Jump to content

Search the Community

Showing results for tags 'Worm'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 23 results

  1. So it looks like I have accidentally visited a shady web page, that infected my computer. Now I have ads popping on my desktop every 30 minutes or so. I did however uninstall google chrome, but the ads kept popping anyway. I have so far tried these antivirus programs: - rogueKiller - adwcleaner - Malwarebytes - Junkware Removal Tool - TDSSKiller - RKill - SuperAntiSpyware But none of them worked. The ads still pop up. I have attached a screenshot of how the ads look. Does anyone have an idea, how to remove them? I don' t want to reinstall windows if I can. SCREENSHOT https://imagizer.imageshack.com/img922/1739/QIUScV.png
  2. Got the casper virus among others, can't get rid of it. Tried MWB, SpybotSD, avast!, avira, KaperskyTDSSKiller, CCCleaner...fried a new laptop doing some manual removals, using this old one that is known to be very infected. Lasting past system resets. In registry files, among others. Files the virus(es) hide in contain: _8wekyb3d8bbwe _kzf8qxf38zg5c _htrsf667h5kn2 _31bf3856as364e35 _b03f5f7f11d50a3a _6595b64144ccf1df _b77a5c561934e089 Presuming the next steps will be HijackThis, but I'm not too familiar and would still like to be able to troubleshoot - am wary about playing with Reg files after killing the new laptop [can't factory reset it at this point, need DBAN and Win Install]. Any pointers? Regards, Chris MWBnov3.txt FRST.txt Addition.txt Shortcut.txt
  3. So i have that annoying hku goes back and back. I tried deleting it manually without mbam scans first,then, (i cant delete it even with regdellnull) it deleted my computer cant open anything, so i force shut down laptop. user got deleted and created another user without admin rights and cant open task manager. my laptop would be doomed if not for mbam but it is still there and always comes back. help in deleting that *****.? i also got those annoying pop-up shortcuts that always comes back image is shown below. Addition.txt FRST.txt hku disable registry and task manager appeared after restart and scan while i was trying to manually delete the hku 1-5-21.txt pop up shortcuts.docx
  4. I've been trying to remove malware in my computer for days now but I can't seem to completely get rid of them I can't even download malwarebytes, I've deleted all the Untrusted Certificates and I've deleted some in the trusted ones too cause I recognized the virus put it's self there. When I try to download malwarebytes I get Runtime error at 351:120 Could not call proc. Please help me i'm considering to dust the whole pc cause I can't get rid of these viruses
  5. So I have this nasty virus that started out as a bitcoin miner virus because every time I open taskmgr it goes up to 99% cpu and then goes back down. I though hmm maybe its a virus so i use Malwarebytes to see if I can delete it. Malwarebytes didn't detect anything so I thought it wasn't a virus i've tried everything nothing worked I reset my laptop to factory settings 3 times nothing worked. Also this may also be a rootkit because 1 time my whole laptop went unusable when I start up windows it says error program has not started and happened for all my programs on my computer I could not open anything even malwarebytes. Now I was scared I gave up a few weeks after I got the virus cause I thought it would get worse if I tampered with it. But then apparently the virus also uses your cpu using undetectable processes. I used processor explorer and autorun to see if I could find anything I found nothing suspicious. I had 0 programs using cpu but I am using 2% cpu I do not have a lot of programs running I only have 43. This virus is apparently also a worm because it traveled to 2 of my other computers probably through emails.Now Im really desperate for help because all my computers are really slow im focusing on fixing the carrier of the virus mt toshiba satellite intel because if the carrier of the virus gets taken down so does all the others. Please help me remove this virus its very hard to remove and unsafe. Here are my specs, Thank You win 8.1 Intel Pentium CPU 2020m 2,40GHz Ram: 4.00 (3.88 usable)
  6. Hello. There is a computer virus (worm.viking) going around the university where I work here in China, and I couldn't help but notice after MalwareBytes quarantines and deletes everything ... and after running the check again, everything is still there, although no longer accessible. Is there a way to get access to it again? (Some I can get to directly if I know the path, but not everything) I reported the problem to the school, and it seems to have been fixed. That is, the virus is no longer on the computers. Thank you.
  7. I feel like I've been living with either fileless malware or paralyzed AVs for a year now. Similar symptoms on another machine on the same network. Driving me so crazy that I feel like I'm seeing it on all devices, regardless of platform whenever I'm at my house. I hope someone here can put this to rest. A part of me doesn't even think I'm posting on a real network by posting on this forum. But we'll give it a whirl (again). FRST.txt Addition.txt well.txt DxDiag.txt
  8. Malwarebytes version 3.0.6 premium trial found 12 pup files and 2 adware files in the scan. Clicked quarantine and after several hours it was still on the spinning wheel with 0 threats added to quarantine. I scanned with FARBAR and attached those logs. There appeared to be hidden adware that has to be removed manually among other things. Please HELP FRST.txt Addition.txt
  9. JANUARY 2nd, 2017 Around 5am this morning my date changed and the system created a restore point with a future date of 1/3/2017, I tried to restore computer but "system restore" would not work so I had to result to an Acronis back-up from the 29th. I am thinking this bug is somehow hacking my router, because since I reinstalled I could never connect to the 5.5Mhz only the 2.4Mhz would connect, but now I can connect to both, wow. Anyway this date thing happened twice now since the reinstall so I seem to be carrying an inside bug OR malwarebytes is missing this hacker when he takes over my computer. I can visualize Classrooms in China and India with hundreds of students whose soul purpose is to learn how to hack American Computers, hopefully, Trump will do something to stop this internet piracy. Unfortunately I think Malwarebytes is jumping the gun when they say that MB3 is all one needs cause it makes anti-virus obsolete ...notta. Neither Norton Security or Malwarebytes is stopping this hacking of my computer so I am looking for a fix, also when this happened ... amazingly Malwarebytes pops up a page which says to buy MB3 premium as if I am not already licensed in some form thru one of my other malwarebytes licenses. IS Malwarebytes involved in making my computer look like it is being hacked so I will fork out $39.95.... I don't mind paying for a product which does what it says but so far MB3 is not proving to be fool proof for the hackers around the world. I still respect and admire Malwarebytes I am just saying I have a problem and it needs fixing. I will attempt to download the farbar and send the associated frst and addition files. Blessings and HOPE for all of us, we surely need it.
