28 05:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-28 05:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-28 05:35 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-28 05:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-28 05:34 - 2015-10-28 05:35 - 22908888 _____ (Malwarebytes ) C:\Users\Macedizzle\Downloads\mbam-setup-2.2.0.1024.exe 2015-10-28 05:22 - 2015-10-28 05:22 - 00003512 _____ C:\Windows\System32\Tasks\ydsGNMAAUWqgBBt 2015-10-26 10:22 - 2015-10-26 10:22 - 00004096 _____ C:\ProgramData\wk4BzK3g0CCA.dll 2015-10-26 02:53 - 2015-10-26 02:54 - 00000000 ____D C:\ProgramData\Vohve 2015-10-26 02:52 - 2015-10-28 06:07 - 00000000 ___HD C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2015-10-26 02:50 - 2015-10-26 02:56 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Walking.Dead.S06E03.HDTV.x264-KILLERS[ettv] 2015-10-22 07:27 - 2015-10-22 07:27 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E03.HDTV.x264-LOL[ettv] 2015-10-21 07:53 - 2015-10-21 07:53 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E03.HDTV.x264-LOL[ettv] 2015-10-14 21:23 - 2015-10-14 21:23 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E02.HDTV.x264-LOL[ettv] 2015-10-14 07:54 - 2015-10-14 07:54 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E02.HDTV.x264-LOL[ettv] 2015-10-07 21:05 - 2015-10-07 21:05 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E01.HDTV.x264-LOL[ettv] 2015-10-06 21:13 - 2015-10-06 21:45 - 269859594 _____ C:\Users\Macedizzle\Downloads\The Flash 2014 S02E01 HDTV x264-LOL.mp4 2015-10-05 08:20 - 2015-10-05 08:22 - 00000000 ____D C:\Users\Macedizzle\Downloads\Fear.The.Walking.Dead.S01E06.HDTV.x264-KILLERS[ettv] 2015-10-04 20:16 - 2015-10-04 20:17 - 00000000 ____D C:\Users\Macedizzle\Downloads\Heroes Reborn S01E03 HDTV XviD-FUM[ettv] ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-30 19:34 - 2013-07-15 03:56 - 01712303 _____ C:\Windows\WindowsUpdate.log 2015-10-30 18:44 - 2013-11-15 08:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-30 18:25 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-30 18:25 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-30 18:16 - 2013-07-17 02:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-10-30 18:16 - 2013-07-17 02:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-10-30 18:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-30 18:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-10-30 17:52 - 2013-07-15 14:47 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\vlc 2015-10-30 17:50 - 2013-07-17 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-10-30 16:36 - 2015-05-21 22:21 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\CrashDumps 2015-10-30 16:25 - 2009-07-14 01:08 - 00026436 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-10-30 12:07 - 2013-07-15 02:17 - 00000000 ____D C:\Users\Macedizzle 2015-10-30 12:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss 2015-10-30 10:32 - 2013-07-15 02:25 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Google 2015-10-30 10:31 - 2013-07-15 02:25 - 00000000 ____D C:\Program Files (x86)\Google 2015-10-30 10:21 - 2013-07-15 14:08 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\uTorrent 2015-10-30 10:20 - 2015-08-03 09:43 - 00000000 ____D C:\Program Files (x86)\Steam 2015-10-30 10:14 - 2015-07-22 10:46 - 00000000 ____D C:\Program Files\Highresolution Enterprises 2015-10-30 10:04 - 2013-11-15 08:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-30 10:04 - 2013-11-15 08:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-30 10:04 - 2013-11-15 08:24 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Adobe 2015-10-30 10:04 - 2011-11-04 01:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-28 09:10 - 2015-08-13 03:11 - 00000000 ____D C:\Program Files\CCleaner 2015-10-28 06:07 - 2014-01-30 00:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-28 06:07 - 2013-11-15 08:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-28 06:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports 2015-10-28 06:03 - 2013-11-30 17:45 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\NativeMessaging 2015-10-26 07:22 - 2013-08-01 15:35 - 00000000 ___HD C:\Users\Macedizzle\Downloads\~Hidden 2015-10-26 07:18 - 2015-06-23 12:48 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\TS3Client 2015-10-25 14:24 - 2013-11-29 23:17 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Battle.net 2015-10-25 13:19 - 2013-11-29 23:32 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-10-25 12:58 - 2013-11-29 23:17 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-10-15 07:44 - 2009-07-14 01:13 - 00833076 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-15 07:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2015-10-28 10:42 - 2015-10-28 10:42 - 1765376 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\bwdqpmd.exe 2015-10-28 10:42 - 2015-10-28 10:42 - 1794048 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\kzotuj.exe 2015-10-28 10:43 - 2015-10-28 10:43 - 1781760 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\lcpafit.exe 2014-02-19 03:07 - 2014-02-19 03:07 - 0000047 _____ () C:\Users\Macedizzle\AppData\Roaming\WB.CFG 2015-10-29 13:43 - 2015-10-29 13:43 - 0450560 _____ (Microsoft Corporation) C:\Users\Macedizzle\AppData\Roaming\wpstmd.exe 2015-10-30 16:40 - 2015-10-30 16:45 - 1068672 _____ () C:\Users\Macedizzle\AppData\Local\ec4950f3c9f7662c86fe489dcc1d2a17 