Jump to content

Search the Community

Showing results for tags 'USB'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 24 results

  1. All: I have been asked by a member of the DisplayLink support team, a tech solutions provider for (among things) USB-dock based graphics display, hot desking and other peripheral support, to share information with Malwarebytes, its users and, specifically, the Malwarebytes support team, regarding issues/conflicts that I experienced between the latest Malwarebytes for Windows software and the latest DisplayLink for Windows drivers and software; as well as to share the solution/steps that I came up with and discovered to solve my issue. I note that I am currently (i) a Malwarebytes premium subscriber (running Malwarebytes for Windows 4.0.4.49), and (ii) a DisplayLink software user (specifically, "DisplayLink USB Graphics Software for Windows 9.3 M0 drivers") with a USB 3.0 "Plugable UD-3900 Dual Display Universal Docking Station". The specific request from DisplayLink appears in its forums (in a response to my own "How To"-type posting) here (and/or at the top of page 2): https://displaylink.org/forum/showthread.php?t=64896&goto=newpost; and, as evidenced by the posting itself, a member of DisplayLink's tech support team (named Alban) would like to work together with Malwarebytes' team on fixing the below-described issue. The material substance of both my issue and the posting that I left in the DisplayLink forums is cut and paste hereinbelow (here’s the original link, with my post at the bottom of “page 1”: https://displaylink.org/forum/showthread.php?t=64896) ADDITION TO THE ABOVE: (18) Reinstall Malwarebytes. As an added measure, and whether or not this is superfluous or necessary is totally up to you: leave the "enable self-protection module early start" option (in advanced security settings) unchecked, as enabling this setting specifically "...changes the order of services and drivers associated with your computer's startup" (see the MB for Windows User Guide here: https://support.malwarebytes.com/docs/DOC-3564), and you want (or, at least I want) the DisplayLink "dlcdcncm" ethernet adapter driver for the USB dock loaded early on in the PC's startup process so that the internet (using ethernet, not WiFi) works right away at the Windows login screen (and during your boot process).
  2. Does Malwarebytes have the ability to scan a USB key (aka pen drive) on insertion. I have a clean laptop, but, my USB Key, so I found out, has 200 Malware on it, that I was not aware of. I only use this from site-to-site and will have picked these up from clients. For the future, I wondered whether a quick scan on insertion was possible?
  3. I have a Z87-g45 gaming motherboard and I can't get it to boot to usb. My computer completely crashed after I ran hitman and malewarbytes. I ran both scans and each told me a restart was needed so I waited for both to finish since they both required a restart. Prob was not good idea since now my computer won't boot at all. Once I was prompted of a failed startup I chose to restart from last known good configuration. It just got hung on the starting Windows screen for over 3 hours. So I tried changing the bios to ufei instead of legacy+ufei and tried to see if that helped. It didn't. I've tried restoring bios to defaults to see if it helped it did not. Stuck on loading Windows screen. I took the battery out of the mother board and left it out for 5 mins and tried to start it. Same thing stuck on loading Windows. After trying to load to safe mode with network and without network and trying to load to command prompt and it all still getting stuck I decided to go purchase a new computer to try to get some recovery software to try to fix the problem. So my first choice of programs to try is Hiren. I downloaded Hiren and it was an iso file. So I formatted my usb thumbnail to Fat32 and used PowerISO to burn the Hiren ISO to the usb. (Using the create bootable usb option) after it was finished burning to the usb. I removed it from computer and put it into broken PC. Booted PC up and push F10 till I got to the bios. Changed boot priority to #1 uefi usb #2 usb. Saved changes and restarted. Went to stuck loading Windows screen. Power off, power on F10 changed bios from uefi+legacy to just uefi and booted usb first priority. Saved and rebooted. Went to stuck loading Windows screen. Figured I'd just try to see if command promp would work. Power off, power on F10 changed to default bios settings saved and restarted. Windows failed to load restart with command promp. Stuck on Windows loading screen but it finally worked and I was in command promp. Trying several commands to figure out what drive the usb was and looking on Google trying to find list of commands to use with command prompt. The computer automatically just restarted and I didn't even execute any command. Now unsure I can get to command prompt again. Tried rebooting again and again about 4 or 5 times and get stuck on Windows loading screen and no option of boot to command prompt. I can get to efi shell easily but don't think that's gonna help me with what I need. I honestly don't know what I should run off of hirens even if I do get it to run. I'll use to research Google as I go. My biggest problem is trying to get the usb to load then if someone would like to walk me to diagnose the problem id be forever grateful! Please help me. I've repaired computers that have crashed before but this is first time this computer with this motherboard has crashed and I just can't get it to do right and it's been killing many days just watching a stuck screen. Please! TY in advance!
  4. I have a suspicious file named gbhvexig.exe that keeps coming back after a restart or two. I suspect it to be causing multiple instances of iexplore.exe (reaches up to 4 instances when my normal number of instances is only 2) upon startup and these instances are detected as malicious ads. I also think it is responsible for breaking the .dll files of two games in my PC. Another concern is, all USB sticks I insert in my PC gets infected with the RECYCLER folder and "shortcut virus". I have ran several scans already using Malwarebytes but still my USBs are getting infected. I have attempted to run some scans using FRST and ADWCleaner as I have seen in other threads with similar problems as mine but I always seem to get lost in the way. Please do help me because I have grown tired of reinstalling my affected programs again and again.
  5. Hello, Im new to this forum and I would be extremely grateful if anyone here could give me some advice on how to remove encrypted syswow64, (possibly zero access rootkit), from several usbs that I got that have been infected when they where inserted in windows computers that I got that were attacked by hackers. The hackers installed a system administration server on my network and attacked my computers with some kind of synzcronization worm/virus that synced and even infected offline devices, (that contained Bluetooth and smartcard etc), like Television, digital TV box, dvd, printer and phones. Programs that I detected on my computers that they were using were among others, syswow64, bluetoothshare, various installation hooks, svchost, microsoft synchronization feeds, keyloggers, infrared, remote Control programs, malicious code and code changer programs etc. When I scan the usbs with regular virus Scans like Kaspersky or Norton they all comes out Clean and no names shows up during the scan but when I scan the usbs with microsoft forefront scanner it also comes out as Clean but during the scan all the rootkit names show up though. The names that comes up includes for example syswow64, catroot, system root: nearby devices, hkmmodule installation hook, netframework installation hook, microsoft feeds synchronization, subsystem spooler system, mobilesynch.exe, tablet/pcsynch.exe, rundll.32.exe and many more. I have run the scan on all photos separately that is stored on the usbs and the same rootkit names shows up during the scan on every single photo and also, when I did a test and removed all files from one usb, so that it was empty, all the names still showed up when I scanned it and I could also see that the rootkit, (although I cant see it as it is encrypted), took up 0,8 gb of space on the usb since there was only 7,2 gb left for me to use although the size of the usb is 8 gb so if the usb were really empty there should be 8 gb space left for me to use, not 7.2 gb. What I would like to know is if anyone here knows if theese types of encrypted rootkits is possible to remove at all fro usbs so that I can get my photos, and if so how? Is there any antivirus website where I can upload the photos that can Clean the rootkit completely out of the usb and photos or should I go visit some computer specialist store instead, or is it enough if I just burn the photos over to a dvd and then the rootkit will dissapear byitself, or is there nothing that can be done at all? Anyone that knows the answer to theese questions please feel free to send me messages either in this thread or you can send me private messages to my profile here on this forum aswell if you like. All answers are extremely appreciated
  6. I made a really big mistake the other day installing something onto my machine that had not been properly checked for malware and viruses. It turned out that it had some really nasty virus and also installed something called the YeaHelpdesk onto my machine which has run riot through my system. I have read online that Malwarebytes can get rid of it but sadly, one of the effects of the virus was to take away my administrative rights to my own PC and is able to prevent me installing Malwarebytes on my system, saying that I do not have permission to. I want to know if it is possible to install Malwarebytes onto a datastick from my laptop and then be able to plug that into my PC and be able to run it from off the stick. Anyone?