  10. OK, I've downloaded the FarBar software and it is on my desktop, but when I double click to Run I get the following message: Windows Smartscreen prevented an unrecognized app from starting ... Any suggestions? Regards, Rudy
  11. Recently I've found windows.exe in my laptops public documents folder and also in task manager have seen Pevz.exe running and then dissapearing then running again. I'm currently in safe mode. Here are the FRST scan results: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015Ran by Michael and Bubba (administrator) on MICHAELS_LAPTOP on 27-06-2015 21:42:53Running from C:\Users\Michael and Bubba\DownloadsLoaded Profiles: Michael and Bubba (Available Profiles: Michael and Bubba & JJ & Administrator)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: Safe Mode (with Networking)Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files\Webroot\WRSA.exe(Webroot) C:\Program Files\Webroot\WRSA.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-10] (Realtek Semiconductor)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-12] (Webroot)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoViewOnDrive] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKLM\...\Policies\Explorer: [NoViewContextMenu] 0HKLM\...\Policies\Explorer: [NoShellSearchButton] 0HKLM\...\Policies\Explorer: [NoFind] 0HKLM\...\Policies\Explorer: [NoFile] 0HKLM\...\Policies\Explorer: [HideClock] 0HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKLM\...\Policies\Explorer: [NoSetFolders] 0HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0HKLM\...\Policies\Explorer: [NoSetTaskbar] 0HKLM\...\Policies\Explorer: [NoDeletePrinter] 0HKLM\...\Policies\Explorer: [NoDFSTab] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0HKLM\...\Policies\Explorer: [NoLogoff] 0HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 0HKLM\...\Policies\Explorer: [NoSaveSettings] 0HKLM\...\Policies\Explorer: [NoHardwareTab] 0HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKLM\...\Policies\Explorer: [NoDesktop] 0HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [8368732 2015-06-13] ()HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\system: [DisableCMD] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-05-12]ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-05-12]ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2015-05-12] (Webroot)ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2015-05-12] (Webroot)ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2015-05-12] (Webroot)ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2015-05-12] (Webroot) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comHKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comHKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.comURLSearchHook: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No FileSearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent.com/?appId=775744ab-f7cb-4df3-bbab-7be5da016548&ref=toolbox&q={searchTerms}SearchScopes: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 -> DefaultScope {74EACC67-6DA7-44E4-BF4E-245D4EB45269} URL = SearchScopes: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 -> {74EACC67-6DA7-44E4-BF4E-245D4EB45269} URL = SearchScopes: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent.com/?appId=775744ab-f7cb-4df3-bbab-7be5da016548&ref=toolbox&q={searchTerms}BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll No FileBHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-12] (Webroot)BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-03] (Webroot)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-16] (Oracle Corporation)BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No FileBHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll No FileBHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-12] (Webroot)BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-03] (Webroot)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-16] (Oracle Corporation)BHO-x32: Filter Results -> {dd4c66b8-f943-4b10-8053-7e9ee39bba4a} -> C:\Program Files (x86)\Filter Results\Extensions\dd4c66b8-f943-4b10-8053-7e9ee39bba4a.dll [2015-06-25] ()Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-12] (Webroot)Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-12] (Webroot)Hosts: Hosts file not detected in the default directoryTcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-16] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-16] (Oracle Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) Chrome: =======CHR Profile: C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]CHR Extension: (Google Docs) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]CHR Extension: (Google Drive) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-16]CHR Extension: (YouTube) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-16]CHR Extension: (Google Search) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-16]CHR Extension: (Google Sheets) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]CHR Extension: (Webroot Filtering Extension) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-05-12]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-05-17]CHR Extension: (Google Wallet) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]CHR Extension: (Webroot Password Manager) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-05-12]CHR Extension: (Gmail) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-16]CHR HKLM-x32\...\Chrome\Extension: [adpeheiliennogfclcgmchdfdmafjegc] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.57.crx [2015-05-12]CHR HKLM-x32\...\Chrome\Extension: [nociobghckdhokecfeajdpimjeapnopn] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-05-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-04-10] ()S2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2015-05-26] (SIEN S.A.)S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-27] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-27] (Microsoft Corporation)R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-12] (Webroot)S2 IMService; C:\Program Files (x86)\Common Files\Umbrella\Umbrella262.exe [X]S2 Service Mgr FilterResults; "C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe" [X]S2 Update Mgr FilterResults; "C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)S1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-27] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32496 2013-02-06] (Synaptics Incorporated)R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-27] (Microsoft Corporation)R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-12] (Webroot)S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-03] (Webroot)U0 SR; No ImagePathU2 srservice; No ImagePathS1 wsfd_1_10_0_19; system32\drivers\wsfd_1_10_0_19.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 21:42 - 2015-06-27 21:44 - 00027434 _____ C:\Users\Michael and Bubba\Downloads\FRST.txt2015-06-27 21:30 - 2015-06-27 21:30 - 00000000 ____D C:\WINDOWS\SysWOW64\Hotspot Shield2015-06-27 21:13 - 2015-06-27 21:13 - 00000127 _____ C:\zoek-results.log2015-06-27 21:08 - 2015-06-27 21:28 - 00001591 _____ C:\runcheck.txt2015-06-27 21:07 - 2015-06-27 21:07 - 00000000 ____D C:\zoek_backup2015-06-27 21:04 - 2015-06-27 21:05 - 00031800 _____ C:\Users\Michael and Bubba\Desktop\Addition.txt2015-06-27 21:03 - 2015-06-27 21:05 - 00054112 _____ C:\Users\Michael and Bubba\Desktop\FRST.txt2015-06-27 21:02 - 2015-06-27 21:42 - 00000000 ____D C:\FRST2015-06-27 21:01 - 2015-06-27 21:01 - 00030163 _____ C:\Users\Michael and Bubba\Desktop\Result.txt2015-06-27 20:58 - 2015-06-27 21:01 - 02112512 _____ (Farbar) C:\Users\Michael and Bubba\Downloads\FRST64.exe2015-06-27 20:58 - 2015-06-27 21:00 - 00025624 _____ C:\Users\Michael and Bubba\Desktop\reg.txt2015-06-27 20:57 - 2015-06-27 20:58 - 00278831 _____ C:\Users\Michael and Bubba\Downloads\wireless.exe2015-06-26 10:30 - 2015-06-26 10:36 - 00000000 ____D C:\Program Files (x86)\PCMATICPLUSSOL2015-06-26 10:30 - 2015-06-26 10:30 - 00003720 _____ C:\WINDOWS\System32\Tasks\boosterpop2015-06-26 10:30 - 2015-06-26 10:30 - 00003718 _____ C:\WINDOWS\System32\Tasks\IEError2015-06-26 10:30 - 2015-06-26 10:30 - 00003534 _____ C:\WINDOWS\System32\Tasks\AI_Updater2015-06-26 10:29 - 2015-06-26 10:29 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Local\PCMATICPLUS2015-06-26 10:11 - 2015-06-27 21:30 - 00001984 _____ C:\WINDOWS\PFRO.log2015-06-26 10:10 - 2015-06-26 10:10 - 00000010 _____ C:\Users\Public\Documents\test.txt2015-06-26 01:15 - 2015-06-26 01:15 - 60822638 _____ C:\Users\Michael and Bubba\Downloads\4840 - Pokemon - SoulSilver Version (v10) (E).zip2015-06-26 01:12 - 2015-06-26 01:12 - 00000000 ____D C:\Users\Michael and Bubba\Downloads\Pokemon - SoulSilver Version (US)2015-06-26 01:12 - 2015-06-13 05:59 - 08368732 _____ C:\Users\Public\Documents\windows.exe2015-06-26 01:11 - 2015-06-26 01:16 - 00000000 ____D C:\Users\Michael and Bubba\Downloads\desmume-0.9.11-win322015-06-26 01:11 - 2015-06-26 01:11 - 00000000 ____D C:\Program Files (x86)\Iminent2015-06-26 01:10 - 2015-06-26 01:10 - 01194684 _____ C:\Users\Michael and Bubba\Downloads\desmume-0.9.11-win32.zip2015-06-26 01:09 - 2015-06-26 01:09 - 59587493 _____ C:\Users\Michael and Bubba\Downloads\Pokemon - SoulSilver Version (US).zip2015-06-26 01:09 - 2015-06-26 01:09 - 01162819 _____ C:\Users\Michael and Bubba\Downloads\CR_Downloader_for_desmume.jse2015-06-26 01:02 - 2015-06-26 01:02 - 06260496 _____ C:\Users\Michael and Bubba\Downloads\Super Mario 64 (USA).zip2015-06-26 00:59 - 2015-06-26 10:35 - 00000000 ____D C:\Program Files (x86)\Portable WeatherApp2015-06-26 00:59 - 2015-06-26 00:59 - 00003690 _____ C:\WINDOWS\System32\Tasks\IE_ERR4WDR2015-06-26 00:59 - 2015-06-26 00:59 - 00003666 _____ C:\WINDOWS\System32\Tasks\HDNINSTSCHD2015-06-26 00:59 - 2015-06-26 00:59 - 00003532 _____ C:\WINDOWS\System32\Tasks\UPDTEXE4_WDR2015-06-26 00:58 - 2015-06-26 00:58 - 03703013 _____ C:\Users\Michael and Bubba\Downloads\Project64 2.1.rar2015-06-26 00:57 - 2015-06-26 10:21 - 00000000 ____D C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b32015-06-26 00:57 - 2015-06-26 00:57 - 00000000 ____D C:\Program Files (x86)\Filter Results2015-06-26 00:56 - 2015-06-26 00:56 - 01162819 _____ C:\Users\Michael and Bubba\Downloads\CR_Downloader_for_project64.jse2015-06-23 11:44 - 2015-06-23 11:44 - 00000222 ____C C:\Users\Michael and Bubba\Desktop\Heroes & Generals.url2015-06-22 02:15 - 2015-06-22 02:15 - 00000220 ____C C:\Users\Michael and Bubba\Desktop\Uplink.url2015-06-13 14:05 - 2015-06-13 14:05 - 06503984 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\vcredist_x86 (2).exe2015-06-11 19:31 - 2015-06-11 19:31 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Local\GWX2015-06-11 19:28 - 2015-06-26 10:41 - 00000693 _____ C:\WINDOWS\setupact.log2015-06-11 