Jump to content

Search the Community

Showing results for tags 'roguekiller'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 17 results

  1. i followed the instructions here. https://forums.malwarebytes.com/topic/236105-kmspico-malware-infected-my-computer/ can i get a fixlist.txt thanks. FRST.txt Addition.txt malwarebytes.txt
  2. So a friend was completely scammed by a fakeav virus. it popped up, wouldn't let them do anything, they called the number, let the people access their PC and install some kind of software to "remove" the virus. they were able to use their PC afterward but i came over today to run malwarebytes and rogue killer to see if they found anything. Malwarebytes said it found no threats, but rogue killer found 5 potentials. But I need some help looking at the rogue killer log to see if theres any real threats on there, thanks.
  3. Hello! I scanned with Roguekiller just out of paranoia and it found eight PUM detections in my registry. Malwarebytes has found nothing, so I figure it might just be Roguekiller being overly-protective. Nonetheless, I attached logs from Roguekiller and FRST. If nothing is detected(F/Ps), please tell me. I've never used P2P software, and have never pirated anything. Cheers! roguekillerReport.txt FRST.txt Addition.txt
  4. I just signed up and this is my 1st post. If I posted my question in wrong area, I apologize in advance. Hi, After few online searches I found a this site. After reading some post on bleepingcomputer and some on this site, I started the following process to delete all unwanted items on my computer 1st Step: Download & Run "Security Check" and copy Report 2nd Step: Download & Run "AdwCleaner" and copy Report 3rd Step: Download & Run "Roguekiller for 64bit" and copy Report 4th Step: (Pending) Download & Run "Malwarebytes" Since the post I read was based on Report specific to that computer, I couldn't follow further. I need help with what to do based on these Reports. Here are my Reports on first 3 steps: Security Check ------------------------------------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.96 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java 7 Update 45 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.235 Mozilla Firefox (35.0.1) Mozilla Thunderbird (31.3.0) Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.94) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast ng ngservice.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` AdwCleaner ------------------------------------------------------------------------------------------------------- # AdwCleaner v4.110 - Logfile created 09/02/2015 at 19:21:14# Updated 05/02/2015 by Xplode# Database : 2015-02-09.1 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Amin - MYGATEWAY# Running from : C:\Users\Amin\Downloads\adwcleaner_4.110.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Amin\AppData\Local\PackageAwareFolder Deleted : C:\Users\Amin\AppData\LocalLow\ConduitFile Deleted : C:\END ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigckKey Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlprKey Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v35.0.1 (x86 en-US) -\\ Google Chrome v40.0.2214.111 ************************* AdwCleaner[R0].txt - [1719 bytes] - [09/02/2015 18:49:19]AdwCleaner[s0].txt - [1668 bytes] - [09/02/2015 19:21:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1727 bytes] ########## Roguekiller for 64bit ------------------------------------------------------------------------------------------------------- RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Amin [Administrator]Mode : Delete -- Date : 02/09/2015 21:13:16 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 12 ¤¤¤[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl -> Not selected [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl -> Not selected [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl -> Not selected [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07377933-027F-4841-BE8E-1920BF653684} | DhcpNameServer : 10.1.10.1 [(Private Address) (XX)] -> Not selected[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{07377933-027F-4841-BE8E-1920BF653684} | DhcpNameServer : 10.1.10.1 [(Private Address) (XX)] -> Not selected[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{07377933-027F-4841-BE8E-1920BF653684} | DhcpNameServer : 10.1.10.1 [(Private Address) (XX)] -> Not selected[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0) ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 31 (Driver: Loaded) ¤¤¤[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CloseHandle : Unknown @ 0x715d003c (push dword 0x715c0022|ret |jmp dword near [0x715c001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - ReadFile : Unknown @ 0x7149003c (push dword 0x71480022|ret |jmp dword near [0x7148001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x7145003c (push dword 0x71440022|ret |jmp dword near [0x7144001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - WriteFile : Unknown @ 0x7155003c (push dword 0x71540022|ret |jmp dword near [0x7154001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a4003c (push dword 0x71a30022|ret |jmp dword near [0x71a3001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x71a0003c (jmp 0xfffffffff9f403d2|jmp dword near [0x719f001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - ShowWindow : Unknown @ 0x716e003c (push dword 0x716d0022|ret |jmp dword near [0x716d001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - TranslateMessage : Unknown @ 0x716a003c (push dword 0x71690022|ret |jmp dword near [0x7169001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - CreateWindowExA : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x693d91a0 (jmp dword near [0x7191001e]|jmp 0x10|jmp 0xfffffffff7ab9160)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowLongW : Unknown @ 0x7172003c (push dword 0x71710022|ret |jmp dword near [0x7171001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x693d8e80 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0xfffffffff7a78e40)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetParent : Unknown @ 0x7176003c (push dword 0x71750022|ret |jmp dword near [0x7175001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) GDI32.dll - BitBlt : Unknown @ 0x718a003c (push dword 0x71890022|ret |jmp dword near [0x7189001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetClipboardData : Unknown @ 0x7180003c (push dword 0x717f0022|ret |jmp dword near [0x717f001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - BeginPaint : Unknown @ 0x7186003c (push dword 0x71850022|ret |jmp dword near [0x7185001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateIoCompletionPort : Unknown @ 0x714d003c (push dword 0x714c0022|ret |jmp dword near [0x714c001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - GetQueuedCompletionStatus : Unknown @ 0x7161003c (push dword 0x71600022|ret |jmp dword near [0x7160001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) CRYPT32.dll - CertVerifyCertificateChainPolicy : Unknown @ 0x718e003c (push dword 0x718d0022|ret |jmp dword near [0x718d001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CancelIo : Unknown @ 0x7159003c (push dword 0x71580022|ret |jmp dword near [0x7158001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x7166003c (jmp 0xfffffffffa59bd8c|jmp dword near [0x7165001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - BeginPaint : Unknown @ 0x7186003c (push dword 0x71850022|ret |jmp dword near [0x7185001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetParent : Unknown @ 0x7176003c (push dword 0x71750022|ret |jmp dword near [0x7175001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - ShowWindow : Unknown @ 0x716e003c (push dword 0x716d0022|ret |jmp dword near [0x716d001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - GetClipboardData : Unknown @ 0x7180003c (push dword 0x717f0022|ret |jmp dword near [0x717f001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetWindowLongW : Unknown @ 0x7172003c (push dword 0x71710022|ret |jmp dword near [0x7171001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - TranslateMessage : Unknown @ 0x716a003c (push dword 0x71690022|ret |jmp dword near [0x7169001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x693d8e80 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0xfffffffff7a78e40)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x7141003c (push dword 0x71400022|ret |jmp dword near [0x7140001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0x7151003c (push dword 0x71500022|ret |jmp dword near [0x7150001e]|jmp 0x10) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++--- User ---[MBR] 1cbc9c9454a23d288cc3ab6e52d772b0[bSP] 478016f1513bebf6195bcd22db75a460 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 37750784 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 37955584 | Size: 458406 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_02092015_194857.log I would appreciate any help I can get.