  7. I have a Win 10 setup with the in-built Defender, and the free version of Avast AV - but I still manage to find the occasional PUP when I run Adwcleaner (preferably in Safe Mode) Question:- is it possible to set Adwcleaner to scan a USB memory stick for PUPs - or does it do that by default? Many thanks! richard
  8. Just upgraded to paid version yesterday. Now I find that I cannot see various files on my Nexus 5 Android phone when I connect via USB. This is how I transfer and manage music files and such and it has always worked perfectly in the past. It might be a coincidence but it seems just too suspicious to be such. Oh, and the files are actually there if I look at the phone's contents through its file manager -- they just don't show up anymore when I'm looking with File Explorer on W10-64.
  9. Ok. so i think i'm in trouble. i ran through these steps https://www.reddit.com/r/buildapc/comments/646byi/keep_your_pc_healthy_adwaremalwarejunkware/. Everything went well and i restarted my computer, once i'm at the home screen both my mouse and keyboard are not working. I looked around for some soultions but nothing seems to be working. None of my USB ports are working. I've reset CMOS but i get nothing. I tested a spare mouse on all these USB ports and i get power but that's it so i don't think it's a hardware problem. I also tested my main keyboard and mouse on a laptop and they work fine. Doing all this i ran into a big problem. The pins for My USB 3.0 front header port on my motherboard are snapped off. Thing is, everything was working fine before i ran this program and im not sure what to do now. Sorry for the story, any suggestions are greatly appreciated. Motherboard: https://www.newegg.com/Product/Product.aspx?Item=N82E16813157734
  10. Hi, this case is the worst that i've had in all my life, because in any other case you can just save your files, reinstall your operating system and move your files back, but this is quite different. Few weeks ago I noticed that I couldn't read any usb in any port, whenever I tried it showed something like this: "Can't get access to E:\. Access Denied", I thought it was a windows bug or something, so I was going to reinstall my O.S., I moved all my files to a server (because I cant connect anything in the USB ports...) then when I tried to put a usb in the server, now the server shows the exact same message, then stupid me said, "Damn i need my outlook files (.pst), so I moved my .pst from the server to a brand new PC that I got for my birthday, I moved only 2 .pst and when I tried to connect a usb, it showed the exact same message again... the image below shows the error and how it shows my units in the windows explorer. I scanned with malwarebytes and bitdefender but nothing shows If anyone knows anything about this virus, please help this poor soul. Have a nice day.
  11. I can't get rid of USB malware. When I inserted my flash drive it ruined my HTC One S's recognition and now I can't copy files from/to it! Also, when I insert the same USB drive when Linux Ubuntu is booted, it works normally! So there's definitely something that causes trouble. I scanned my PC with Kaspersky Malware removal tool, MBAM Premium trial, and Avast Internet Security and nothing was found... I wiped the flash drive with GParted booted, and reformated to different file system (NTFS) and nothing! I am not sure if the malware is from another, microSD card reader, where it came from, but I am now thinking about tossing those 2 to trash! I changed AutoPlay options to not do anything. Now the flash drive is visible after rebooting But my One S is not responding except the sound for new device can be heard. In the device list, it says the driver is broken... I reinstalled HTC Sync, notghing changed. When I tried the trouble shooter it did something, suggested taht I reboot, and blue screen BAD_POOL_HEADER apperraed. I am certain it trigged this event. So that can't solve the problem either. Any suggestions?
  12. Windows7 MSI netbook sth wrong with drivers chcecked for updates using this don't know what to do (this is the right topic, please reply here), Thanks
  13. Hello everyone! I know that you guys just helped me few days ago, helping me to fix my laptop. But after coming back home (2 weeks later), my mom (someone who can magically install Baidu and Hao123 on her laptop) plugged an USB on my PC (so she could print some things). But, since I know her well, she probably infected my PC (even through she used some anit-virus to eliminate the threats from the USB before using it on my PC). So, I'm here to ask for help. From the last help that I got here, I already downloaded some programs to help me to find the threats on my PC. I just installed the Emergency Kit Scanner, but I will use it later. Until now, I used Avast full scan on Admin mode and Malwarebytes full scan on admin mode - nothing infected. I will attach the FRST logs here and start the ESET Online Scanner. Thank you guys for the help. Addition.txt FRST.txt
  14. I tried many times to remove Malwares in my flash disk but seems no hope. Here is MBAM log Flashdisk.txt
  15. Have just recently formatted my computer and decided to not go back to AVG because of the problems it's been having with Steam and other things. I used other programs other than MWB Free but have decided to come back to it because when used in tandem with other programs I have just as much protection as AVG provided. However an interesting problem has occured. When I installed it I was completely blocked from internet access. My MB port is not working so I am using a USB Ethernet adapter for access. After a long search on the web and through my computer and MWB itself that produced nothing I removed the program. After getting access restored I installed the program again just to be sure and within seconds I was blocked from the internet again. I couldn't find anything in MWB that I thought was relevant and I'm sure it's not my computer or reinstallation since I had access before MWB but I'll be damned if I can figure out what to do on my own. I could really use some help in finding out what to configure to keep this from happening.