2015-05-02 17:55 - 2015-05-02 17:55 - 0000036 _____ () C:\Users\Macedizzle\AppData\Local\housecall.guid.cache 2014-02-10 16:02 - 2014-02-10 16:02 - 0007606 _____ () C:\Users\Macedizzle\AppData\Local\Resmon.ResmonCfg 2015-10-30 16:39 - 2015-10-30 18:10 - 0570915 _____ () C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe 2013-07-15 04:22 - 2013-07-15 04:29 - 0015221 _____ () C:\ProgramData\ArcadeDeluxe5.log 2015-08-26 14:56 - 2015-08-26 14:58 - 0000032 _____ () C:\ProgramData\PS.log 2015-10-29 13:44 - 2015-10-29 13:44 - 0004096 _____ () C:\ProgramData\VVQZZGrPEC94.dll 2015-10-26 10:22 - 2015-10-26 10:22 - 0004096 _____ () C:\ProgramData\wk4BzK3g0CCA.dll Files to move or delete: ==================== C:\ProgramData\VVQZZGrPEC94.dll C:\ProgramData\wk4BzK3g0CCA.dll Some files in TEMP: ==================== C:\Users\Macedizzle\AppData\Local\Temp\vlc-2.2.1-win32.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-30 11:29 ==================== End of FRST.txt ============================ ___________________________________________________________________________ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-10-2015 Ran by Macedizzle (2015-10-30 19:41:49) Running from C:\Users\Macedizzle\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2013-07-15 06:17:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-579903058-137395532-2418355931-500 - Administrator - Disabled) Guest (S-1-5-21-579903058-137395532-2418355931-501 - Limited - Disabled) Macedizzle (S-1-5-21-579903058-137395532-2418355931-1000 - Administrator - Enabled) => C:\Users\Macedizzle ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.) FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FTL - Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.1.0.11 - GOG.com) FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden Visual Boy Advance Packages (HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\Visual Boy Advance Packages) (Version: - ) <==== ATTENTION VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 28-10-2015 05:30:28 AA11 30-10-2015 09:42:23 Revo Uninstaller Pro's restore point - Adobe Flash Player 19 NPAPI 30-10-2015 09:45:59 Revo Uninstaller Pro's restore point - Acrylic Wi-Fi Free v2.3 30-10-2015 09:48:35 Revo Uninstaller Pro's restore point - Google Chrome 30-10-2015 10:13:58 Revo Uninstaller Pro's restore point - X-Mouse Button Control 2.10.2 30-10-2015 18:12:08 Windows Modules Installer ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1E3E602C-A623-42F4-81B8-1564B1988E4A} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {46032276-9B26-4ABD-B05D-FE5583D76AF3} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe Task: {46C37929-0ACC-4B53-B25B-5FCA5EF5B2B2} - System32\Tasks\ydsGNMAAUWqgBBt => C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe [2015-10-30] () Task: {47547F90-BA48-4A60-993E-B78FC98D59D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.) Task: {890096E1-FC22-4A68-B5EE-6EAA767D1D7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-30] (Adobe Systems Incorporated) Task: {C64F497E-BC0F-4B8D-ACCB-A3F60A2B02A5} - System32\Tasks\{A02E7E3D-E73B-4BA8-935B-10B325559EBF} => pcalua.exe -a C:\Users\Macedizzle\Downloads\pecsetup.exe -d C:\Users\Macedizzle\Downloads Task: {C72F5CD0-DF14-4E80-9415-9A3CC83A3F79} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {C87DE2F2-701B-47CA-8468-E9773B647207} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd) Task: {CE164FF5-71D4-4146-AA1D-C026D30C8951} - System32\Tasks\{D3BF4046-4EC0-4270-AD30-2E35DAE068CB} => pcalua.exe -a C:\Users\Macedizzle\Downloads\jre-8u65-windows-i586-iftw.exe -d C:\Users\Macedizzle\Downloads Task: {CFFB314E-8A98-4E03-A973-4A12B4CB7143} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:48081133 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-579903058-137395532-2418355931-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Macedizzle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 71.10.216.1 - 71.10.216.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: 0184491392062471mcinstcleanup => 2 MSCONFIG\Services: 70e6ca8c => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: DsiWMIService => 2 MSCONFIG\Services: EgisTec Ticket Service => 3 MSCONFIG\Services: ePowerSvc => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: GamesAppIntegrationService => 3 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: GREGService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HTCMonitorService => 2 MSCONFIG\Services: LavasoftAdAwareService11 => 2 MSCONFIG\Services: Live Updater Service => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: NTI IScheduleSvc => 2 MSCONFIG\Services: PassThru Service => 2 MSCONFIG\Services: SbieSvc => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Update FindRight => 2 MSCONFIG\Services: Util FindRight => 2 MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Chrome => C:\PROGRA~3\taskhost.exe MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: RSA3122687153 => C:\Windows\system32\rundll32.exe "C:\Users\Macedizzle\AppData\Roaming\Microsoft\Crypto\RSA\RSA3122687153.dll",DllInitialize MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{77A7AFCC-285F-4841-922D-B331F77B3E12}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E8D2277F-8CC4-49EC-B03D-0BF488B8C886}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1D833432-CB72-4F8F-87E3-6BFCA9CDD8A6}] => (Allow) LPort=2869 FirewallRules: [{07470B16-D9EC-428B-9862-19EBA9785956}] => (Allow) LPort=1900 FirewallRules: [{807E4311-70F0-4F3C-93DA-0B3B445AF9DE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{83755AC7-12BF-4B96-9A08-2BE3559E36C4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{907EFCD7-4FAF-4EE3-9D59-1E381CCC8ABE}] => (Allow) C:\Users\Macedizzle\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6D21687B-6CED-4971-9FAC-5C0230F93FA0}] => (Allow) C:\Users\Macedizzle\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6DD02DE4-D1C6-4A8B-89DD-9B7B2044B25A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{22595AD7-CFDC-4321-8FEA-F159A88A0760}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{9AE41DF3-45C9-46B9-98F5-A33799712766}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{6C9CCB56-7F13-4CEB-ACE1-3DF73433F2A2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{FA39B24B-CCA8-4838-BE65-7640ADA7E817}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe FirewallRules: [{F0386638-F287-4428-BEF4-D06FD51730DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe FirewallRules: [{F02C0E6A-912A-480B-B8A9-A6AF60FA268B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe FirewallRules: [{F341DEEF-E55C-4CDF-9ABF-5C3E0E6EE3EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe FirewallRules: [TCP Query User{CF05B211-94C5-4EC2-AB8C-F105FA427A69}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [uDP Query User{D66A0195-AE25-496A-9438-BA28A28C95D2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{5594012D-A185-422C-9BB9-C7C176EB0F14}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [uDP Query User{71F82D1B-6C9E-4B9E-9797-C774B0D01B90}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{DE4A492B-EEC1-4BC8-BD5A-DB47E1661CDC}] => (Block) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{EC6C2429-E83F-4E5A-B1A2-B8B45A9D6C9D}] => (Block) C:\program files (x86)\mirc\mirc.exe FirewallRules: [{B8DF9CC2-9DDA-4B36-B5AE-6B9AB186641D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5F6EAB6A-FD0A-4C24-BF2A-2965BF94ACBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{6474AF94-D384-4C90-9196-16FC7E89B164}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{261863D2-2FF5-4007-AEE6-03AF6745515E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{BC027C95-0F26-402D-BBBA-44099290F89B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3786E820-8DE4-4E7A-AEAE-C7DB32B8E1C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7FE48A35-881B-4251-9FBD-72E81A68BC05}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4F8EBE22-2F25-4AE2-8100-FB5482BF8200}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{29BE87DA-494D-4B62-96AB-15D3A78EDD9F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [uDP Query User{3C1345B3-D857-4DEE-B48A-5C9315DA83B6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{F2317EF6-8A0B-4538-A84C-A1726E0E07C8}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{F47988AC-3091-49D6-83A0-2CF6B32F7156}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{0C819B4F-CDDF-4A2E-91C8-4264FB72AD71}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe FirewallRules: [{B5F372F3-46EE-4733-88BC-814CCE286E89}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe FirewallRules: [TCP Query User{A389A0F7-9882-456E-A8AC-E70A919EDE03}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [uDP Query User{8A1606BE-D026-4DF0-A868-C53E489EADFF}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [{E3B236AE-FDC3-4A85-BC62-A6E070B02ECC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: qknfd Description: qknfd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: qknfd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/30/2015 06:18:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f) Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/30/2015 06:17:33 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f)) System errors: ============= Error: (10/30/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/30/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (10/30/2015 06:17:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: qknfd Error: (10/30/2015 04:27:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: AMD E-350 Processor Percentage of memory in use: 44% Total physical RAM: 2793.9 MB Available physical RAM: 1543.56 MB Total Virtual: 5586.01 MB Available Virtual: 3758.41 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:71.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1F6C7E49) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Any help would be awesome. Thanks for any effort put to this very annoying problem. TDSSKiller.3.1.0.5_30.10.2015_20.09.53_log.txt
  2. Hello, Good day. My Avast installation is detecting (and blocking, thankfully) a malware infection from "ninthclub (dot) com" everytime I start internet explorer or chrome, which are the only two browsers I use. When I run Malwarebytes it does not detect it. Any ideas on how to remove would be appreciated, please. Hopefully you will update the malwarebytes database soon to take care of this specific malware infection. Here are the details from Avast, fwiw: Object: hxxp://ninthclub(dot)com/work/new/index(dot)php Infection: URL:Mal Process: c:\Program files...\iexplore.exe ( <--- or chrome.exe depending on the browser launched) Running Windows 7, 64-bit IE version 11 Chrome Version 46.0.2490.80 m Thanks. Alonso B.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.