19:28 - 2015-06-11 19:28 - 00000000 _____ C:\WINDOWS\setuperr.log2015-06-11 19:24 - 2015-06-11 19:24 - 00001927 _____ C:\Users\Michael and Bubba\Documents\Women.txt2015-06-11 19:21 - 2015-06-11 19:21 - 07194312 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\vcredist_x64.exe2015-06-11 19:21 - 2015-06-11 19:21 - 06503984 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\vcredist_x86 (1).exe2015-06-10 11:00 - 2015-04-01 16:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll2015-06-10 11:00 - 2015-04-01 16:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll2015-06-10 11:00 - 2015-03-19 21:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll2015-06-10 11:00 - 2015-03-19 21:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll2015-06-10 11:00 - 2015-03-19 20:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll2015-06-10 11:00 - 2015-03-19 20:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2015-06-10 10:59 - 2015-05-27 08:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-06-10 10:59 - 2015-05-27 08:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-06-10 10:59 - 2015-05-25 07:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll2015-06-10 10:59 - 2015-05-25 07:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll2015-06-10 10:59 - 2015-05-22 21:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-06-10 10:59 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec2015-06-10 10:59 - 2015-05-22 21:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-06-10 10:59 - 2015-05-22 21:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-06-10 10:59 - 2015-05-22 21:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2015-06-10 10:59 - 2015-05-22 20:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2015-06-10 10:59 - 2015-05-22 20:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-06-10 10:59 - 2015-05-22 20:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2015-06-10 10:59 - 2015-05-22 20:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-06-10 10:59 - 2015-05-22 20:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-06-10 10:59 - 2015-05-22 20:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-06-10 10:59 - 2015-05-22 20:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2015-06-10 10:59 - 2015-05-22 20:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-06-10 10:59 - 2015-05-22 20:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-06-10 10:59 - 2015-05-22 20:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2015-06-10 10:59 - 2015-05-22 20:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-06-10 10:59 - 2015-05-22 20:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-06-10 10:59 - 2015-05-22 20:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-06-10 10:59 - 2015-05-22 13:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-06-10 10:59 - 2015-05-22 13:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-06-10 10:59 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec2015-06-10 10:59 - 2015-05-22 12:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-06-10 10:59 - 2015-05-22 12:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll2015-06-10 10:59 - 2015-05-22 12:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-06-10 10:59 - 2015-05-22 12:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2015-06-10 10:59 - 2015-05-22 12:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-06-10 10:59 - 2015-05-22 12:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2015-06-10 10:59 - 2015-05-22 12:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2015-06-10 10:59 - 2015-05-22 12:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-06-10 10:59 - 2015-05-22 12:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-06-10 10:59 - 2015-05-22 12:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-06-10 10:59 - 2015-05-22 12:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-06-10 10:59 - 2015-05-22 12:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-06-10 10:59 - 2015-05-22 11:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-06-10 10:59 - 2015-05-22 11:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-06-10 10:59 - 2015-05-22 11:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-06-10 10:59 - 2015-05-22 11:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-06-10 10:59 - 2015-05-22 11:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-06-10 10:59 - 2015-05-22 07:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2015-06-10 10:59 - 2015-05-21 07:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2015-06-10 10:59 - 2015-05-21 07:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll2015-06-10 10:59 - 2015-05-21 07:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2015-06-10 10:59 - 2015-05-21 07:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2015-06-10 10:59 - 2015-05-21 07:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2015-06-10 10:59 - 2015-05-21 07:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll2015-06-10 10:59 - 2015-04-24 20:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll2015-06-10 10:59 - 2015-04-24 20:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll2015-06-10 10:59 - 2015-04-16 16:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2015-06-10 10:59 - 2015-04-16 00:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS2015-06-10 10:59 - 2015-04-13 16:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll2015-06-10 10:59 - 2015-04-13 16:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll2015-06-10 10:59 - 2015-04-09 18:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll2015-06-10 10:59 - 2015-04-09 18:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll2015-06-10 10:59 - 2015-04-08 16:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll2015-06-10 10:59 - 2015-04-08 16:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml2015-06-10 10:59 - 2015-03-31 22:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe2015-06-10 10:59 - 2015-03-31 22:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll2015-06-10 10:59 - 2015-03-31 22:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll2015-06-10 10:59 - 2015-03-31 22:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll2015-06-10 10:59 - 2015-03-31 21:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll2015-06-10 10:59 - 2015-03-31 21:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll2015-06-10 10:59 - 2015-03-31 21:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe2015-06-10 10:59 - 2015-03-31 20:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll2015-06-10 10:59 - 2015-03-31 20:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe2015-06-10 10:59 - 2015-03-31 20:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll2015-06-10 10:59 - 2015-03-31 20:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll2015-06-10 10:59 - 2015-03-31 20:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll2015-06-10 10:59 - 2015-03-31 20:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe2015-06-10 10:59 - 2015-03-01 19:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll2015-06-10 10:59 - 2015-03-01 19:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll2015-06-10 10:58 - 2015-05-21 10:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2015-06-08 17:28 - 2015-06-08 17:28 - 00017627 _____ C:\WINDOWS\DirectX.log2015-06-08 17:06 - 2015-06-08 17:06 - 00000219 ____C C:\Users\Michael and Bubba\Desktop\Counter-Strike Global Offensive.url2015-06-08 17:05 - 2015-06-27 21:29 - 01540646 _____ C:\WINDOWS\WindowsUpdate.log2015-06-08 14:06 - 2015-06-08 14:07 - 00000000 ___DC C:\Users\Michael and Bubba\Desktop\Cloverfield.2008.Bluray.1080p.TrueHD.x264-Grym2015-06-04 15:47 - 2015-06-04 15:47 - 06503984 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\vcredist_x86.exe2015-06-04 15:46 - 2015-06-04 15:47 - 01021432 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\NDP451-KB2859818-Web.exe2015-06-04 15:41 - 2015-06-04 15:41 - 00266065 _____ C:\Users\Michael and Bubba\Downloads\dotnetfx_cleanup_tool.zip2015-06-04 15:14 - 2015-06-04 15:14 - 00000252 _____ C:\Users\Michael and Bubba\Documents\blah.txt2015-06-04 12:05 - 2015-06-04 12:05 - 02375168 _____ C:\Users\Michael and Bubba\Downloads\UnknownPortal.exe2015-05-28 11:35 - 2015-05-28 11:35 - 27410968 _____ (OpenVPN Technologies) C:\Users\JJ\Downloads\privatetunnel-win-2.4.exe2015-05-28 11:25 - 2015-05-28 11:25 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1362732575-3396155743-3495565454-10022015-05-28 11:20 - 2015-06-26 10:14 - 00002268 _____ C:\Users\JJ\Desktop\Google Chrome.lnk2015-05-28 11:20 - 2015-06-26 10:14 - 00001451 _____ C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-05-28 11:20 - 2015-05-28 11:21 - 00000000 ____D C:\Users\JJ\AppData\Local\Packages2015-05-28 11:20 - 2015-05-28 11:20 - 00000020 ___SH C:\Users\JJ\ntuser.ini2015-05-28 11:20 - 2015-05-28 11:20 - 00000000 ____D C:\Users\JJ\AppData\Roaming\Adobe2015-05-28 11:20 - 2015-05-28 11:20 - 00000000 ____D C:\Users\JJ\AppData\Local\Toshiba2015-05-28 11:20 - 2015-05-28 11:20 - 00000000 ____D C:\Users\JJ\AppData\Local\Google2015-05-28 11:20 - 2015-05-28 11:20 - 00000000 ____D C:\Users\JJ\AppData\Local\Adobe2015-05-28 02:59 - 2015-05-28 02:59 - 00000000 ___DC C:\Users\Michael and Bubba\Desktop\Nana Coming Home2015-05-28 02:55 - 2015-05-28 02:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-27 21:43 - 2015-05-12 17:18 - 00000000 ____D C:\ProgramData\WRData2015-06-27 21:38 - 2015-05-17 14:20 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Roaming\uTorrent2015-06-27 21:30 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI2015-06-27 21:29 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-06-27 21:28 - 2015-03-26 23:25 - 00000000 ____D C:\Users\Michael and Bubba2015-06-27 21:22 - 2015-03-16 15:12 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-06-27 21:20 - 2015-04-07 10:32 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-06-27 21:14 - 2015-03-18 19:17 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Local\CrashDumps2015-06-27 21:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru2015-06-27 19:37 - 2015-03-16 06:42 - 00000000 ____D C:\Program Files (x86)\Steam2015-06-27 15:26 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness2015-06-27 15:25 - 2015-04-02 09:00 - 00004002 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CDA37594-8C41-4D2C-9241-408B407BF0A2}2015-06-27 00:22 - 2015-03-16 15:12 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-06-26 10:52 - 2015-03-16 06:44 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1362732575-3396155743-3495565454-10012015-06-26 10:43 - 2015-03-26 23:57 - 00000000 ___DO C:\Users\Michael and Bubba\OneDrive2015-06-26 10:14 - 2015-05-25 19:35 - 00002087 ____C C:\Users\Michael and Bubba\Desktop\Play Zoo Tycoon Complete