  5. Hello everyone. I was doing my malware scans on my PC: - With MBAM - Nothing infected - With Avast! - Nothing infected Before using the ESET Online Scanner, I remember about a program called Rogue Killer (it's always mentioned here in the forums). So I downloaded and gave it a try. I got the logs here, but strangely, it also highlited (in yellow) a certain registry (it was something called RunOnce). So I went to adlice to see the tutorial if I can find about it, and Adlice said that Rogue Killer can stop malicious .bat (like RunOnce) I got scared because of that, but I know it can be a false positive. To be sure, I will post the Rogue Killer logs and the FRST logs. And I will do the ESET Online Scanner. PS: Strangely, after downloading the FRST (to get the newest version) Avast and Windows blocked the program (something that never happenned to me). Well guys, thank you a lot for helping me. Rogue Killer logs RogueKiller V10.1.2.0 (x64) [Jan 7 2015] por Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comSite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Sistema Operacional : Windows 8.1 (6.3.9200 ) 64 bits versionIniciou : Modo normalUsuário : SERN [Administrador]Modo : Escanear -- Data : 01/17/2015 03:12:20 ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 9 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | LaunchWebURL : C:\ProgramData\LaunchURL.bat -> Encontrado[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1 -> Encontrado[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1 -> Encontrado[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA244F03-A93F-406B-B71C-1A8DF76B00C7} | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1 -> Encontrado[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AA244F03-A93F-406B-B71C-1A8DF76B00C7} | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1 -> Encontrado[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 0 ¤¤¤ ¤¤¤ Verificação da MBR : ¤¤¤+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 ATA Device +++++--- User ---[MBR] 26bef715d3d1d47510abde64a7f48fc6[bSP] 00b1a9551d633cc633207c8abbbc5b28 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MBUser = LL1 ... OKUser = LL2 ... OK ============================================ RKreport_SCN_11032014_154710.log - RKreport_SCN_11032014_173049.log FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01Ran by SERN-ADM (ATTENTION: The logged in user is not administrator) on IBM-5100 on 17-01-2015 03:29:39Running from C:\Users\SERN-ADM\DownloadsLoaded Profiles: SERN-ADM (Available profiles: SERN & SERN-ADM)Platform: Windows 8.1 Pro (X64) OS Language: Português (Brasil)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\SERN-ADM\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)HKLM\...\RunOnce: [LaunchWebURL] => C:\ProgramData\LaunchURL.bat [141 2014-12-13] ()HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6cb874d6-85a5-43b2-9e77-e0ebec44d9f8.exe [183232 2015-01-12] (AVAST Software)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-465716547-1104618823-2389287588-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabTcpip\Parameters: [DhcpNameServer] 201.6.2.137 201.6.2.67 192.168.0.1 FireFox:========FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-10] Chrome: =======CHR Profile: C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Apresentações) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]CHR Extension: (Google Docs) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]CHR Extension: (Google Drive) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]CHR Extension: (WOT) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-24]CHR Extension: (YouTube) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]CHR Extension: (Pesquisa do Google) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]CHR Extension: (Planilhas do Google) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]CHR Extension: (AdBlock) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-24]CHR Extension: (Google Wallet) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]CHR Extension: (Gmail) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-10]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-10] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-28] (AVAST Software)S2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)S2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-15] ()R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-15] ()S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-10] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-28] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-10] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-28] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-10] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-10] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-10] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-10] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-10] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-10] ()R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-17] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-17 03:28 - 2015-01-17 03:28 - 02125824 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64 (1).exe2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN-ADM\Downloads\RKreport_SCN_01172015_031215.log2015-01-17 03:06 - 2015-01-17 03:07 - 18467928 _____ () C:\Users\SERN-ADM\Downloads\RogueKillerX64.exe2015-01-14 15:48 - 2014-12-19 04:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 15:48 - 2014-12-12 00:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 15:48 - 2014-12-11 22:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 15:48 - 2014-12-08 23:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-08 17:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-06 01:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 15:48 - 2014-12-05 23:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 15:48 - 2014-12-05 23:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 15:48 - 2014-10-29 02:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 15:48 - 2014-10-29 02:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 00:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 15:48 - 2014-10-28 23:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 15:48 - 2014-10-28 23:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-13 03:58 - 2015-01-17 03:27 - 00000000 ____D () C:\Users\SERN-ADM\Downloads\FRST-OlderVersion2015-01-12 00:46 - 2015-01-17 01:10 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-12 00:46 - 2015-01-12 00:46 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-12 00:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-01-12 00:46 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-01-12 00:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-01-12 00:43 - 2015-01-12 00:43 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028 (2).exe2015-01-12 00:42 - 2015-01-12 00:42 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (3).exe2015-01-10 14:00 - 2015-01-10 14:01 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe2015-01-10 12:17 - 2015-01-10 12:17 - 00000000 ____D () C:\gravity2015-01-04 12:23 - 2015-01-04 12:23 - 00001549 _____ () C:\Users\SERN-ADM\Downloads\transcript (1).txt2015-01-03 17:54 - 2015-01-03 17:54 - 00001021 _____ () C:\Users\SERN-ADM\Downloads\transcript.txt2014-12-29 12:40 - 2014-12-29 12:40 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\RenPy2014-12-28 15:45 - 2014-12-28 15:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028 (1).exe2014-12-28 15:44 - 2014-12-28 15:44 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (2).exe2014-12-28 15:24 - 2014-12-28 15:24 - 00001986 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk2014-12-28 15:23 - 2014-12-28 15:23 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys2014-12-28 15:23 - 2014-12-28 15:23 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys2014-12-28 15:23 - 2014-12-10 23:22 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2014-12-23 