  16. One of my 32GB flash drives became infected. I suspect it was from a site I'm not accustomed to downloading from. Anyway, I saw chinese symbols in folders that weren't there before. The infection corrupted all but 3 folders. I believe there were 6-7 folders to begin with. I immediately opened Malwarebytes and did a full scan of the flash drive. It found 9 items, removed them and I had to restart my laptop. Some of the characters were still visible after the restart so I was remained concerned. I removed the flash drive then re-inserted it. My laptop had a bit of difficulty accessing it so I did a scan to repair files and fix problems (not Malwarebytes). The scan reported it fixed problems. All but the three folders were gone which is fine. I can just get the files again. I no longer see any chinese characters/symbols. Am I in the clear? I'm currently running a full system scan with Malwarebytes. If it too is clear, should I consider my system safe?
  17. So basically i had used this usb as a "live usb" to be able to install Ubuntu and other Linux based os to my net book, (it has no CD drive). After installing i deleted the files from the usb stick, (like usual) and proceeded to try and use it like normal again. at this point windows gave me an error and decided to restart, and once it had rebooted i found that my usb drive was no long available. I've attempted for several hours now to fix this problem but it seems that it is a rather rear occurrence so there so there isn't much help that i can find. i have however managed to get to the point where windows disk manager can at least see that there is something plugged in, as seen in the bottom right of the picture. However, windows gives me an odd description of the device and it current partition style as master boot record. the usbs size is also incorrect all showing as 0, while the chip genius program I've found shows it as 32GB, which is correct. the usb stick is an intenso rainbow line. any help would be appreciated
  18. Hello people! I've plugged my flashdrive in a public computer and that's the gift I get: a USB virus/worm called tmp5A5F.tmp.vbe. So all files/folders turn into shortcuts to hidden files, pointing to the vbe malicious file. The problem is not the files in the flashdrive per se, but the fact that neither Malwarebytes nor Avast detected any suspiciuos file. And it is always coming again, no matter what I do to clean it. I would appreciate any help in cleaning this up! Here are my Farbar logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)Ran by eu (administrator) on HOME on 08-04-2014 08:44:41Running from D:\DownloadWindows 7 Home Premium Service Pack 1 (X64) OS Language: Portuguese BrazilianInternet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe(Microsoft Corporation) C:\Windows\System32\wscript.exe(Dropbox, Inc.) C:\Users\eu\AppData\Roaming\Dropbox\bin\Dropbox.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6962400 2012-12-28] (Realtek Semiconductor)HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-01] (AVAST Software)HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe [525480 2013-12-13] (AdTrustMedia)Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)HKU\S-1-5-21-22898457-475237953-2159820137-1000\...\Run: [tmp5A5F] - wscript.exe //B "C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe" <===== ATTENTIONHKU\S-1-5-21-22898457-475237953-2159820137-1000\...\MountPoints2: {c40faf4e-69a3-11e2-86da-005056c00008} - G:\NokiaPCIA_Autorun.exeStartup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\eu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEA7CD5D4AFDCD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BRBHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1479528 2013-10-16] (Caixa Economica Federal)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.defaultFF NetworkProxy: "backup.ftp", "chasqueproxy.ufrgs.br"FF NetworkProxy: "backup.ftp_port", 3128FF NetworkProxy: "backup.socks", "chasqueproxy.ufrgs.br"FF NetworkProxy: "backup.socks_port", 3128FF NetworkProxy: "backup.ssl", "chasqueproxy.ufrgs.br"FF NetworkProxy: "backup.ssl_port", 3128FF NetworkProxy: "ftp", "chasqueproxy.ufrgs.br"FF NetworkProxy: "ftp_port", 3128FF NetworkProxy: "http", "chasqueproxy.ufrgs.br"FF NetworkProxy: "http_port", 3128FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "chasqueproxy.ufrgs.br"FF NetworkProxy: "socks_port", 3128FF NetworkProxy: "ssl", "chasqueproxy.ufrgs.br"FF NetworkProxy: "ssl_port", 3128FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: gastecnologia.com.br/sf/cef - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\npsf_CEF.dll (GAS Tecnologia)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xmlFF Extension: Ant Video Downloader - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\anttoolbar@ant.com [2013-12-30]FF Extension: Flash Video Downloader - Full HD Download - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\artur.dubovoy@gmail.com [2014-03-22]FF Extension: PrivDog - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-04-06]FF Extension: Download YouTube Videos as MP4 - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-12-30]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-27]FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\xpiFF Extension: GBBD Caixa Economica Federal - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-01-05] Chrome: =======CHR HomePage: about:blankCHR DefaultSearchKeyword: google.com.brCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No FileCHR Extension: (Google Docs) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-28]CHR Extension: (Google Drive) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-28]CHR Extension: (YouTube) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-28]CHR Extension: (PrivDog) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-06]CHR Extension: (Pesquisa do Google) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-28]CHR Extension: (Google Wallet) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2013-12-17]CHR Extension: (Gmail) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-28]CHR HKCU\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-12-17]CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-06] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-03] (AVAST Software)R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-02-27] (Comodo Security Solutions, Inc.)R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6812400 2014-03-25] (COMODO)S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [452968 2013-10-16] (GAS Tecnologia)R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-03] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-03] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-03] (AVAST Software)R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-03] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-29] ()S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider)R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-03-25] (COMODO)R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-03-25] (COMODO)S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [47192 2012-12-04] (GAS Tecnologia)R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-03-25] (COMODO)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [32848 2013-10-18] (VMware, Inc.)R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-08 08:41 - 2014-04-08 08:44 - 00000000 ____D () C:\FRST2014-04-06 08:14 - 2014-04-06 08:14 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Comodo2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia2014-04-06 08:09 - 2014-04-06 12:16 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO2014-04-06 08:09 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Comodo Downloader2014-04-06 08:09 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Comodo Downloader2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Shared Space2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Shared Space2014-04-06 08:09 - 2014-03-25 16:22 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll2014-04-06 08:09 - 2014-03-25 16:22 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll2014-04-06 08:09 - 2014-03-25 16:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll2014-04-06 08:09 - 2014-03-25 16:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll2014-04-03 23:29 - 2014-04-08 08:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-03 23:29 - 2014-04-07 23:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-03 23:29 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-03 23:29 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-03 23:29 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-12 08:12 - 2014-03-01 03:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-12 08:12 - 2014-03-01 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-12 08:12 - 2014-03-01 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-03-12 08:12 - 2014-03-01 01:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-12 08:12 - 2014-03-01 01:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-03-12 08:12 - 2014-03-01 01:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-03-12 08:12 - 2014-03-01 01:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-12 08:12 - 2014-03-01 01:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-03-12 08:12 - 2014-03-01 01:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-03-12 08:12 - 2014-03-01 01:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-03-12 08:12 - 2014-03-01 01:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-03-12 08:12 - 2014-03-01 01:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-03-12 08:12 - 2014-03-01 01:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-12 08:12 - 2014-03-01 01:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-03-12 08:12 - 2014-03-01 01:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-03-12 08:12 - 2014-03-01 01:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-12 08:12 - 2014-03-01 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-03-12 08:12 - 2014-03-01 00:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-12 08:12 - 2014-03-01 00:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-03-12 08:12 - 2014-03-01 00:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-03-12 08:12 - 2014-03-01 00:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-03-12 08:12 - 2014-03-01 00:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-03-12 08:12 - 2014-03-01 00:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-03-12 08:12 - 2014-03-01 00:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-12 08:12 - 2014-03-01 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-03-12 08:12 - 2014-03-01 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-03-12 08:12 - 2014-03-01 00:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-03-12 08:12 - 2014-03-01 00:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-03-12 08:12 - 2014-03-01 00:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-12 08:12 - 2014-03-01 00:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-03-12 08:12 - 2014-03-01 00:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-03-12 08:12 - 2014-03-01 00:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-12 08:12 - 2014-03-01 00:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-03-12 08:12 - 2014-03-01 00:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-03-12 08:12 - 2014-02-28 23:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-03-12 08:12 - 2014-02-28 23:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-12 08:12 - 2014-02-28 23:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-03-12 08:12 - 2014-02-28 23:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-03-12 08:12 - 2014-02-28 23:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-03-12 08:12 - 2014-02-28 23:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-03-12 08:12 - 2014-02-06 22:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-12 08:12 - 2014-01-28 23:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-12 08:12 - 2014-01-28 23:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll2014-03-12 08:12 - 2014-01-27 23:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2014-03-12 08:10 - 2014-02-03 23:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-03-12 08:10 - 2014-02-03 23:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-12 08:10 - 2014-02-03 23:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-12 08:10 - 2014-02-03 23:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-08 08:44 - 2014-04-08 08:41 - 00000000 ____D () C:\FRST2014-04-08 08:42 - 2009-07-14 01:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-08 08:42 - 2009-07-14 01:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-08 08:39 - 2013-01-28 20:43 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-08 08:23 - 2014-04-03 23:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-08 08:21 - 2013-01-26 09:07 - 01520385 _____ () C:\Windows\WindowsUpdate.log2014-04-08 08:20 - 2013-02-02 18:32 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Dropbox2014-04-08 08:17 - 2013-09-15 06:34 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\SysWOW64\Drivers\gbpndisrd.sys2014-04-08 08:17 - 2013-09-15 06:34 - 00010266 _____ () C:\Windows\SysWOW64\Drivers\ndisrd.cat2014-04-08 08:17 - 2013-09-15 06:34 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer2014-04-08 08:17 - 2013-01-28 20:43 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-08 08:17 - 2013-01-27 22:13 - 00000000 ____D () C:\Users\Todos os Usuários\VMware2014-04-08 08:17 - 2013-01-27 22:13 - 00000000 ____D () C:\ProgramData\VMware2014-04-08 08:17 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-08 08:17 - 2009-07-14 01:51 - 00090828 _____ () C:\Windows\setupact.log2014-04-08 08:16 - 2013-01-27 21:45 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA2014-04-08 08:16 - 2013-01-27 21:45 - 00000000 ____D () C:\ProgramData\NVIDIA2014-04-08 08:07 - 2014-04-08 08:07 - 00000000 ____D () C:\tmp5A5F.tmp.vbe2014-04-08 08:05 - 2009-07-14 14:55 - 00708536 _____ () C:\Windows\system32\prfh0416.dat2014-04-08 08:05 - 2009-07-14 14:55 - 00148902 _____ () C:\Windows\system32\prfc0416.dat2014-04-08 08:05 - 2009-07-14 02:13 - 01644176 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-07 23:34 - 2014-04-07 23:34 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-04-07 23:34 - 2014-04-03 23:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-07 23:17 - 2013-01-28 07:48 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-04-07 08:45 - 2013-01-28 20:15 - 00000000 ____D () C:\Users\eu\AppData\Local\VMware2014-04-07 02:24 - 2013-01-28 20:15 - 00000000 ____D () C:\Users\eu\AppData\Roaming\VMware2014-04-06 12:16 - 2014-04-06 08:09 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO2014-04-06 08:14 - 2014-04-06 08:14 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Comodo2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Comodo Downloader2014-04-06 08:12 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Comodo Downloader2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Shared Space2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Shared Space2014-04-06 08:09 - 2013-01-27 21:54 - 00002276 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk2014-04-05 21:04 - 2009-07-14 02:32 - 00000000 ____D () C:\Windows\system32\FxsTmp2014-04-05 18:26 - 2013-01-27 22:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-04-05 08:58 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-04-04 07:20 - 2013-01-27 21:46 - 00201142 _____ () C:\Windows\PFRO.log2014-04-03 23:39 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\IME2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-03 09:51 - 2014-04-03 23:29 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-03 09:51 - 2014-04-03 23:29 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-03 09:50 - 2014-04-03 23:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys014-03-31 09:43 - 2013-01-26 09:08 - 00000000 ___RD () C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-31 07:34 - 2013-01-28 20:43 - 00004056 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-31 07:34 - 2013-01-28 20:43 - 00003804 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-25 16:22 - 2014-04-06 08:09 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll2014-03-25 16:22 - 2014-04-06 08:09 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll2014-03-25 16:22 - 2014-04-06 08:09 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll2014-03-25 16:22 - 2014-04-06 08:09 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys2014-03-25 16:22 - 2012-10-05 00:32 - 00453680 _____ (COMODO) C:\Windows\system32\guard64.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00363504 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys2014-03-25 16:22 - 2012-10-05 00:32 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys2014-03-25 16:22 - 2012-10-05 00:32 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys2014-03-22 15:23 - 2013-12-28 00:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-03-17 23:43 - 2013-08-15 11:02 - 00000000 ____D () C:\Windows\system32\MRT2014-03-17 23:41 - 2013-01-28 19:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-03-12 21:57 - 2009-07-14 01:45 - 00414928 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-12 21:56 - 2014-01-01 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-12 21:56 - 2014-01-01 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-12 10:44 - 2013-02-15 22:01 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help2014-03-12 10:44 - 2013-02-15 22:01 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-03-11 20:17 - 2013-01-28 07:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-11 20:17 - 2013-01-28 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-11 20:17 - 2013-01-28 07:48 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater Some content of TEMP:====================C:\Users\eu\AppData\Local\Temp\googleupdatesetup.exeC:\Users\eu\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\eu\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\eu\AppData\Local\Temp\nvSCPAPI.dllC:\Users\eu\AppData\Local\Temp\nvStInst.exeC:\Users\eu\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 11:35 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by eu at 2014-04-08 08:45:00Running from D:\DownloadBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) HiddenAdobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)Adobe Reader XI (11.0.06) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)Atualizações da NVIDIA 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)Bullzip PDF Printer 9.7.0.1592 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.7.0.1592 - Bullzip)Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.)Desinstalar impressora EPSON TX230 Series (HKLM\...