Collection.lnk2015-06-26 10:14 - 2015-05-18 10:03 - 00001012 _____ C:\Users\Public\Desktop\Audacity.lnk2015-06-26 10:14 - 2015-05-11 17:32 - 00000845 _____ C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnknownPortal.lnk2015-06-26 10:14 - 2015-04-26 16:02 - 00000599 _____ C:\Users\Public\Desktop\Fraps.lnk2015-06-26 10:14 - 2015-04-17 12:00 - 00001107 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-26 10:14 - 2015-04-07 10:40 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk2015-06-26 10:14 - 2015-03-26 23:54 - 00001451 _____ C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-06-26 10:14 - 2015-03-26 23:25 - 00000551 _____ C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-06-26 10:14 - 2015-03-26 23:25 - 00000551 _____ C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-06-26 10:14 - 2015-03-26 23:25 - 00000551 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-06-26 10:14 - 2015-03-26 23:25 - 00000549 _____ C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-06-26 10:14 - 2015-03-26 23:25 - 00000549 _____ C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-06-26 10:14 - 2015-03-26 23:25 - 00000549 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-06-26 10:14 - 2014-11-21 02:52 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-06-26 10:14 - 2014-11-21 02:52 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-06-26 10:14 - 2014-11-21 02:52 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-06-26 10:14 - 2014-11-21 02:52 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-06-26 10:14 - 2013-05-10 02:25 - 00001086 _____ C:\Users\Public\Desktop\Desktop Assist.lnk2015-06-24 11:06 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp2015-06-23 11:44 - 2015-03-16 15:08 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2015-06-19 21:02 - 2015-04-17 12:18 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-06-19 21:02 - 2015-04-17 12:18 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-06-16 12:06 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache2015-06-11 19:28 - 2013-08-22 08:44 - 04960848 _____ C:\WINDOWS\system32\FNTCACHE.DAT2015-06-11 19:25 - 2015-04-06 06:39 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX2015-06-11 19:25 - 2015-04-06 06:39 - 00000000 ___SD C:\WINDOWS\system32\GWX2015-06-11 19:25 - 2015-03-23 15:10 - 00000000 ____D C:\WINDOWS\system32\appraiser2015-06-11 19:25 - 2014-11-21 09:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel2015-06-11 19:25 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData2015-06-11 19:24 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions2015-06-10 15:49 - 2015-03-19 15:52 - 00000000 ____D C:\WINDOWS\system32\MRT2015-06-10 15:44 - 2015-03-19 15:52 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-06-08 15:21 - 2015-03-19 15:19 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Roaming\TS3Client2015-06-08 14:09 - 2014-11-21 02:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI2015-06-04 15:41 - 2014-06-24 14:07 - 00298496 ____C (Microsoft Corporation) C:\Users\Michael and Bubba\Desktop\cleanup_tool.exe2015-06-04 12:31 - 2015-04-07 10:41 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Roaming\Skype2015-06-04 11:41 - 2015-04-10 16:42 - 00000000 ___DC C:\Users\Michael and Bubba\Desktop\Hops2015-06-03 11:33 - 2015-05-12 18:16 - 00041040 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys2015-05-31 00:20 - 2015-03-16 06:33 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Local\Packages2015-05-29 17:10 - 2015-04-07 10:26 - 00000000 ____D C:\Users\Michael and Bubba\Documents\Registry Backups2015-05-28 11:20 - 2015-03-26 23:25 - 00000000 ____D C:\Users\JJ2015-05-28 11:20 - 2015-03-16 06:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD ==================== Files in the root of some directories ======= 2015-05-12 18:17 - 2015-05-12 18:17 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe2015-01-01 13:02 - 2015-01-01 13:07 - 0000169 _____ () C:\Users\Michael and Bubba\AppData\Local\Tempauto jump.ahk Some files in TEMP:====================C:\Users\Michael and Bubba\AppData\Local\Temp\7za.exeC:\Users\Michael and Bubba\AppData\Local\Temp\DaS_21.exeC:\Users\Michael and Bubba\AppData\Local\Temp\fsdCEF2.exeC:\Users\Michael and Bubba\AppData\Local\Temp\hijackthis.exeC:\Users\Michael and Bubba\AppData\Local\Temp\ICReinstall_JSE_install_app-1435302696310.exeC:\Users\Michael and Bubba\AppData\Local\Temp\NirCmd.exeC:\Users\Michael and Bubba\AppData\Local\Temp\PEVZ.EXEC:\Users\Michael and Bubba\AppData\Local\Temp\remove.exeC:\Users\Michael and Bubba\AppData\Local\Temp\sed.exeC:\Users\Michael and Bubba\AppData\Local\Temp\shortcut.exeC:\Users\Michael and Bubba\AppData\Local\Temp\swreg.exeC:\Users\Michael and Bubba\AppData\Local\Temp\swxcacls.exeC:\Users\Michael and Bubba\AppData\Local\Temp\wget.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-16 11:59 ==================== End of log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015Ran by Michael and Bubba at 2015-06-27 21:45:01Running from C:\Users\Michael and Bubba\DownloadsBoot Mode: Safe Mode (with Networking)========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1362732575-3396155743-3495565454-500 - Administrator - Disabled) => C:\Users\AdministratorGuest (S-1-5-21-1362732575-3396155743-3495565454-501 - Limited - Disabled)JJ (S-1-5-21-1362732575-3396155743-3495565454-1002 - Limited - Enabled) => C:\Users\JJMichael and Bubba (S-1-5-21-1362732575-3396155743-3495565454-1001 - Administrator - Enabled) => C:\Users\Michael and Bubba ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)bl (x32 Version: 1.0.0 - Your Company Name) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0062 - DTS, Inc.)Fraps (HKLM-x32\...\Fraps) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenHeroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) HiddenOrigin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)ph (x32 Version: 1.0.0 - Your Company Name) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Pokki (HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Pokki) (Version: 0.262.11.408 - Pokki)Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6886 - Realtek Semiconductor Corp.)Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)TeamSpeak 3 Client (HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.6 - Toshiba Corporation)Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.4.6405 - Toshiba Corporation)TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6407 - Toshiba Corporation)TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.10 - Toshiba Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)Toshiba Start (HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)Uplink (HKLM-x32\...\Steam App 1510) (Version: - Introversion Software)Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.8.88 - Webroot)WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 08-06-2015 17:27:46 Installed DirectX11-06-2015 19:21:19 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.3050111-06-2015 19:21:22 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.3050113-06-2015 14:06:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.3050122-06-2015 21:14:59 Scheduled Checkpoint26-06-2015 10:34:43 Removed WeatherApp27-06-2015 21:13:15 zoek.exe restore point ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {11C1397E-E493-46BD-A922-4808169328D1} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTIONTask: {2020F186-696E-4670-BC6E-FBC5256EB9A4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {20AC7C51-ECD9-4E2C-ABC6-B468625A9AB2} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)Task: {2F63EEA5-1415-472C-A74B-29EBE3C68638} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {3379C49B-0318-44CF-9155-8A53E101A072} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-16] (Google Inc.)Task: {46BB8E48-D28B-4752-9029-5A8F10E913AE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {49B5BDF9-CE9D-4FFB-9856-B5B6442ED193} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)Task: {4CECB748-F536-4154-9AC3-89C2D556599B} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTIONTask: {5E93C3CE-F168-4CA9-8A26-E247FA7D750B} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTIONTask: {625FD2B8-FBB9-4CDD-9354-0992BBCCE936} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)Task: {6B696377-4F19-481B-B7E8-BCBFC2D33272} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-16] (Google Inc.)Task: {6DD6A026-FBCE-48B8-BB8D-C8E9CCD185A3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasksTask: {80EADA0C-91FF-437E-B8B8-244EFB9C9290} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)Task: {9388D946-F4A1-4BE4-9986-EBCF1ABA2981} - System32\Tasks\AI_Updater => C:\Program Files (x86)\PCMATICPLUSSOL\updater.exeTask: {99A0BDCF-CE55-4943-B4F3-15755AA3B462} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {9C05C25F-1900-4CF1-9B48-9A5D5532D50E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {B321765F-7C8C-45AD-89D8-B126EA92E532} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)Task: {B3931013-EE79-4257-8D28-2F5A80232DF6} - System32\Tasks\IEError => C:\Program Files (x86)\PCMATICPLUSSOL\Popialert.exeTask: {CFA34314-12DD-44B4-BF7D-08B6CE673CA7} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)Task: {E7517FC5-BD71-4AD3-B0AE-04438150B527} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {F6E094F0-447D-48B7-B621-FCB0D73A0FC3} - System32\Tasks\boosterpop => C:\Program Files (x86)\PCMATICPLUSSOL\Probsalert.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-06-22 17:23 - 2015-06-19 23:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll2015-06-22 17:23 - 2015-06-19 23:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll2015-06-22 17:23 - 2015-06-19 23:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Michael and Bubba\Cookies:J5OWmsWRqeYPHpZzOhzSamZDAlternateDataStreams: C:\Users\Michael and Bubba\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\Michael and Bubba\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION! ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael and Bubba\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\stellar_3d_spheres-1366x768.jpgDNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\StartupApproved\Run: => "Steam"HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{EEB4BDD9-8772-4FBF-A007-4086905BAFB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeFirewallRules: [{49B13BEA-6616-4E31-A8F9-26037641BD8F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeFirewallRules: [{3DB6D078-8D84-4575-90A0-8D98AF6E808A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exeFirewallRules: [{39040310-55D8-4CE6-BA28-8E09886CC603}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exeFirewallRules: [{1F2AFCFA-A84F-4B4B-9012-12BE351D3B4F}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{DBB60846-2140-46BD-A7D3-11E711716EB0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{5B8E4495-6910-49E0-833E-C3D12D5D4A17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{1344EC43-5D9E-4FB2-8605-FD534D60AB74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{9B9EDD7C-1468-4931-A7FF-7CA059C631E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{248FCA21-3D63-4706-A479-A4D16C02CF22}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{D0F919B6-6931-4942-8513-16AB9073D383}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{A0C5FF29-3A37-4F35-9550-6DCE74A76ADF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{D14D62BA-81D2-4DE5-B075-A651EDA4E31F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [TCP Query User{F56B2F8B-9B78-4D2E-AD35-FCC9BC667DC4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{FE0AA470-0A84-4B86-8FAE-875041AB5DAC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{87E252CA-D75B-48D1-9019-0B091CE9151C}] => (Allow) C:\Users\Michael and Bubba\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{E5FD51EA-FE25-4E64-B50B-EF5B812BDA37}] => (Allow) C:\Users\Michael and Bubba\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{AAE23CAD-F985-4406-9328-52D4134E7268}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{B501B22B-897E-4F89-8E74-A3C6EF8336DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{7204E4F1-F2BF-4B0C-A348-09BCBD16832A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exeFirewallRules: [{7EDEC3CB-747D-4331-AA23-3CACE4C145F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exeFirewallRules: [{910223A6-EAFD-4B4A-8C97-5CD56F7DFB34}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{3BFFA062-57E8-4CA6-8FEF-9E7A9546EAD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exeFirewallRules: [{F42A3157-12BA-412E-BEF2-914B3E6599F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/27/2015 09:13:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737Exception code: 0xe0434352Fault offset: 0x0000000000008b9cFaulting process id: 0x18a0Faulting application start time: 0xDaS_21.exe0Faulting application path: DaS_21.exe1Faulting module path: DaS_21.exe2Report Id: DaS_21.exe3Faulting package full name: DaS_21.exe4Faulting package-relative application ID: DaS_21.exe5 Error: (06/27/2015 09:13:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: DaS_21.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.IO.IOExceptionStack: at System.IO.__Error.WinIOError(Int32, System.String) at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean) at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean) at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32) at System.IO.File.Create(System.String) at DriverAndServicesOut.Program.Main(System.String[]) Error: (06/27/2015 08:54:41 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Steam.exe version 2.81.34.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 868 Start Time: 01d0b142ea090370 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Steam\Steam.exe Report Id: 04f890a9-1d41-11e5-bea3-008cfa702c7b Faulting package full name: Faulting package-relative application ID: Error: (06/27/2015 07:36:22 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Steam.exe version 2.81.34.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 948 Start Time: 01d0b13fdc8e78d5 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Steam\Steam.exe Report Id: 13a26182-1d36-11e5-bea3-008cfa702c7b Faulting package full name: Faulting package-relative application ID: Error: (06/27/2015 03:22:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 53625938 Error: (06/27/2015 03:22:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 53625938 Error: (06/27/2015 03:22:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/26/2015 04:40:32 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17489, time stamp: 0x5465bbd5Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17415, time stamp: 0x54504b1aException code: 0xc000027bFault offset: 0x00000000006d663bFaulting process id: 0x5b4Faulting application start time: 0xSystemSettings.exe0Faulting application path: SystemSettings.exe1Faulting module path: SystemSettings.exe2Report Id: SystemSettings.exe3Faulting package full name: SystemSettings.exe4Faulting package-relative application ID: SystemSettings.exe5 Error: (06/26/2015 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 12421625 Error: (06/26/2015 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 12421625 System errors:=============Error: (06/27/2015 09:43:51 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Microsoft Office:=========================Error: (06/27/2015 09:13:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: DaS_21.exe2.1.0.4540c90b2KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c18a001d0b150760347c2C:\Users\MICHAE~1\AppData\Local\Temp\DaS_21.exeC:\WINDOWS\system32\KERNELBASE.dllb66cdc51-1d43-11e5-bea3-008cfa702c7b Error: (06/27/2015 09:13:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: DaS_21.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.IO.IOExceptionStack: at System.IO.__Error.WinIOError(Int32, System.String) at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean) at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean) at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32) at System.IO.File.Create(System.String) at DriverAndServicesOut.Program.Main(System.String[]) Error: (06/27/2015 08:54:41 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Steam.exe2.81.34.686801d0b142ea0903704294967295C:\Program Files (x86)\Steam\Steam.exe04f890a9-1d41-11e5-bea3-008cfa702c7b Error: (06/27/2015 07:36:22 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Steam.exe2.81.34.694801d0b13fdc8e78d54294967295C:\Program Files (x86)\Steam\Steam.exe13a26182-1d36-11e5-bea3-008cfa702c7b Error: (06/27/2015 03:22:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 53625938 Error: (06/27/2015 03:22:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 53625938 Error: (06/27/2015 03:22:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/26/2015 04:40:32 PM) (Source: Application Error) (EventID: 1000) (User: )Description: SystemSettings.exe6.3.9600.174895465bbd5Windows.UI.Xaml.dll6.3.9600.1741554504b1ac000027b00000000006d663b5b401d0b0608815adc3C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dll59ca415b-1c54-11e5-bea3-008cfa702c7bwindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (06/26/2015 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 12421625 Error: (06/26/2015 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 12421625 CodeIntegrity Errors:=================================== Date: 2015-05-11 15:38:02.142 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-11 15:38:01.970 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Celeron® CPU 1037U @ 1.80GHzPercentage of memory in use: 39%Total physical RAM: 3975.27 MBAvailable physical RAM: 2402.1 MBTotal Pagefile: 4999.27 MBAvailable Pagefile: 3436.34 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (TI10664600J) (Fixed) (Total:453.06 GB) (Free:316.19 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End of log ============================
  12. I got a worm in my system, I have no idea what it does but it tries to open up when I start my computer, I learned about it because after scanning and restarting, it would give a failed to start error message. I tried a full scan this time but it is still there as well as just deleting it manually to no avail. Opening it in notepad gives the header: followed by a lot of gibberish. I'm really worried to do any of my banking on my computer so I've been going to the bank personally which is very inefficient. Addition.txt FRST.txt
  13. Hey guys. So a few months ago I was downloading some game files and it also downloaded some PUP. One of these PUPs were Grillaprice. This was the worm that got me very interested in computers. So I tried to take care of it by running Malwarebytes and AVG. It looked all good once I cleaned it. But when I ran it again and again each time it would say it was there. When I tried uninstalling it from the computer it just pulled to the site and asked to DOWNLOAD the uninstaller (didn't trust it so I didn't) Later I resorted to completely resetting the computer. My question is: what is it that I did wrong? Was it that Grillaprice is a strong worm. Some Chrome extension kept it? I also had some friends that got infected with it too. They came to me and I couldn't do anything except tell them to hard reset! How do you get rid of Grillaprice!? -Thank you! Note: I am not infected with it now
  14. I recently used a usb and transferred over program from it. Now I believe I have been infected with a worm/virus. My computer has been acting very strange not connecting to the internet sometimes when its directly connected to strange ads? I was recently told malwarebytes forum and malwarebytes software are the best at these situations!
  15. Hello, I'm writing this post topic because I just read how one of the forum members helped Robin2020 remove a ywnmon32.exe malware he got on his computer the same way I got mine, and around the same date too (July 7, 2014). I also got a message stating that I needed to download Java in order to see a real estate website and when I did the virus was downloaded. The virus is not preventing me from using my laptop and the "browsing" effects of the worm have been "neutralized", I think. However, on startup, a pop-up window displaying "Invisible Browser" still shows up and then it disappears. I have located the file on my local drive as well as the ywnmon32.exe shortcut on the Startup folder under All Programs, but I'm unable to uninstall it from there and I also understand that deleting the source folder under Program Files won't do anything either, so I haven't even tried that. I have attached the log files Addition.txt and FRST.txt after running the Farbar Recovery Scan Tool. Please help! Addition.txt FRST.txt
  16. Hello everyone, I'm posting this new topic because I just read how one of the forum members helped Robin2020 removed a Ywnmon32.exe malware he got on his computer the same way I got mine, and around the same date too (July 7, 2014). I also got a message stating that I needed to download Java in order to see a real estate website and when I did the virus was downloaded. The virus is not preventing me from using my laptop and the "browsing" effect of the worm has been "neutralized", I think. However, on startup a pop-up window displaying "Invisible Browser" still shows up and then disappears. I have located the file on my local drive as well as the ywnmon32.exe shortcut on the Startup folder under All Programs but I'm unable to uninstall it from there. I also understand that just "deleting" the file won't work so I haven't even tried. Please help!