18:57 - 2014-12-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-12-23 18:57 - 2014-12-23 18:57 - 00000000 ____D () C:\Program Files (x86)\Origin Games2014-12-19 14:11 - 2014-12-19 14:11 - 00000000 ____D () C:\Program Files (x86)\ESET2014-12-18 02:30 - 2015-01-14 15:03 - 00024018 _____ () C:\Users\SERN-ADM\Downloads\Addition.txt2014-12-18 02:29 - 2015-01-17 03:29 - 00010168 _____ () C:\Users\SERN-ADM\Downloads\FRST.txt2014-12-18 02:29 - 2015-01-17 03:29 - 00000000 ____D () C:\FRST2014-12-18 02:14 - 2015-01-17 03:27 - 02125824 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-17 03:28 - 2014-12-12 21:57 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\CrashDumps2015-01-17 03:27 - 2014-10-24 02:18 - 01375501 _____ () C:\WINDOWS\WindowsUpdate.log2015-01-17 03:16 - 2014-12-13 15:58 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Raptr2015-01-17 03:15 - 2014-10-24 02:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-01-17 03:15 - 2013-08-22 12:46 - 00295812 _____ () C:\WINDOWS\setupact.log2015-01-17 03:15 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-01-17 03:08 - 2014-11-03 15:41 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2015-01-17 03:02 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-01-17 01:03 - 2014-10-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Steam2015-01-14 16:53 - 2014-10-24 00:23 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 16:53 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-14 16:50 - 2014-10-24 00:23 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-14 00:22 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-01-13 21:51 - 2014-10-24 11:39 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Skype2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\Users\Todos os Usuários\Skype2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\ProgramData\Skype2015-01-12 00:47 - 2014-09-24 00:30 - 00424538 _____ () C:\WINDOWS\PFRO.log2015-01-05 22:08 - 2014-09-24 06:09 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-01-05 22:08 - 2014-09-24 06:09 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-12-28 18:01 - 2012-07-26 06:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-12-28 15:49 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\SERN2014-12-28 15:24 - 2014-12-10 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2014-12-24 00:33 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM2014-12-23 19:43 - 2014-12-11 15:36 - 00000000 ____D () C:\Users\Todos os Usuários\Origin2014-12-23 19:43 - 2014-12-11 15:36 - 00000000 ____D () C:\ProgramData\Origin2014-12-23 18:57 - 2014-12-11 15:36 - 00000000 ____D () C:\Users\Todos os Usuários\Electronic Arts2014-12-23 18:57 - 2014-12-11 15:36 - 00000000 ____D () C:\ProgramData\Electronic Arts2014-12-23 18:55 - 2014-12-11 15:36 - 00000000 ____D () C:\Program Files (x86)\Origin2014-12-19 01:34 - 2014-12-15 01:21 - 00215416 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe2014-12-19 01:34 - 2014-12-15 01:21 - 00214392 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0 ==================== Files in the root of some directories =======2014-12-13 15:56 - 2014-12-13 15:56 - 0000141 _____ () C:\ProgramData\LaunchURL.bat Files to move or delete:====================C:\ProgramData\LaunchURL.batC:\Users\Todos os Usuários\LaunchURL.bat Some content of TEMP:====================C:\Users\SERN-ADM\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01Ran by SERN-ADM at 2015-01-17 03:30:02Running from C:\Users\SERN-ADM\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)Call of Duty (HKLM-x32\...\Steam App 2620) (Version: - Infinity Ward)Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version: - 773)Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version: - 773)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Dino D-Day (HKLM-x32\...\Steam App 70000) (Version: - 800 North and Digital Ranch)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenIf My Heart Had Wings (HKLM-x32\...\Steam App 326480) (Version: - Moenovel)Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version: - Gravity, Inc.)Raptr (HKLM-x32\...\Raptr) (Version: - )Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Sunrider Academy Demo (HKLM-x32\...\Steam App 340740) (Version: - Love in Space)Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)The Cat Lady (HKLM-x32\...\Steam App 253110) (Version: - Harvester Games)The Way of Life (HKLM-x32\...\Steam App 310370) (Version: - Fabio Ferrara) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ? ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrador (S-1-5-21-465716547-1104618823-2389287588-500 - Administrator - Disabled)Convidado (S-1-5-21-465716547-1104618823-2389287588-501 - Limited - Disabled)SERN (S-1-5-21-465716547-1104618823-2389287588-1001 - Administrator - Enabled) => C:\Users\SERNSERN-ADM (S-1-5-21-465716547-1104618823-2389287588-1005 - Limited - Enabled) => C:\Users\SERN-ADM ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (01/17/2015 03:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: Explorer.EXE, versão: 6.3.9600.17284, carimbo de data/hora: 0x53f816dcNome do módulo com falha: DUI70.dll, versão: 6.3.9600.17031, carimbo de data/hora: 0x53086a1cCódigo de exceção: 0xc0000005Deslocamento da falha: 0x000000000007aa6eID do processo com falha: 0x858Hora de início do aplicativo com falha: 0xExplorer.EXE0Caminho do aplicativo com falha: Explorer.EXE1Caminho do módulo com falha: Explorer.EXE2ID do Relatório: Explorer.EXE3Nome completo do pacote com falha: Explorer.EXE4ID do aplicativo relativo ao pacote com falha: Explorer.EXE5 Error: (01/17/2015 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/17/2015 03:01:05 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/17/2015 01:13:00 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/17/2015 01:11:58 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/16/2015 07:52:55 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/16/2015 07:26:04 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/16/2015 07:25:26 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/16/2015 06:48:17 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/16/2015 01:10:24 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors:=============Error: (01/17/2015 03:15:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (01/17/2015 02:59:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (01/17/2015 02:56:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (01/17/2015 01:10:25 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (01/16/2015 11:37:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço MBAMScheduler. Error: (01/16/2015 11:36:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço MBAMScheduler. Error: (01/16/2015 10:58:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (01/16/2015 06:11:57 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (01/16/2015 03:30:35 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (01/16/2015 03:26:21 AM) (Source: DCOM) (EventID: 10016) (User: IBM-5100)Description: específico do aplicativoLocalIniciar{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}IBM-5100SERN-ADMS-1-5-21-465716547-1104618823-2389287588-1005LocalHost (Usando LRPC)Não DisponívelNão Disponível Microsoft Office Sessions:=========================Error: (01/17/2015 03:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.3.9600.1728453f816dcDUI70.dll6.3.9600.1703153086a1cc0000005000000000007aa6e85801d03214a2d44cfdC:\WINDOWS\Explorer.EXEC:\WINDOWS\SYSTEM32\DUI70.dlla66da2dc-9e09-11e4-beb5-1c6f65ae635e Error: (01/17/2015 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe Error: (01/17/2015 03:01:05 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe Error: (01/17/2015 01:13:00 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/17/2015 01:11:58 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/16/2015 07:52:55 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/16/2015 07:26:04 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/16/2015 07:25:26 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/16/2015 06:48:17 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/16/2015 01:10:24 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe ==================== Memory info =========================== Processor: AMD Phenom II X6 1090T ProcessorPercentage of memory in use: 21%Total physical RAM: 8189.55 MBAvailable physical RAM: 6415.64 MBTotal Pagefile: 9469.55 MBAvailable Pagefile: 7425.39 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:822.11 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================