\EPSON TX230 Series) (Version: - SEIKO EPSON Corporation)Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)Epson Easy Photo Print 2 (HKLM-x32\...\{E65AE514-9C14-48DE-BAE5-64A4F9CB6FE5}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation)Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) HiddenEpson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)Fences (HKLM-x32\...\Fences) (Version: - Stardock Corporation)Fences (Version: 1.0 - Stardock Corporation) HiddenGBBD Caixa Econômica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.5.1.1 - )GeekBuddy (HKLM-x32\...\{2E36CDA2-F82F-4A6D-B269-4BAB6CD9930E}) (Version: 4.11.91 - Comodo Security Solutions Inc)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenJava 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenMalwarebytes Anti-Malware versão 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (PTB) (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Mozilla Firefox 26.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 pt-BR)) (Version: 26.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)MPC-HC 1.6.3.5818 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.3.5818 - MPC-HC Team)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)NVIDIA Driver de áudio HD 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)NVIDIA Driver de controle do 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)NVIDIA Driver de gráficos 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)NVIDIA Driver do 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) HiddenNVIDIA Software do sistema PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) HiddenNVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) HiddenPainel de controle da NVIDIA 314.22 (Version: 314.22 - NVIDIA Corporation) HiddenPANalytical X'Pert HighScore (HKLM-x32\...\{D81A0984-D494-4603-9BDE-C290B9DF02C8}) (Version: 2.0.1 - PANalytical B.V.)PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6813 - Realtek Semiconductor Corp.)Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden ==================== Restore Points ========================= 18-03-2014 02:41:30 Windows Update21-03-2014 10:22:43 Windows Update25-03-2014 10:29:31 Windows Update28-03-2014 22:48:22 Windows Update01-04-2014 21:23:42 Windows Update04-04-2014 22:56:05 Windows Update08-04-2014 11:01:38 Windows Update ==================== Hosts content: ========================== 2009-07-13 23:34 - 2013-12-17 19:35 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {124F6A4F-404E-4EAF-A157-604539B94266} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)Task: {23EED20D-8797-4A30-8A37-BB46417FB42F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28] (Google Inc.)Task: {373AD6EF-C6E4-4695-8456-EE826772B7F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)Task: {4025F3BA-0EC5-49FA-93B1-851FE01EB26A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-03] (AVAST Software)Task: {D12EDA79-E0C1-4A0B-8574-2CEA45912165} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)Task: {D24AD88A-AC87-4BDE-8327-DAFF532F619C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-28 23:36 - 2013-03-15 01:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-01-28 11:35 - 2014-01-28 11:35 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe2014-04-06 07:57 - 2014-04-06 04:21 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll2013-10-18 20:55 - 2013-10-18 20:55 - 25100288 _____ () C:\Users\eu\AppData\Roaming\Dropbox\bin\libcef.dll2014-02-27 12:33 - 2014-02-27 12:33 - 00976080 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtNetwork4.dll2014-02-27 12:33 - 2014-02-27 12:33 - 02254544 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtCore4.dll2013-11-20 22:46 - 2013-11-20 22:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-02-27 12:33 - 2014-02-27 12:33 - 08024784 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtGui4.dll2014-02-27 12:33 - 2014-02-27 12:33 - 01299664 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtScript4.dll2013-10-18 11:46 - 2013-10-18 11:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll2014-03-15 13:35 - 2014-03-14 21:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-15 13:35 - 2014-03-14 21:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll2014-03-15 13:35 - 2014-03-14 21:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\System32:9354C125_Cef.gbp ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 MouseDescription: Microsoft PS/2 MouseClass Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )Description: Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )Description: Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )Description: Error: (04/02/2014 07:51:24 PM) (Source: Application Hang) (User: )Description: O programa explorer.exe versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 4cc Hora de Início: 01cf4ec3e37d96f4 Hora de Término: 34 Caminho do Aplicativo: C:\Windows\explorer.exe Id do Relatório: 4d31d85d-bab9-11e3-bde2-005056c00008 Error: (04/02/2014 07:35:45 PM) (Source: Application Hang) (User: )Description: O programa Explorer.EXE versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 6e4 Hora de Início: 01cf4eb83ac60baf Hora de Término: 22 Caminho do Aplicativo: C:\Windows\Explorer.EXE Id do Relatório: 1a9f4af7-bab7-11e3-bde2-005056c00008 Error: (04/01/2014 08:07:25 AM) (Source: Application Error) (User: )Description: Nome de aplicativo com falha: wscript.exe, versão: 5.8.7601.18283, carimbo de hora: 0x5258a6e6Nome do módulo de falhas: RPCRT4.dll, versão: 6.1.7601.18205, carimbo de hora: 0x51dba4dcCódigo de exceção: 0xc0020043Deslocamento com falha: 0x000000000008a5d3Identificação do processo com falha: 0xdbcHora de início do aplicativo com falha: 0xwscript.exe0Caminho do aplicativo com falha: wscript.exe1FCaminho do módulo de falhas: wscript.exe2Identificação do Relatório: wscript.exe3 Error: (03/28/2014 07:34:04 AM) (Source: Application Hang) (User: )Description: O programa Explorer.EXE versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 6dc Hora de Início: 01cf4a6f8a9f14ad Hora de Término: 31 Caminho do Aplicativo: C:\Windows\Explorer.EXE Id do Relatório: 73f232b9-b664-11e3-b6e3-005056c00008 Error: (02/26/2014 07:07:24 PM) (Source: Application Hang) (User: )Description: O programa IEXPLORE.EXE versão 11.0.9600.16518 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: ba0 Hora de Início: 01cf333f1d24cefd Hora de Término: 10 Caminho do Aplicativo: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Id do Relatório: Error: (02/12/2014 03:17:04 PM) (Source: vmauthd) (User: )Description: 2014-02-12T16:17:04.474-02:00| vmware-authd.exe| E105: StartServiceCtrlDispatcher error = 1063 Error: (02/07/2014 01:54:03 PM) (Source: Application Error) (User: )Description: Nome de aplicativo com falha: IEXPLORE.EXE, versão: 11.0.9600.16428, carimbo de hora: 0x525b664cNome do módulo de falhas: aswWebRepIE.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x52d6c48cCódigo de exceção: 0xc0000005Deslocamento com falha: 0x62bd8162Identificação do processo com falha: 0x444Hora de início do aplicativo com falha: 0xIEXPLORE.EXE0Caminho do aplicativo com falha: IEXPLORE.EXE1FCaminho do módulo de falhas: IEXPLORE.EXE2Identificação do Relatório: IEXPLORE.EXE3 System errors:=============Error: (04/08/2014 08:20:17 AM) (Source: Service Control Manager) (User: )Description: Não foi possível iniciar o serviço NVIDIA Update Service Daemon devido ao seguinte erro: %%1069 Error: (04/08/2014 08:20:17 AM) (Source: Service Control Manager) (User: )Description: O serviço nvUpdatusService não pôde fazer logon como .\UpdatusUser com a senha configurada atualmente devido ao seguinte erro: %%1330 Para verificar se o serviço está configurado corretamente, use o snap-in de Serviços do Console de Gerenciamento Microsoft. Error: (04/08/2014 08:17:53 AM) (Source: Service Control Manager) (User: )Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: CFRMD Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:18 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Microsoft Office Sessions:=========================
  19. Stupid question, but I want to make sure I do this right. I have a Windows Vista computer and I would like to know what format my 32GB USB flash drive needs to be so I can copy some files onto it (Which I hope is the same as backing up). I tried searching on Google but all I could find was how to install WIndows from a flash drive onto a computer... Thank you.