  6. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by Toshiba (administrator) on TOSHIBA-TOSH on 20-09-2014 18:11:01 Running from C:\Users\Toshiba\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-07-26] (Toshiba Europe GmbH) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-03-03] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [browserSafeguard] => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe" HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-21-1325574982-213053849-3439578809-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-1325574982-213053849-3439578809-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-1325574982-213053849-3439578809-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1325574982-213053849-3439578809-1000\...\RunOnce: [uninstall C:\Users\Toshiba\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" HKU\S-1-5-21-1325574982-213053849-3439578809-1000\...\MountPoints2: {73fc9f36-6bd2-11e2-9b3c-806e6f6e6963} - E:\Setup.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={43BC6EEF-5923-4A8F-B1ED-7B42A5727D1A}&mid=cb50c350a36747d3a3960d47e7a6cb32-542c6fc3131c72e0d714c97d2d3ce03f95ef50d7〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-18 22:20:07&v=18.1.7.598&pid=safeguard&sg=&sap=hp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={43BC6EEF-5923-4A8F-B1ED-7B42A5727D1A}&mid=cb50c350a36747d3a3960d47e7a6cb32-542c6fc3131c72e0d714c97d2d3ce03f95ef50d7〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 22:20:07&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms} BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\wvabb4lp.default-1394992670842 FF Homepage: hxxp://www.google.co.uk/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Toshiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml FF Extension: Website Counselor - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\wvabb4lp.default-1394992670842\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-15] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-12-18] (AVG) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2013-12-18] (AVG) S4 vToolbarUpdater14.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-22] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-02-16] () S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-20 18:11 - 2014-09-20 18:11 - 00016015 _____ () C:\Users\Toshiba\Downloads\FRST.txt 2014-09-20 18:10 - 2014-09-20 18:11 - 00000000 ____D () C:\FRST 2014-09-20 18:10 - 2014-09-20 18:10 - 02105856 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64(1).exe 2014-09-20 18:08 - 2014-09-20 18:08 - 02105856 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64.exe 2014-09-20 15:48 - 2014-09-20 15:49 - 00000000 ____D () C:\Users\Toshiba\Documents\dsfc work 2014-09-20 15:17 - 2014-09-20 15:17 - 00003961 _____ () C:\Users\Toshiba\Documents\RKreport_SCN_09202014_150016.log 2014-09-20 15:14 - 2014-09-20 15:14 - 00008496 _____ () C:\Users\Toshiba\Documents\malware help.txt 2014-09-20 14:51 - 2014-09-20 18:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-20 14:50 - 2014-09-20 14:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Toshiba\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-20 14:50 - 2014-09-20 14:50 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-20 14:50 - 2014-09-20 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-20 14:50 - 2014-09-20 14:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-20 14:50 - 2014-09-20 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-20 14:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-20 14:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-20 14:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-20 14:29 - 2014-09-20 14:29 - 04707328 _____ () C:\Users\Toshiba\Downloads\RogueKiller.exe 2014-09-20 14:29 - 2014-09-20 14:29 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-20 13:41 - 2014-09-20 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-15 19:58 - 2014-09-15 19:58 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\WebExtend 2014-09-15 19:57 - 2014-09-15 19:58 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\Opera Software 2014-09-15 19:57 - 2014-09-15 19:58 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\Opera Software 2014-09-15 19:57 - 2014-09-15 19:58 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-09-15 19:55 - 2014-09-20 14:00 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-09-15 19:55 - 2014-09-15 19:55 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\globalUpdate 2014-09-14 16:12 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-14 16:12 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-14 16:12 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-14 16:12 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-14 16:12 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-14 16:12 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-14 16:12 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-14 16:12 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-14 16:12 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-14 16:12 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-14 16:12 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-14 16:12 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-14 16:12 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-14 16:12 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-14 16:12 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-14 16:12 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-14 16:12 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-14 16:12 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-14 16:12 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-14 16:12 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-14 16:12 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-14 16:12 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-14 16:12 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-14 16:12 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-14 16:12 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-14 16:12 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-14 16:12 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-14 16:12 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-14 16:12 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-14 16:12 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-14 16:12 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-14 16:12 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-14 16:12 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-14 16:12 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-14 16:12 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-14 16:12 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-14 16:12 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-14 16:12 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-14 16:12 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-14 16:12 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-14 16:12 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-14 16:12 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-14 16:12 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-14 16:12 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-14 16:12 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-14 16:12 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-14 16:12 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-14 16:12 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-14 16:12 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-14 16:12 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-14 16:12 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-14 16:12 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-14 16:12 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-14 16:12 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-14 16:12 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-14 16:12 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-14 15:58 - 2014-09-14 16:58 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-14 15:48 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-14 15:48 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-14 15:45 - 2014-09-05 03:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-14 15:45 - 2014-09-05 03:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-14 15:45 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-14 15:45 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-14 15:45 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-14 15:45 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-14 15:45 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-14 15:45 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-14 15:45 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-14 15:45 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-14 15:45 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-01 09:18 - 2014-09-01 09:18 - 00002086 _____ () C:\Users\Toshiba\AppData\Roaming\IBUHB 2014-09-01 09:18 - 2014-09-01 09:18 - 00001248 _____ () C:\Users\Toshiba\AppData\Roaming\FMSQPIE 2014-08-30 14:54 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-30 14:54 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-30 14:54 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-30 14:54 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-30 14:54 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-30 14:54 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-30 14:54 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-30 14:54 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-30 14:50 - 2014-08-30 14:50 - 01058200 _____ (Adobe) C:\Users\Toshiba\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe 2014-08-29 18:26 - 2014-08-29 18:26 - 00030220 _____ () C:\Users\Toshiba\Documents\ncs graduation event.odt 2014-08-29 17:39 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-29 17:39 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-29 17:39 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-29 17:39 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-29 17:39 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-29 17:39 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-29 17:39 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-29 17:39 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-29 17:39 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-29 17:39 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-29 17:39 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-29 17:39 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-29 17:37 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 17:37 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-29 17:37 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-29 17:37 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-29 17:37 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-29 17:24 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-29 17:24 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-29 17:24 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-29 17:24 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-29 17:24 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-29 17:24 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-29 17:24 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-29 17:24 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-29 17:24 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-29 17:24 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-29 17:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-29 17:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-29 17:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-29 17:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-20 18:11 - 2014-09-20 18:11 - 00016015 _____ () C:\Users\Toshiba\Downloads\FRST.txt 2014-09-20 18:11 - 2014-09-20 18:10 - 00000000 ____D () C:\FRST 2014-09-20 18:10 - 2014-09-20 18:10 - 02105856 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64(1).exe 2014-09-20 18:10 - 2013-01-31 19:14 - 01687526 _____ () C:\Windows\WindowsUpdate.log 2014-09-20 18:09 - 2013-02-02 18:18 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-20 18:08 - 2014-09-20 18:08 - 02105856 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64.exe 2014-09-20 18:06 - 2014-09-20 14:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-20 18:05 - 2013-03-15 18:39 - 00009390 _____ () C:\Windows\setupact.log 2014-09-20 18:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-20 18:04 - 2013-03-15 18:39 - 00225216 _____ () C:\Windows\PFRO.log 2014-09-20 16:56 - 2013-02-10 17:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-20 15:49 - 2014-09-20 15:48 - 00000000 ____D () C:\Users\Toshiba\Documents\dsfc work 2014-09-20 15:17 - 2014-09-20 15:17 - 00003961 _____ () C:\Users\Toshiba\Documents\RKreport_SCN_09202014_150016.log 2014-09-20 15:14 - 2014-09-20 15:14 - 00008496 _____ () C:\Users\Toshiba\Documents\malware help.txt 2014-09-20 14:50 - 2014-09-20 14:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Toshiba\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-20 14:50 - 2014-09-20 14:50 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-20 14:50 - 2014-09-20 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-20 14:50 - 2014-09-20 14:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-20 14:50 - 2014-09-20 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-20 14:42 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-20 14:42 - 2009-07-14 05:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-20 14:29 - 2014-09-20 14:29 - 04707328 _____ () C:\Users\Toshiba\Downloads\RogueKiller.exe 2014-09-20 14:29 - 2014-09-20 14:29 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-20 14:23 - 2013-02-01 12:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-20 14:00 - 2014-09-15 19:55 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-09-20 13:50 - 2014-03-16 17:11 - 00000000 ____D () C:\ProgramData\AVG2014 2014-09-20 13:42 - 2014-09-20 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-20 13:27 - 2013-02-02 16:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-20 13:27 - 2013-02-01 12:04 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F16B713A-6C8A-4315-92DB-84E3838FD8B1} 2014-09-15 22:25 - 2014-05-21 19:16 - 00000000 ____D () C:\ProgramData\Origin 2014-09-15 22:25 - 2013-02-02 16:01 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\BitTorrent 2014-09-15 22:13 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-15 19:58 - 2014-09-15 19:58 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\WebExtend 2014-09-15 19:58 - 2014-09-15 19:57 - 00000000 ____D () C:\Users\Toshiba\AppData\Roaming\Opera Software 2014-09-15 19:58 - 2014-09-15 19:57 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\Opera Software 2014-09-15 19:58 - 2014-09-15 19:57 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-09-15 19:55 - 2014-09-15 19:55 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\globalUpdate 2014-09-15 19:55 - 2011-07-26 10:41 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-15 19:24 - 2014-04-15 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-09-15 19:24 - 2014-03-16 17:12 - 00000932 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-09-14 18:11 - 2014-05-13 20:48 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-14 18:10 - 2013-10-08 