  20. I got redirected to a suspected dodgey version of a bitcoin site (real site is .com this one identified itself as .cloudnet) Since then (few hours later) no apps would connect to the internet. Chrome would say could not connect to proxy, I don't use a proxy. Tor would connect though but that's because it uses its own proxy, not the system one. USB memory sticks have been acting weird too. I've been getting the 'this USB has a problem click to fix' error and an I/O error due to an invalid system string or application request. The laptop is pretty high spec and used to boot up in a flash and be very responsive. Now for the last day or so it's booting up slower, apps are slower and general response is sluggish. I've ran malware bytes on it in safe mode and nothing has come up. Would should I do next as I can get most of my data off. It's an HP laptop running Windows 8 Standard Edition x64. Cheers
  21. Dear everybody, Ouch-- I seem to have an infection that has slipped in. Right now I'm in rural Brazil, a place with a ton of viruses everywhere, and I'm teaching computer classes to kids in the countryside. Unfortunately, I think I have found a virus that I can't fix. It's a USB-carried virus that comes in on flash drives, and that hides the real files while turning everything into an apparent shortcut-- just like lots of autorun viruses that I've seen here. However, this one is not detected by the most recently-updated versions of either Malwarebytes or AVG. My other attempts to clean it have been pretty futile. When I run Windows 8 in Safe Mode and use the command prompt, I can successfully delete the virus file (entitled uvfllvmiuo..vbs) from the flash drive, but the infected computers will then reinfect the flash drive-- although, interestingly, it takes about five minutes for the reinfection to happen. I don't know enough to be able to tell where the infection resides on the infected computer. Now I'm going to paste the two logs. If it will help, I can also supply the content of the malicious vbs file. Any help you can offer will be GREATLY appreciated!!! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660Run by Frederick at 15:43:17 on 2013-08-23Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3980.2480 [GMT -3:00].AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2013\avgrsa.exeC:\Program Files (x86)\AVG\AVG2013\avgcsrva.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\system32\dwm.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\WLANExt.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\windows\system32\dashost.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\windows\system32\svchost.exe -k imgsvcC:\Windows\system32\TODDSrv.exeC:\Program Files\Toshiba\Teco\TecoService.exeC:\windows\system32\taskhostex.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exeC:\windows\Explorer.EXEC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Program Files (x86)\AVG\AVG2013\avgnsa.exeC:\Program Files (x86)\AVG\AVG2013\avgemca.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exeC:\Program Files\Toshiba\Teco\TecoResident.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\System32\wscript.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Windows\FSScrCtl.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files (x86)\USBAntivirus\USBAntivirus.exeC:\windows\system32\wbem\wmiprvse.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\msiexec.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============. uWindow Title = Internet Explorer provided by TOSHIBA mWindow Title = Internet Explorer provided by TOSHIBA mWinlogon: Userinit = userinit.exeBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dlluRun: [Facebook Update] "C:\Users\Frederick\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [uvfllvmiuo] wscript.exe //B "C:\Users\FREDER~1\AppData\Local\Temp\uvfllvmiuo..vbs"mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exemRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [uSBAntivirus.exe] C:\Program Files (x86)\USBAntivirus\USBAntivirus.exe -HideStartupFolder: C:\Users\FREDER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\Users\FREDER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCREEN~1.LNK - C:\Windows\FSScrCtl.exeStartupFolder: C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uvfllvmiuo..vbsIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: Interfaces\{9E8349DC-65FB-4CD3-8F48-30085B74A537} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{C8090479-2247-4BD0-82B5-F2AC2D7E29AB} : DHCPNameServer = 8.8.4.4 8.8.8.8TCP: Interfaces\{C8090479-2247-4BD0-82B5-F2AC2D7E29AB}\05C616975627020516C6163656 : DHCPNameServer = 192.168.0.1TCP: Interfaces\{C8090479-2247-4BD0-82B5-F2AC2D7E29AB}\2656C6B696E6E2264603 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{C8090479-2247-4BD0-82B5-F2AC2D7E29AB}\36F6E636F657273756 : DHCPNameServer = 10.3.0.1TCP: Interfaces\{C8090479-2247-4BD0-82B5-F2AC2D7E29AB}\57368696361676F6D2375636572756 : DHCPNameServer = 128.135.249.50 128.135.247.50TCP: Interfaces\{C8090479-2247-4BD0-82B5-F2AC2D7E29AB}\94028616675602779666960216E6460297F6570246F6E67247 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.0.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mWindow Title = Internet Explorer provided by TOSHIBA x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exex64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exex64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Frederick\AppData\Roaming\Mozilla\Firefox\Profiles\u142p7pn.default\FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - www.bing.com FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Frederick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2013-7-20 311608]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2013-7-10 45880]R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-11-20 645952]R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2013-7-9 248632]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]R2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-20 129856]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-20 166720]R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008]R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [2012-9-3 123320]R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [2012-9-3 126392]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-24 291240]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-20 365376]R3 FwLnk;FwLnk Driver;C:\windows\System32\Drivers\FwLnk.sys [2012-11-20 9216]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-13 103936]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-11-20 315536]R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256]R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-16 43832]R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 53384]R3 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-11-20 499096]R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]S1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2012-9-3 168608]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498256]S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656].=============== File Associations ===============.FileExt: .txt: txtfile=NOTEPAD.EXE %1 [userChoice].