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014 2014-09-14 18:10 - 2013-03-14 02:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2014-09-14 16:58 - 2014-09-14 15:58 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-14 16:58 - 2013-02-10 17:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-14 16:58 - 2013-02-02 15:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-14 16:58 - 2013-02-02 15:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-14 16:11 - 2013-02-02 15:28 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-14 16:06 - 2013-02-10 17:16 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-14 16:06 - 2009-07-14 06:13 - 00766780 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-14 16:04 - 2013-08-27 12:43 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-14 15:49 - 2013-02-01 11:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-05 03:10 - 2014-09-14 15:45 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 03:05 - 2014-09-14 15:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-01 09:18 - 2014-09-01 09:18 - 00002086 _____ () C:\Users\Toshiba\AppData\Roaming\IBUHB 2014-09-01 09:18 - 2014-09-01 09:18 - 00001248 _____ () C:\Users\Toshiba\AppData\Roaming\FMSQPIE 2014-08-30 15:20 - 2009-07-14 05:45 - 00342240 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 15:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-30 14:50 - 2014-08-30 14:50 - 01058200 _____ (Adobe) C:\Users\Toshiba\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe 2014-08-29 18:26 - 2014-08-29 18:26 - 00030220 _____ () C:\Users\Toshiba\Documents\ncs graduation event.odt 2014-08-23 03:07 - 2014-08-29 17:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:45 - 2014-08-29 17:37 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 01:59 - 2014-08-29 17:37 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Some content of TEMP: ==================== C:\Users\Toshiba\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Toshiba\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Toshiba\AppData\Local\Temp\UNINSTALL.EXE ==================== Bamital & volsnap Check =============== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-05-03 11:53 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014 Ran by Toshiba at 2014-09-20 18:11:58 Running from C:\Users\Toshiba\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.) Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player Packages (HKCU\...\Adobe Flash Player Packages) (Version: - ) <==== ATTENTION Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies) AVG 2014 (Version: 14.0.4025 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden AVG PC Tuneup (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG) AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG) AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Contenta Converter PREMIUM (HKLM-x32\...\ContentaConverter-PREMIUM) (Version: - Contenta Software) CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time) HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation) iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden Java 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com) Mozilla Firefox 32.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-GB)) (Version: 32.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Snap.Do Engine (HKCU\...\{0f712971-0f57-4ea7-9dc7-3f29c8c59e33}) (Version: 10.206.1.14585 - ReSoft Ltd.) <==== ATTENTION SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.30C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (x32 Version: 1.63.0.30C - TOSHIBA CORPORATION) Hidden TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.10C - TOSHIBA CORPORATION) TOSHIBA Supervisor Password (x32 Version: 1.63.0.10C - TOSHIBA CORPORATION) Hidden TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden Video Converter Bundle (HKLM-x32\...\Video Converter Bundle) (Version: 2.0.0.3 - Video Converter Bundle) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 02-06-2014 17:19:38 Windows Update 07-06-2014 20:35:55 Windows Update 22-06-2014 14:17:57 Windows Update 24-06-2014 13:22:50 Windows Update 01-07-2014 12:32:46 Windows Update 01-07-2014 15:14:34 Removed iTunes 01-07-2014 15:48:00 Installed iTunes 11-07-2014 17:40:00 Windows Update 22-07-2014 18:59:38 Windows Update 07-08-2014 12:48:36 Windows Update 07-08-2014 20:19:08 Installed Java 7 Update 67 29-08-2014 16:23:59 Windows Update 29-08-2014 16:24:22 Windows Update 30-08-2014 13:52:38 Windows Update 14-09-2014 14:46:51 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-09-20 15:26 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {078D8FDB-65C9-4914-8869-772B2429FBC7} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {1AD3777E-FBC4-47C2-9E66-ACB4D04920FF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe Task: {731B57B2-B87F-4BE8-884F-A822CF911F17} - \AmiUpdXp No Task File <==== ATTENTION Task: {78359FFF-A1FB-49FF-A484-61281E2442D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated) Task: {84DBF5D6-3BA2-4AEE-8C7F-8FCD6BB796EA} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated) Task: {9902D992-8CF8-4BAF-9DBA-6341D95BC628} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation) Task: {C3FF4FC6-BB62-48F0-9204-9E25992A9F0C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {C447CAD4-0EFB-423C-942F-9C7A6EC411C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-18 09:38 - 2013-12-18 09:38 - 00742200 ____N () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2014-09-20 13:41 - 2014-09-20 13:41 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: HL-DT-ST DVDRAM GT51N Description: CD-ROM Drive Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: TuneUpUtilitiesDrv Description: TuneUpUtilitiesDrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: TuneUpUtilitiesDrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/20/2014 06:06:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 02:25:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 02:22:03 PM) (Source: Wininit) (EventID: 1015) (User: ) Description: A critical system process, C:\Windows\system32\lsm.exe, failed with status code 1. The machine must now be restarted. Error: (09/20/2014 01:23:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/15/2014 07:58:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ie4uinit.exe, version: 11.0.9600.17280, time stamp: 0x53f26f3b Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xc0000005 Fault offset: 0x0000000000001a93 Faulting process id: 0x1574 Faulting application start time: 0xie4uinit.exe0 Faulting application path: ie4uinit.exe1 Faulting module path: ie4uinit.exe2 Report Id: ie4uinit.exe3 Error: (09/15/2014 07:58:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 32.0.1.5367, time stamp: 0x541259dd Faulting module name: mozalloc.dll, version: 32.0.1.5367, time stamp: 0x541225d2 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x1320 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (09/15/2014 07:55:39 PM) (Source: MsiInstaller) (EventID: 11309) (User: Toshiba-TOSH) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it. Error: (09/15/2014 07:55:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 32.0.1.5367, time stamp: 0x541259dd Faulting module name: mozalloc.dll, version: 32.0.1.5367, time stamp: 0x541225d2 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x108c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (09/15/2014 07:24:19 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_esa.cab. Verify that the file exists and that you can access it. Error: (09/15/2014 07:24:16 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_zta.cab. Verify that the file exists and that you can access it. System errors: ============= Error: (09/20/2014 06:07:41 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (09/20/2014 06:07:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (09/20/2014 06:07:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (09/20/2014 06:05:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TuneUpUtilitiesDrv service failed to start due to the following error: %%2 Error: (09/20/2014 06:05:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (09/20/2014 06:05:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 Error: (09/20/2014 02:27:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (09/20/2014 02:25:37 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (09/20/2014 02:24:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (09/20/2014 02:24:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TuneUpUtilitiesDrv service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (09/20/2014 06:06:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 02:25:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 02:22:03 PM) (Source: Wininit) (EventID: 1015) (User: ) Description: C:\Windows\system32\lsm.exe1 Error: (09/20/2014 01:23:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/15/2014 07:58:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ie4uinit.exe11.0.9600.1728053f26f3bKERNELBASE.dll6.1.7601.184095315a05ac00000050000000000001a93157401cfd11711d63266C:\Windows\System32\ie4uinit.exeC:\Windows\system32\KERNELBASE.dll4fe91872-3d0a-11e4-986b-dc0ea14222c1 Error: (09/15/2014 07:58:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe32.0.1.5367541259ddmozalloc.dll32.0.1.5367541225d2800000030000141b132001cfd116eb7f7a7dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll41135bda-3d0a-11e4-986b-dc0ea14222c1 Error: (09/15/2014 07:55:39 PM) (Source: MsiInstaller) (EventID: 11309) (User: Toshiba-TOSH) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/15/2014 07:55:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe32.0.1.5367541259ddmozalloc.dll32.0.1.5367541225d2800000030000141b108c01cfd111bc163deaC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld94c9c9b-3d09-11e4-986a-dc0ea14222c1 Error: (09/15/2014 07:24:19 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_esa.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/15/2014 07:24:16 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG2014\SetupBackup\lng_zta.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 380 @ 2.53GHz Percentage of memory in use: 55% Total physical RAM: 3890.67 MB Available physical RAM: 1738.29 MB Total Pagefile: 7779.52 MB Available Pagefile: 5454.65 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:297.85 GB) (Free:232.82 GB) NTFS Drive d: (Data) (Fixed) (Total:297.93 GB) (Free:289.89 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7A7C24AC) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=297.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=297.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Please can I have some help, also thaks to MrC for directing me ib the link of how to do this. Like username suggest, I am a beginner so any instructions will need to be in simple language in order for me to undertstand. Thanks in advance
  7. I really appreciate any assistance you can provide. I ran RogueKiller and I'm not sure what do about the SSDT results (if anything). There were three registry entries for HJDesk which I've removed. I have searched sites for recommendations for the SSDTs, but it appears I shouldn't do anything if I'm not well versed in this area. Thank you in advance. rk.txt
  8. Hi. So I recently acquired a virus that, now, as soon as it connects to the internet, starts playing ads in my background. So I mute it. After a while, it then forces my computer to shut down. I read on a recent post that using the RogueKiller app would help. Can someone help me from this point on? All i did was scan. Ill Post the report. RKreport0_S_01102014_114047.txt
  9. I ran RogueKiller (Windows XP SP3) and this is the output from the report: RogueKiller V8.8.0 [Dec 27 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Safe modeUser : Administrator [Admin rights]Mode : Scan -- Date : 01/09/2014 09:16:48| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤[DNS][PUM] HKLM\[...]\CS002\[...]\{179D1F43-6066-40CE-B4D4-3688FC5AA87E} : NameServer (64.118.139.51,64.118.139.52) -> FOUND[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x2] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com[...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250310AS +++++--- User ---[MBR] 6c5ea126ce052b9f53b7c718ff0986f2[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 238355 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk Cruzer USB Device +++++--- User ---[MBR] c53062fb81e627c93d41c5292522bc39[bSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR CodePartition table:0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3859 MoUser = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_01092014_091648.txt >> My options are: delete/Fix Host/Fix Proxy/Fix DNS/Fix Shortcuts Do I click on each one?
  10. Ran Rogue Killer and it told me this. I thought I'd get some advice before deleting anything RogueKiller V8.7.6 [Oct 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : riggs_000 [Admin rights] Mode : Scan -- Date : 11/08/2013 09:21:06 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][ROGUE ST] 4831 : wscript.exe - C:\Users\RIGGS_~1\AppData\Local\Temp\launchie.vbs //B -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD15EARS-60MVWB0 +++++ --- User --- [MBR] f9440a923929791ab2b8bf5463b4a047 [bSP] 05dbbf897ef3186553db407e3d1b58c5 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2903459840 | Size: 13093 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11082013_092106.txt >>
  11. There was a file that I downloaded onto my PC that ended up on my list of Programs - it's called "Zip Extractor Packages," and clicking on it also installed some known malware programs. I'm not sure if it's a virus, malware, a benign or dangerous PUP or something else, but since there are only a few dozen Google hits on this, I'm wondering if it's brand new, what its effects are, and how to fully remove any remnants of it. Unfortunately I don't have a copy or screen shot to attach, since my PC went to Geek Squad and they said all malware/viruses were removed. But since it may be a brand new malware or a dangerous PUP, I'm hoping someone can investigate what it is. (I posted a request for help on the "Malwarebytes Anti-Malware Help" forum here - they didn't know what it was, and said I should post in Newest Malware Threats, which I did. Since the moderator who replied there said he couldnt find it at the link I gave below, he suggested I post here and let him know what I hear. My Geek Squad guy suggested I post in Tom's Hardware, but I got no reply there) I believe I downloaded it based on a link from the moderator of MalwareTips.com that said it was a link for RogueKiller. Unless the link was changed from a few days ago, I believe the link was listed as this: RogueKiller Download Link: http://tigzy.geekstogo.com/roguekiller.php (FYI. Someone at the Malwarebytes forum said they tried this link & Zip Extractor Packages wasn't there - since I no longer had the program or any screenshots, they said they weren't able to investigate it) Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com" I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another) - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. When I tried to uninstall, it said it may have been removed... and then a NEW program appeared on the list - Sweetpacks. I went back to another help page on the site and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link unless you have a way to safely download and examine it - it's listed there as " "RogueKiller Download Link : http://tigzy.geekstogo.com/roguekiller.php") Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!. I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there. Though Geek Squad says they found my hardware was clean, and say they cleaned everything, my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since this thing may still be unknown or unanalyzed. Anyone know about this malware/PUP, or can anyone report it to whoever these things get reported to so it can be fixed? A friend in IT said antivirus/malware co's usually have 30 days after IDing a new item to come up with a solution, and with only a few dozen Google page hits on this thing the last time I checked, I'm afraid I may be Ground Zero with a new virus or malware or dangerous PUP. And a few related things it may have affected: --My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know? --my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers) Thanks, Jeff