=============== Created Last 30 ================.2013-08-23 17:43:08 -------- d-----w- C:\Program Files (x86)\USBAntivirus2013-08-23 14:14:14 73378 --sha-w- C:\Users\Frederick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uvfllvmiuo..vbs2013-08-20 22:19:55 -------- d-----w- C:\windows\System32\MRT2013-08-20 12:19:14 240304 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10214.bin2013-08-19 15:31:58 3958784 ----a-w- C:\windows\System32\jscript9.dll2013-08-19 15:31:47 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll2013-08-19 15:31:47 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll2013-08-19 15:07:14 1889280 ----a-w- C:\windows\System32\crypt32.dll2013-08-19 15:07:13 337408 ----a-w- C:\windows\System32\wintrust.dll2013-08-19 15:07:13 261120 ----a-w- C:\windows\SysWow64\wintrust.dll2013-08-19 15:07:13 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll2013-08-19 15:07:12 98304 ----a-w- C:\windows\System32\apprepsync.dll2013-08-19 15:07:12 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll2013-08-19 15:07:12 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll2013-08-19 15:07:12 68096 ----a-w- C:\windows\System32\cryptsvc.dll2013-08-19 15:07:12 124416 ----a-w- C:\windows\System32\apprepapi.dll2013-08-19 14:58:52 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll2013-08-19 14:58:52 1314816 ----a-w- C:\windows\System32\rpcrt4.dll2013-08-19 14:55:28 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-08-14 14:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll2013-08-14 14:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll2013-08-14 01:05:12 56496 ----a-w- C:\windows\SysWow64\wbhelp2.dll2013-08-14 01:05:12 544768 ----a-w- C:\windows\SysWow64\wbocx.ocx2013-08-14 01:05:12 4608 ----a-w- C:\windows\SysWow64\W95INF32.DLL2013-08-14 01:05:12 33968 ----a-w- C:\windows\SysWow64\anim.dll2013-08-14 01:05:12 258352 ----a-w- C:\windows\SysWow64\unicows.dll2013-08-14 01:05:12 2272 ----a-w- C:\windows\SysWow64\W95INF16.DLL2013-08-13 19:17:36 -------- d-----w- C:\Program Files (x86)\EaseUS2013-08-07 13:58:32 -------- d-----w- C:\Users\Frederick\AppData\Local\Programs2013-07-30 14:30:04 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll2013-07-30 14:30:04 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll2013-07-30 14:30:04 1842176 ----a-w- C:\windows\SysWow64\dwmcore.dll2013-07-30 14:30:04 1453568 ----a-w- C:\windows\SysWow64\mfcore.dll2013-07-30 14:30:03 67584 ----a-w- C:\windows\SysWow64\samlib.dll2013-07-30 14:30:03 493056 ----a-w- C:\windows\SysWow64\mscms.dll2013-07-30 14:30:03 2106176 ----a-w- C:\windows\SysWow64\explorer.exe2013-07-30 14:27:07 997632 ----a-w- C:\windows\System32\drivers\ndis.sys.==================== Find3M ====================.2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll2013-07-26 05:13:28 915968 ----a-w- C:\windows\System32\uxtheme.dll2013-07-26 05:13:28 53760 ----a-w- C:\windows\System32\UXInit.dll2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-07-26 03:13:15 44032 ----a-w- C:\windows\SysWow64\UXInit.dll2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-07-26 00:54:34 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll2013-07-20 04:51:00 311608 ----a-w- C:\windows\System32\drivers\avgloga.sys2013-07-20 04:50:56 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys2013-07-20 04:50:56 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys2013-07-20 04:50:50 206648 ----a-w- C:\windows\System32\drivers\avgldx64.sys2013-07-10 04:32:38 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys2013-07-09 04:28:50 248632 ----a-w- C:\windows\System32\drivers\avgwfpa.sys2013-07-02 00:44:14 36288 ----a-w- C:\windows\System32\drivers\WdBoot.sys2013-07-01 22:08:49 247216 ----a-w- C:\windows\System32\drivers\WdFilter.sys2013-07-01 04:45:28 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys2013-06-27 22:04:51 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-27 22:04:51 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-06-01 11:54:16 194816 ----a-w- C:\windows\System32\drivers\sdbus.sys2013-06-01 11:54:10 125184 ----a-w- C:\windows\System32\drivers\dumpsd.sys2013-06-01 11:34:21 2391280 ----a-w- C:\windows\explorer.exe2013-06-01 11:29:35 337152 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS2013-06-01 11:29:35 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS2013-06-01 11:26:33 327936 ----a-w- C:\windows\System32\drivers\volsnap.sys2013-06-01 11:26:31 6987008 ----a-w- C:\windows\System32\ntoskrnl.exe2013-06-01 09:25:03 496640 ----a-w- C:\windows\SysWow64\qedit.dll2013-06-01 09:23:06 680960 ----a-w- C:\windows\System32\vds.exe2013-06-01 09:22:47 80896 ----a-w- C:\windows\System32\MbaeParserTask.exe2013-06-01 09:22:33 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll2013-06-01 09:22:33 446976 ----a-w- C:\windows\System32\wwansvc.dll2013-06-01 09:22:09 190976 ----a-w- C:\windows\System32\vdsutil.dll2013-06-01 09:21:39 729600 ----a-w- C:\windows\System32\samsrv.dll2013-06-01 09:21:39 106496 ----a-w- C:\windows\System32\samlib.dll2013-06-01 09:21:34 595968 ----a-w- C:\windows\System32\qedit.dll2013-06-01 09:20:45 583168 ----a-w- C:\windows\System32\mscms.dll2013-06-01 09:20:34 1527808 ----a-w- C:\windows\System32\mfcore.dll2013-06-01 09:20:34 1048576 ----a-w- C:\windows\System32\mfasfsrcsnk.dll2013-06-01 09:20:04 2219520 ----a-w- C:\windows\System32\dwmcore.dll2013-06-01 09:19:58 207872 ----a-w- C:\windows\System32\DeviceSetupManager.dll2013-06-01 09:19:42 785408 ----a-w- C:\windows\System32\audiosrv.dll2013-06-01 03:08:57 37632 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys2013-05-30 23:14:23 4036096 ----a-w- C:\windows\System32\win32k.sys.============= FINISH: 15:43:58.12 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 12/22/2012 2:12:09 PMSystem Uptime: 8/23/2013 3:11:41 PM (0 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: Intel® Core i3-3110M CPU @ 2.40GHz | U3E1 | 1200/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 426 GiB total, 234.85 GiB free.D: is CDROM ()E: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP38: 7/30/2013 11:57:30 AM - Windows UpdateRP39: 8/11/2013 9:56:45 AM - Scheduled CheckpointRP40: 8/19/2013 11:55:45 AM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 11 PluginAdobe Reader X (10.1.7)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverAudacity 2.0.2AVG 2013Bejeweled 3D3DX10EaseUS Data Recovery Wizard 6.1Facebook Video Calling 1.2.0.287FarmscapesFATEFFmpeg v0.6.2 for AudacityGoogle ChromeGoogle Update HelperIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® Trusted Connect Service ClientLAME v3.99.3 (for Windows)Malwarebytes Anti-Malware versão 1.75.0.1300Microsoft Application Error ReportingMicrosoft OfficeMicrosoft Office Basic Edition 2003Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Movie MakerMozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT110MSVCRT110_amd64Norton Online BackupNorton Online Backup ARANorton PC CheckupNorton Security DashboardOpenOffice.org 3.4.1OpenOffice.org 3.4.1 Language Pack (French)OpenOffice.org 3.4.1 Language Pack (Portuguese (Brazil))OpenOffice.org 3.4.1 Language Pack (Spanish)OriginPacote de Compatibilidade para o sistema Office 2007Penguins!Photo CommonPhoto GalleryPlants vs. Zombies - Game of the YearPlayReady PC Runtime amd64Polar BowlerPuTTY version 0.62Realtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRealtek WLAN DriverSkype Click to CallSkype™ 6.6Synaptics Pointing Device DriverThe Old Masters - Johannes Vermeer Screen SaverToshiba App PlaceTOSHIBA Application InstallerTOSHIBA Audio EnhancementToshiba Book PlaceTOSHIBA Desktop AssistTOSHIBA eco UtilityTOSHIBA Function KeyTOSHIBA Password UtilityTOSHIBA PC Health MonitorTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA Resolution+ Plug-in for Windows Media PlayerTOSHIBA Service StationTOSHIBA System DriverTOSHIBA System SettingsTOSHIBA User's GuideTOSHIBA VIDEO PLAYERTOSHIBARegistrationUpdate Installer for WildTangent Games AppUSB Drive Antivirus 3.01Virtual Villagers 4 - The Tree of LifeVisual Studio 2010 x64 RedistributablesVLC media player 2.0.6WildTangent GamesWildTangent Games App (Toshiba Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWinSCP 5.1.2.