  12. I have malware on my system called "Zip Extractor Packages" but since there are only a few dozen Google hits on this, I'm wondering if it's brand new and how to remove it. I'm also concerned that the site MalwareTips.com may be perpetuating malware, since they didn't post my post on this Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com" I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another" - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. (When I tried to uninstall, it said it may have been removed) and then a NEW program appeared on the list - Sweetpacks) I went back to the site (this time http://malwaretips.com/blogs/remove-sweetpacks-toolbar/ ) and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link, listed there as " "RogueKiller Download Link : http://tigzy.geekstogo.com/roguekiller.php") Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!. I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there. Right now my pc is with the Geek Squad - they've found my hardware is clean and are now checking my data -- but my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since it may still be unknown or unanalyzed. Anyone know about this malware, or can report it to whoever these things get reported to so it can be fixed? And a few related things some of this malware may have affected: --My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know? --my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers) --Also: I never got an emailed reply or post accepted to MalwareTips.com, but i did get an increase in spam to the email address I submitted with my post Thanks! Jeff
  13. Hello, in the most recent RogueKill version, my log came up like this : RogueKiller V8.7.2 _x64_ [Oct 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jim_2 [Admin rights] Mode : Remove -- Date : 10/11/2013 15:23:37 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 5 ¤¤¤ [All Users][HJNAME] rundll32.exe : C:\Users\All Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> [Default][HJNAME] rundll32.exe : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> [Default User][HJNAME] rundll32.exe : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> [desktop.ini][HJNAME] rundll32.exe : C:\Users\desktop.ini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> [Public][HJNAME] rundll32.exe : C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe [x] -> ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - TOSHIBA MK1059GSMP +++++ --- User --- [MBR] d81af62b84f9232e26b3397e63b35666 [bSP] 068733cfa271e4162a8c576d679718bc : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 935335 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - Generic Flash Disk USB Device +++++ --- User --- [MBR] 9ca04fb83051435057bf78c827848367 [bSP] 5c7d1f224546e443808e0f106485ee32 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo 1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo 2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo 3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 0 | Size: 1775989 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_D_10112013_152337.txt >> RKreport[0]_S_10112013_144011.txt;RKreport[0]_S_10112013_151617.txt ------------------------- The last version of RK came out clean and I have searched highs and lows for this "rundll32.exe" within the file paths. Not to mention RK_Quarintine folder was had no reg files inside. I haven't downloaded or installed anything prior to last RK scan (unfortunately, deleted) Is this some false positive? The host file is data from Spybot S&D.
  14. Hi, just tried out RogueKiller to check my system out. Need to help on analyzing report. Thanks! RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Normal mode User : gtadm [Admin rights] Mode : Scan -- Date : 08/20/2013 00:58:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (gtproxy02.globetel.com:8080) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{45638218-CB5B-4712-A5D7-1DE3E0728812} : NameServer (10.225.208.143,10.225.208.140) -> FOUND [DNS] HKLM\[...]\CS002\[...]\{45638218-CB5B-4712-A5D7-1DE3E0728812} : NameServer (10.225.208.143,10.225.208.140) -> FOUND [DNS] HKLM\[...]\CS003\[...]\{45638218-CB5B-4712-A5D7-1DE3E0728812} : NameServer (10.225.208.143,10.225.208.140) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 10.163.96.131 V490DB1.globe.com.ph V490DB1 10.163.96.133 V490DB2.globe.com.ph V490DB2 10.163.96.132 V490DB1VIP.globe.com.ph V490DB1VIP 10.163.96.134 V490DB2VIP.globe.com.ph V490DB2VIP 10.163.96.67 V490RT1.globe.com.ph V490RT1 10.163.96.69 V490RT2.globe.com.ph V490RT2 10.163.96.68 V490RT.globe.com.ph V490RT 10.163.96.135 DBCluster.globe.com.ph DBCluster 10.163.96.70 RTCluster.globe.com.ph RTCluster 10.163.96.94 V445BACKUP.globe.com.ph V445BACKUP 192.168.1.13 U40-console.globe.com.ph U40-console 192.168.1.6 V490RT1-rsc 10.164.50.133 V490DB.globe.com.ph V490DB 10.226.226.10 V245AS3.globe.com.ph V245AS3 10.226.226.11 V245AS4.globe.com.ph V245AS4 10.163.96.35 V245AS1.globe.com.ph V245AS1 10.163.96.37 V245AS2.globe.com.ph V245AS2 10.163.96.132 c10db.globe.com.ph c10db 193.35.206.80 icon.globetel.com icon [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1646GSX +++++ --- User --- [MBR] 13fccc201b53681b951d344be9afd9d1 [bSP] a7f76f522cc07549eaea16523263bb11 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 142435 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291708270 | Size: 10189 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08202013_005844.txt >> RKreport[0]_S_08202013_002550.txt
  15. http://malwaretips.com/blogs/system-care-antivirus-removal/ so i have been following these instructions and used roguekiller. i am concerned about deleting registry entries. i have a screen shot of the fundings. i just want to make sure i am not deleting anything important. there are "susp path" andhj s menu and hj desk indicators. please let me know here is the screen shot thanks
  16. Hey, I don't even known if I'm posting this in the right place. I know fairly little about computers, but recently, after having security certificate authentication issues, it came to my attention that I had a ZeroAcces rootkit. While I know that it's usually recommended to reformat, I was really hoping to avoid that issue. I was fairly sure I knew when the rootkit infected me, and so I figured before reformatting I should give restore points a start. After restoring the system, everything seemed fine. MBAM no longer detected any threats, TDSSkiller no longer reported any threats. The only thing that was picking up anything was Roguekiller. Where I'm not very good with computers, I've been having a horrible time figuring out if what Roguekiller found is even malicious. The log is as follows: ¤¤ Registry Entries : 4 ¤¤¤ [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND This is the ONLY thing that is being picked up on my system, nothing else seems to be an issue. Are these malicious? if so, how do i go about dealing with them, or will I simply have to go ahead and reformat after all? Thanks in advance for any help, the people on these forums seem to be so very knowledgeable and helpful.
  17. I've recently been recieving incoming connections from foriegn IPs(Europe) over port 22028. MBAM blocks these connections prompting "Incoming connection from 85.x.x.x blocked; proc:"scvhost.exe". I'm worried about any other vulnerabilities this rootkit might exploit. I've tried TDSS and combofix but to no avail. I have a report generated for DDS and roguekiller.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.