==== Event Viewer Messages From Past Week ========.8/23/2013 3:11:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}8/23/2013 3:11:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.8/23/2013 3:11:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.8/23/2013 3:11:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}8/23/2013 3:11:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}8/23/2013 3:10:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/23/2013 3:10:42 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.8/23/2013 3:09:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}8/23/2013 3:09:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}8/23/2013 3:08:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}8/23/2013 3:08:44 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.8/23/2013 3:05:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}8/23/2013 2:58:12 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.8/23/2013 2:13:31 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.8/23/2013 1:35:46 PM, Error: Service Control Manager [7023] - The Interactive Services Detection service terminated with the following error: Incorrect function.8/23/2013 1:01:31 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.8/21/2013 12:05:46 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on E: cannot be read.8/20/2013 7:22:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Windows 8 for x64-based Systems (KB2863058).8/20/2013 7:22:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Windows 8 for x64-based Systems (KB2856373).8/20/2013 7:22:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Windows 8 for x64-based Systems (KB2849470).8/20/2013 7:22:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2840632).8/20/2013 7:22:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Windows 8 for x64-based Systems (KB2868623).8/20/2013 11:19:51 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Douglass\Frederick SID (S-1-5-21-3496823482-2175649100-2451641561-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool..==== End Of File =========================== Thank you so much-- this will really help me to go back to teaching the kids! appreciatively, -Duff
  22. Hello, I recently plugged in my usb drive into my computer and suddenly found my files on the usb to have changed: the folders turned to shortcuts and the files turned unreadable. I scanned and removed what was found and thought thats that. Then today i plugged in another usb saved some files and removed it, i realized i forgot one file and so plugged it back in and somehow the files got corrupted again! So i figured my computer might also be infected. Here's the hijackthis log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 03:41:02 ?.?, on 2013/07/16Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\TOSHIBA\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Real\RealPlayer\update\realsched.exeC:\WINDOWS\system32\TPSBattM.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exeC:\Program Files\Avro Keyboard\Avro Keyboard.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\FsUsbExService.ExeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeC:\Program Files\Hotspot Shield\bin\hsswd.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Arif\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\Arif\Desktop\Unused Desktop Shortcuts\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%sR3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dllO2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Arif\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.cortona3d.com/bin/cortvrml.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E5034589-69F6-448F-9EB0-63BA2F34919F}: NameServer = 103.15.164.21 8.8.8.8O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DCService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.ExeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\openvpnas.exeO23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeO23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXEO23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeO23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe --End of file - 13653 bytes I also tried to use bit defender's immuniser on the 1st infected usb and it could do it giving me this log: [16-7-2013 15:3] Immunizer started[16-7-2013 15:3] BDMetrics Loaded Successfully[16-7-2013 15:3] Config loaded successfully[16-7-2013 15:3] Current Number of Immunized Devices = 1[16-7-2013 15:3] Failed to Remove directory. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize1.dir. Err = 5[16-7-2013 15:3] directory removed: \\?\F:\autorun.inf\bdsanitize1.dir.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize1.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize1.file.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.file.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize1.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize1.file.[16-7-2013 15:3] Failed to Remove file. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize2.file. Err = 5[16-7-2013 15:3] File removed: \\?\F:\autorun.inf\bdsanitize2.dir\bdsanitize2.file.[16-7-2013 15:3] Failed to Remove directory. Trying to reset attributes: \\?\F:\autorun.inf\bdsanitize2.dir. Err = 5[16-7-2013 15:3] directory removed: \\?\F:\autorun.inf\bdsanitize2.dir.[16-7-2013 15:3] directory removed: \\?\F:\autorun.inf.[16-7-2013 15:3] Could not lock Fat32 volume: F: ,error = 0x5[16-7-2013 15:3] Could not unlock Fat32 volume: F: ,error = 0x9E[16-7-2013 15:3] Could not immunize drive F: Thanks for taking the time to read this, any help will be appreciated.
  23. ICE ransomware has taken control. Can I run malware off a bootable USB?
  24. It started out very random but has gotten incresingly more frequent. SYMPTOMS: BSoD after running any extensive multimedia programs (Music, Games, Youtube Videos, etc.) BSoD: DRIVER_IRQ_NOT_LESS_OR_EQUAL MS Knowledge Base says the cause is a USB driver and offers a Fix, but the Fix does nothing Reboot computer and it hangs just after the POST (just before WinXP LogIn Screen shows up) My work-around has been to turn off all external USB devices and see what is causing the hang-up. To my suprise I noticed that if I turn off my Focusrite Firewire Audio Interface before booting up the computer it starts up fine. I'm under the impression that this error has something to do with my firewire card and my audio interface. Also noticed while watching Youtube videos, scrolling the screen while the video is playing causes the audio to become garbled and out of sync with the video. This also happens if audio is playing (WMP) while browsing the web. My interface has a light on the front that indicates when the firewire is connected. It periodicly blinks when audio is out of sync. I haven't changed my setup for a long time so everything is as it has always been and it all worked fine. Please, any assistance in this matter would be great Thank you in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.