  17. Hello everybody, So, I was recently infected by this beast, Rotinom, not really that dangerous but persistent enough. (Note: I had no Antivirus in my laptop when this happened.) To be brief, I managed to, seemingly, get rid of it by the combined help of Malwarebytes, Kasperksy and some online instructions I followed manually (e.g. adjusting some registry values in order to show super hidden folders). However, the next time I switched my laptop on, I discovered in each one of the folders called "Recycler" -which exist in each one of the hard disks, built-in or external- a folder with the name "S-1-5-21-583907252-764733703-682003330-1005". Which, incidentally is the name of one of the folders Rotinom creates inside the Application Data folder after it has infected a pc. Since my laptop seemed to have no problem anymore, I thought it was just a leftover so I deleted it through a program called "windirstat" -because it was impossible to accomplish it by simply pressing "delete", as a message "you cannot delete file. Close first all programs... etc." appeared every time I attempted it. (As a matter of fact, the only way I found to view this folder's contents was through this program. Which contents are: a folder called "files" which contains two files, "desktop.ini" and "INFO2" and a folder called "Dc2" with nothing in it.) Thinking that I managed to get rid of these too, after a while, I checked again Recycler and it was again there (again in every Recycler folder). I deleted it again but to no avail. As I said, my laptop seems to work normally two days now, but the persistence of this folder makes me think that it is not entirely disinftected. Any idea as to whether I am still infected and to how I can send this folder permanently to the hell it belongs?
  18. Hello people! I've plugged my flashdrive in a public computer and that's the gift I get: a USB virus/worm called tmp5A5F.tmp.vbe. So all files/folders turn into shortcuts to hidden files, pointing to the vbe malicious file. The problem is not the files in the flashdrive per se, but the fact that neither Malwarebytes nor Avast detected any suspiciuos file. And it is always coming again, no matter what I do to clean it. I would appreciate any help in cleaning this up! Here are my Farbar logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)Ran by eu (administrator) on HOME on 08-04-2014 08:44:41Running from D:\DownloadWindows 7 Home Premium Service Pack 1 (X64) OS Language: Portuguese BrazilianInternet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe(Microsoft Corporation) C:\Windows\System32\wscript.exe(Dropbox, Inc.) C:\Users\eu\AppData\Roaming\Dropbox\bin\Dropbox.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6962400 2012-12-28] (Realtek Semiconductor)HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-01] (AVAST Software)HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe [525480 2013-12-13] (AdTrustMedia)Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)HKU\S-1-5-21-22898457-475237953-2159820137-1000\...\Run: [tmp5A5F] - wscript.exe //B "C:\Users\eu\AppData\Local\Temp\tmp5A5F.tmp.vbe" <===== ATTENTIONHKU\S-1-5-21-22898457-475237953-2159820137-1000\...\MountPoints2: {c40faf4e-69a3-11e2-86da-005056c00008} - G:\NokiaPCIA_Autorun.exeStartup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\eu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp5A5F.tmp.vbe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEA7CD5D4AFDCD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BRBHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1479528 2013-10-16] (Caixa Economica Federal)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.defaultFF NetworkProxy: "backup.ftp", "chasqueproxy.ufrgs.br"FF NetworkProxy: "backup.ftp_port", 3128FF NetworkProxy: "backup.socks", "chasqueproxy.ufrgs.br"FF NetworkProxy: "backup.socks_port", 3128FF NetworkProxy: "backup.ssl", "chasqueproxy.ufrgs.br"FF NetworkProxy: "backup.ssl_port", 3128FF NetworkProxy: "ftp", "chasqueproxy.ufrgs.br"FF NetworkProxy: "ftp_port", 3128FF NetworkProxy: "http", "chasqueproxy.ufrgs.br"FF NetworkProxy: "http_port", 3128FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "chasqueproxy.ufrgs.br"FF NetworkProxy: "socks_port", 3128FF NetworkProxy: "ssl", "chasqueproxy.ufrgs.br"FF NetworkProxy: "ssl_port", 3128FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: gastecnologia.com.br/sf/cef - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\npsf_CEF.dll (GAS Tecnologia)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xmlFF Extension: Ant Video Downloader - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\anttoolbar@ant.com [2013-12-30]FF Extension: Flash Video Downloader - Full HD Download - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\artur.dubovoy@gmail.com [2014-03-22]FF Extension: PrivDog - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-04-06]FF Extension: Download YouTube Videos as MP4 - C:\Users\eu\AppData\Roaming\Mozilla\Firefox\Profiles\mnr47gzx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-12-30]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-27]FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\xpiFF Extension: GBBD Caixa Economica Federal - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-01-05] Chrome: =======CHR HomePage: about:blankCHR DefaultSearchKeyword: google.com.brCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No FileCHR Extension: (Google Docs) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-28]CHR Extension: (Google Drive) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-28]CHR Extension: (YouTube) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-28]CHR Extension: (PrivDog) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-06]CHR Extension: (Pesquisa do Google) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-28]CHR Extension: (Google Wallet) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2013-12-17]CHR Extension: (Gmail) - C:\Users\eu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-28]CHR HKCU\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\eu\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-12-17]CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-06] ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-03] (AVAST Software)R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-02-27] (Comodo Security Solutions, Inc.)R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6812400 2014-03-25] (COMODO)S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [452968 2013-10-16] (GAS Tecnologia)R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-03] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-03] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-03] (AVAST Software)R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-03] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-29] ()S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider)R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-03-25] (COMODO)R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-03-25] (COMODO)S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [47192 2012-12-04] (GAS Tecnologia)R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-03-25] (COMODO)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [32848 2013-10-18] (VMware, Inc.)R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-08 08:41 - 2014-04-08 08:44 - 00000000 ____D () C:\FRST2014-04-06 08:14 - 2014-04-06 08:14 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Comodo2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia2014-04-06 08:09 - 2014-04-06 12:16 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO2014-04-06 08:09 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Comodo Downloader2014-04-06 08:09 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Comodo Downloader2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Shared Space2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Shared Space2014-04-06 08:09 - 2014-03-25 16:22 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll2014-04-06 08:09 - 2014-03-25 16:22 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll2014-04-06 08:09 - 2014-03-25 16:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll2014-04-06 08:09 - 2014-03-25 16:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll2014-04-03 23:29 - 2014-04-08 08:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-03 23:29 - 2014-04-07 23:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-03 23:29 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-03 23:29 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-03 23:29 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-12 08:12 - 2014-03-01 03:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-12 08:12 - 2014-03-01 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-12 08:12 - 2014-03-01 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-03-12 08:12 - 2014-03-01 01:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-12 08:12 - 2014-03-01 01:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-03-12 08:12 - 2014-03-01 01:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-03-12 08:12 - 2014-03-01 01:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-12 08:12 - 2014-03-01 01:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-03-12 08:12 - 2014-03-01 01:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-03-12 08:12 - 2014-03-01 01:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-03-12 08:12 - 2014-03-01 01:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-03-12 08:12 - 2014-03-01 01:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-03-12 08:12 - 2014-03-01 01:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-12 08:12 - 2014-03-01 01:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-03-12 08:12 - 2014-03-01 01:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-03-12 08:12 - 2014-03-01 01:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-12 08:12 - 2014-03-01 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-03-12 08:12 - 2014-03-01 00:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-12 08:12 - 2014-03-01 00:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-03-12 08:12 - 2014-03-01 00:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-03-12 08:12 - 2014-03-01 00:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-03-12 08:12 - 2014-03-01 00:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-03-12 08:12 - 2014-03-01 00:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-03-12 08:12 - 2014-03-01 00:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-12 08:12 - 2014-03-01 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-03-12 08:12 - 2014-03-01 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-03-12 08:12 - 2014-03-01 00:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-03-12 08:12 - 2014-03-01 00:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-03-12 08:12 - 2014-03-01 00:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-12 08:12 - 2014-03-01 00:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-03-12 08:12 - 2014-03-01 00:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-03-12 08:12 - 2014-03-01 00:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-12 08:12 - 2014-03-01 00:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-03-12 08:12 - 2014-03-01 00:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-03-12 08:12 - 2014-02-28 23:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-03-12 08:12 - 2014-02-28 23:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-12 08:12 - 2014-02-28 23:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-03-12 08:12 - 2014-02-28 23:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-03-12 08:12 - 2014-02-28 23:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-03-12 08:12 - 2014-02-28 23:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-03-12 08:12 - 2014-02-06 22:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-12 08:12 - 2014-01-28 23:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-12 08:12 - 2014-01-28 23:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll2014-03-12 08:12 - 2014-01-27 23:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2014-03-12 08:10 - 2014-02-03 23:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-03-12 08:10 - 2014-02-03 23:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-12 08:10 - 2014-02-03 23:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-12 08:10 - 2014-02-03 23:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll ==================== One Month Modified Files and Folders ======= 2014-04-08 08:44 - 2014-04-08 08:41 - 00000000 ____D () C:\FRST2014-04-08 08:42 - 2009-07-14 01:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-08 08:42 - 2009-07-14 01:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-08 08:39 - 2013-01-28 20:43 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-08 08:23 - 2014-04-03 23:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-04-08 08:21 - 2013-01-26 09:07 - 01520385 _____ () C:\Windows\WindowsUpdate.log2014-04-08 08:20 - 2013-02-02 18:32 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Dropbox2014-04-08 08:17 - 2013-09-15 06:34 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\SysWOW64\Drivers\gbpndisrd.sys2014-04-08 08:17 - 2013-09-15 06:34 - 00010266 _____ () C:\Windows\SysWOW64\Drivers\ndisrd.cat2014-04-08 08:17 - 2013-09-15 06:34 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer2014-04-08 08:17 - 2013-01-28 20:43 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-08 08:17 - 2013-01-27 22:13 - 00000000 ____D () C:\Users\Todos os Usuários\VMware2014-04-08 08:17 - 2013-01-27 22:13 - 00000000 ____D () C:\ProgramData\VMware2014-04-08 08:17 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-08 08:17 - 2009-07-14 01:51 - 00090828 _____ () C:\Windows\setupact.log2014-04-08 08:16 - 2013-01-27 21:45 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA2014-04-08 08:16 - 2013-01-27 21:45 - 00000000 ____D () C:\ProgramData\NVIDIA2014-04-08 08:07 - 2014-04-08 08:07 - 00000000 ____D () C:\tmp5A5F.tmp.vbe2014-04-08 08:05 - 2009-07-14 14:55 - 00708536 _____ () C:\Windows\system32\prfh0416.dat2014-04-08 08:05 - 2009-07-14 14:55 - 00148902 _____ () C:\Windows\system32\prfc0416.dat2014-04-08 08:05 - 2009-07-14 02:13 - 01644176 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-07 23:34 - 2014-04-07 23:34 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-04-07 23:34 - 2014-04-03 23:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-07 23:17 - 2013-01-28 07:48 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-04-07 08:45 - 2013-01-28 20:15 - 00000000 ____D () C:\Users\eu\AppData\Local\VMware2014-04-07 02:24 - 2013-01-28 20:15 - 00000000 ____D () C:\Users\eu\AppData\Roaming\VMware2014-04-06 12:16 - 2014-04-06 08:09 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO2014-04-06 08:14 - 2014-04-06 08:14 - 00000000 ____D () C:\Users\eu\AppData\Roaming\Comodo2014-04-06 08:13 - 2014-04-06 08:13 - 00000000 ____D () C:\Users\eu\AppData\Local\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\ProgramData\Adtrustmedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:12 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia2014-04-06 08:12 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Comodo Downloader2014-04-06 08:12 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Comodo Downloader2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\Users\Todos os Usuários\Shared Space2014-04-06 08:09 - 2014-04-06 08:09 - 00000000 ____D () C:\ProgramData\Shared Space2014-04-06 08:09 - 2013-01-27 21:54 - 00002276 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk2014-04-05 21:04 - 2009-07-14 02:32 - 00000000 ____D () C:\Windows\system32\FxsTmp2014-04-05 18:26 - 2013-01-27 22:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-04-05 08:58 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-04-04 07:20 - 2013-01-27 21:46 - 00201142 _____ () C:\Windows\PFRO.log2014-04-03 23:39 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\IME2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2014-04-03 23:29 - 2014-04-03 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-03 09:51 - 2014-04-03 23:29 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-04-03 09:51 - 2014-04-03 23:29 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-04-03 09:50 - 2014-04-03 23:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys014-03-31 09:43 - 2013-01-26 09:08 - 00000000 ___RD () C:\Users\eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-31 07:34 - 2013-01-28 20:43 - 00004056 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-31 07:34 - 2013-01-28 20:43 - 00003804 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-25 16:22 - 2014-04-06 08:09 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll2014-03-25 16:22 - 2014-04-06 08:09 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll2014-03-25 16:22 - 2014-04-06 08:09 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll2014-03-25 16:22 - 2014-04-06 08:09 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00738472 _____ (COMODO) C:\Windows\system32\Drivers\cmdGuard.sys2014-03-25 16:22 - 2012-10-05 00:32 - 00453680 _____ (COMODO) C:\Windows\system32\guard64.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00363504 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00105552 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys2014-03-25 16:22 - 2012-10-05 00:32 - 00048360 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys2014-03-25 16:22 - 2012-10-05 00:32 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll2014-03-25 16:22 - 2012-10-05 00:32 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys2014-03-22 15:23 - 2013-12-28 00:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-03-17 23:43 - 2013-08-15 11:02 - 00000000 ____D () C:\Windows\system32\MRT2014-03-17 23:41 - 2013-01-28 19:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-03-12 21:57 - 2009-07-14 01:45 - 00414928 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-12 21:56 - 2014-01-01 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-12 21:56 - 2014-01-01 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-12 10:44 - 2013-02-15 22:01 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help2014-03-12 10:44 - 2013-02-15 22:01 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-03-11 20:17 - 2013-01-28 07:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-11 20:17 - 2013-01-28 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-11 20:17 - 2013-01-28 07:48 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater Some content of TEMP:====================C:\Users\eu\AppData\Local\Temp\googleupdatesetup.exeC:\Users\eu\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\eu\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\eu\AppData\Local\Temp\nvSCPAPI.dllC:\Users\eu\AppData\Local\Temp\nvStInst.exeC:\Users\eu\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 11:35 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by eu at 2014-04-08 08:45:00Running from D:\DownloadBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) HiddenAdobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)Adobe Reader XI (11.0.06) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)Atualizações da NVIDIA 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)Bullzip PDF Printer 9.7.0.1592 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.7.0.1592 - Bullzip)Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.)Desinstalar impressora EPSON TX230 Series (HKLM\...\EPSON TX230 Series) (Version: - SEIKO EPSON Corporation)Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)Epson Easy Photo Print 2 (HKLM-x32\...\{E65AE514-9C14-48DE-BAE5-64A4F9CB6FE5}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation)Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) HiddenEpson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)Fences (HKLM-x32\...\Fences) (Version: - Stardock Corporation)Fences (Version: 1.0 - Stardock Corporation) HiddenGBBD Caixa Econômica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.5.1.1 - )GeekBuddy (HKLM-x32\...\{2E36CDA2-F82F-4A6D-B269-4BAB6CD9930E}) (Version: 4.11.91 - Comodo Security Solutions Inc)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenJava 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenMalwarebytes Anti-Malware versão 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (PTB) (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Mozilla Firefox 26.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 pt-BR)) (Version: 26.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)MPC-HC 1.6.3.5818 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.3.5818 - MPC-HC Team)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)NVIDIA Driver de áudio HD 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)NVIDIA Driver de controle do 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)NVIDIA Driver de gráficos 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)NVIDIA Driver do 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) HiddenNVIDIA Software do sistema PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) HiddenNVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) HiddenPainel de controle da NVIDIA 314.22 (Version: 314.22 - NVIDIA Corporation) HiddenPANalytical X'Pert HighScore (HKLM-x32\...\{D81A0984-D494-4603-9BDE-C290B9DF02C8}) (Version: 2.0.1 - PANalytical B.V.)PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6813 - Realtek Semiconductor Corp.)Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_SMALLBUSINESSR_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden ==================== Restore Points ========================= 18-03-2014 02:41:30 Windows Update21-03-2014 10:22:43 Windows Update25-03-2014 10:29:31 Windows Update28-03-2014 22:48:22 Windows Update01-04-2014 21:23:42 Windows Update04-04-2014 22:56:05 Windows Update08-04-2014 11:01:38 Windows Update ==================== Hosts content: ========================== 2009-07-13 23:34 - 2013-12-17 19:35 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {124F6A4F-404E-4EAF-A157-604539B94266} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)Task: {23EED20D-8797-4A30-8A37-BB46417FB42F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28] (Google Inc.)Task: {373AD6EF-C6E4-4695-8456-EE826772B7F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)Task: {4025F3BA-0EC5-49FA-93B1-851FE01EB26A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-03] (AVAST Software)Task: {D12EDA79-E0C1-4A0B-8574-2CEA45912165} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)Task: {D24AD88A-AC87-4BDE-8327-DAFF532F619C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-28 23:36 - 2013-03-15 01:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-01-28 11:35 - 2014-01-28 11:35 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe2014-04-06 07:57 - 2014-04-06 04:21 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll2013-10-18 20:55 - 2013-10-18 20:55 - 25100288 _____ () C:\Users\eu\AppData\Roaming\Dropbox\bin\libcef.dll2014-02-27 12:33 - 2014-02-27 12:33 - 00976080 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtNetwork4.dll2014-02-27 12:33 - 2014-02-27 12:33 - 02254544 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtCore4.dll2013-11-20 22:46 - 2013-11-20 22:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-02-27 12:33 - 2014-02-27 12:33 - 08024784 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtGui4.dll2014-02-27 12:33 - 2014-02-27 12:33 - 01299664 _____ () C:\Program Files (x86)\Comodo\GeekBuddy\QtScript4.dll2013-10-18 11:46 - 2013-10-18 11:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll2014-03-15 13:35 - 2014-03-14 21:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-15 13:35 - 2014-03-14 21:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-15 13:35 - 2014-03-14 21:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll2014-03-15 13:35 - 2014-03-14 21:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\System32:9354C125_Cef.gbp ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 MouseDescription: Microsoft PS/2 MouseClass Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )Description: Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )Description: Error: (04/07/2014 11:54:13 PM) (Source: PerfNet) (User: )Description: Error: (04/02/2014 07:51:24 PM) (Source: Application Hang) (User: )Description: O programa explorer.exe versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 4cc Hora de Início: 01cf4ec3e37d96f4 Hora de Término: 34 Caminho do Aplicativo: C:\Windows\explorer.exe Id do Relatório: 4d31d85d-bab9-11e3-bde2-005056c00008 Error: (04/02/2014 07:35:45 PM) (Source: Application Hang) (User: )Description: O programa Explorer.EXE versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 6e4 Hora de Início: 01cf4eb83ac60baf Hora de Término: 22 Caminho do Aplicativo: C:\Windows\Explorer.EXE Id do Relatório: 1a9f4af7-bab7-11e3-bde2-005056c00008 Error: (04/01/2014 08:07:25 AM) (Source: Application Error) (User: )Description: Nome de aplicativo com falha: wscript.exe, versão: 5.8.7601.18283, carimbo de hora: 0x5258a6e6Nome do módulo de falhas: RPCRT4.dll, versão: 6.1.7601.18205, carimbo de hora: 0x51dba4dcCódigo de exceção: 0xc0020043Deslocamento com falha: 0x000000000008a5d3Identificação do processo com falha: 0xdbcHora de início do aplicativo com falha: 0xwscript.exe0Caminho do aplicativo com falha: wscript.exe1FCaminho do módulo de falhas: wscript.exe2Identificação do Relatório: wscript.exe3 Error: (03/28/2014 07:34:04 AM) (Source: Application Hang) (User: )Description: O programa Explorer.EXE versão 6.1.7601.17567 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 6dc Hora de Início: 01cf4a6f8a9f14ad Hora de Término: 31 Caminho do Aplicativo: C:\Windows\Explorer.EXE Id do Relatório: 73f232b9-b664-11e3-b6e3-005056c00008 Error: (02/26/2014 07:07:24 PM) (Source: Application Hang) (User: )Description: O programa IEXPLORE.EXE versão 11.0.9600.16518 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: ba0 Hora de Início: 01cf333f1d24cefd Hora de Término: 10 Caminho do Aplicativo: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Id do Relatório: Error: (02/12/2014 03:17:04 PM) (Source: vmauthd) (User: )Description: 2014-02-12T16:17:04.474-02:00| vmware-authd.exe| E105: StartServiceCtrlDispatcher error = 1063 Error: (02/07/2014 01:54:03 PM) (Source: Application Error) (User: )Description: Nome de aplicativo com falha: IEXPLORE.EXE, versão: 11.0.9600.16428, carimbo de hora: 0x525b664cNome do módulo de falhas: aswWebRepIE.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x52d6c48cCódigo de exceção: 0xc0000005Deslocamento com falha: 0x62bd8162Identificação do processo com falha: 0x444Hora de início do aplicativo com falha: 0xIEXPLORE.EXE0Caminho do aplicativo com falha: IEXPLORE.EXE1FCaminho do módulo de falhas: IEXPLORE.EXE2Identificação do Relatório: IEXPLORE.EXE3 System errors:=============Error: (04/08/2014 08:20:17 AM) (Source: Service Control Manager) (User: )Description: Não foi possível iniciar o serviço NVIDIA Update Service Daemon devido ao seguinte erro: %%1069 Error: (04/08/2014 08:20:17 AM) (Source: Service Control Manager) (User: )Description: O serviço nvUpdatusService não pôde fazer logon como .\UpdatusUser com a senha configurada atualmente devido ao seguinte erro: %%1330 Para verificar se o serviço está configurado corretamente, use o snap-in de Serviços do Console de Gerenciamento Microsoft. Error: (04/08/2014 08:17:53 AM) (Source: Service Control Manager) (User: )Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: CFRMD Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:20 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Error: (04/08/2014 08:11:18 AM) (Source: Service Control Manager) (User: )Description: O serviço Serviço da Lista de Redes depende do serviço Reconhecimento de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068 Microsoft Office Sessions:=========================
  19. My personal computer has been taken over by something called "BlowMeOFF". It's the only thing running on it. Using 100% capacity. 87-89% of memory. Can't remove or stop it running. I've had Malware installed for a while - maybe a year. Recently saw an uptick in blocked items. I can't do anything on that machine. I'm writing this from my work computer. Help! I entered this in the forum half an hour or do ago, but now I don't see it in the forum. Sorry if this ends up as a duplicate. Debbie
  20. A strange "new" antivirus software started running on my system today showing that the following worm was found: Email-Worm.Win32.Brontok.q I did not click on the fake antivirus software, but I did try to open Malwarebytes Pro and it will no longer open in regular mode. My system keeps rebooting and when I click on a website from my History, I'm taken to "strange" sites. Malwarebytes will run in SafeMode but does not find the worm. Chameleon did not help. DDS files below: -------------------------------------------------------------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 10.0.9200.16635 Run by od at 18:24:14 on 2013-07-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2861 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\windows\helppane.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: TV Bar 1.2 Toolbar: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - C:\Program Files (x86)\TV_Bar_1.2\tbTV_B.dll mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: TV Bar 1.2 Toolbar: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - C:\Program Files (x86)\TV_Bar_1.2\tbTV_B.dll BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll TB: TV Bar 1.2 Toolbar: {70A38074-97A6-45DA-B1A1-34B0A34DC3FF} - C:\Program Files (x86)\TV_Bar_1.2\tbTV_B.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: Swag Bucks Toolbar: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll TB: TV Bar 1.2 Toolbar: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - C:\Program Files (x86)\TV_Bar_1.2\tbTV_B.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> uRun: [Google Update] "C:\Users\od\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [{D3C65797-B60F-4016-9E0F-7F8D465AD175}] rundll32 "C:\Users\od\AppData\Local\{BA11349A-C898-4EAC-B815-F8FD5A4860AB}\{D3C65797-B60F-4016-9E0F-7F8D465AD175}\mamljdmako.dll",DllRegisterServer uRun: [i.R.I.S.] RUNDLL32.EXE C:\Users\od\AppData\Local\I.R.I.S.\qdfwprpu.dll,main uRun: [i.R.I.S] RUNDLL32.EXE C:\Users\od\AppData\Local\I.R.I.S\qdfwprpu.dll,bVRxygjpmYwbTHaVSphURvXWEfj uRun: [internet Security] C:\Users\od\AppData\Roaming\midefender.exe uRun: [Adobe CSS5.1 Manager] C:\Users\od\AppData\Local\1eeee95e-9e0f-4f1d-a8b1-e2e6d51ad5aaad\eeeeeeffdabeedadaaad.exe mRun: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [selectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true mRunOnce: [1] C:\Users\od\Downloads\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{05DE2F34-7787-4960-8895-476221D01FD6} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{05DE2F34-7787-4960-8895-476221D01FD6}\25564635861627B6D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{05DE2F34-7787-4960-8895-476221D01FD6}\C4964747C65644F676 : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-12-29 482384] R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2009-12-29 60416] R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2009-12-29 81408] R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2009-12-29 55808] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2009-12-29 9216] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-12-29 56344] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904] S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-29 13336] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-2 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-2 701512] S2 rpcnetp;rpcnetp;C:\windows\System32\rpcnetp.exe [2010-1-21 17920] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-29 2314240] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2010-11-27 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-26 151936] S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2009-10-30 244736] S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-8-13 25928] S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2009-12-29 35008] S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-12-29 54136] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560] S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-7-23 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-07-13 21:58:27 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A01C0FB-1DDF-4C1E-863A-9D36AF5B3FAE}\offreg.dll 2013-07-13 17:49:26 -------- d-----w- C:\Users\od\AppData\Local\1eeee95e-9e0f-4f1d-a8b1-e2e6d51ad5aaad 2013-07-13 17:49:05 845312 ----a-w- C:\Users\od\AppData\Roaming\midefender.exe 2013-07-13 17:49:05 110592 ----a-w- C:\Users\od\googleupdate.exe 2013-07-12 18:15:09 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A01C0FB-1DDF-4C1E-863A-9D36AF5B3FAE}\mpengine.dll 2013-07-12 17:54:59 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-07-11 19:32:28 -------- d-----w- C:\Users\od\AppData\Local\I.R.I.S 2013-07-11 19:32:19 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 19:32:17 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-07-11 19:32:17 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-07-11 19:32:17 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 19:32:16 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-07-11 19:28:29 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll 2013-07-11 19:28:29 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll 2013-07-11 19:28:29 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll 2013-07-11 19:28:29 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll 2013-07-11 19:28:29 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll 2013-07-11 19:28:29 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll 2013-07-11 19:28:27 509440 ----a-w- C:\windows\SysWow64\qedit.dll 2013-07-11 19:28:25 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL 2013-07-11 19:28:25 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL 2013-07-11 17:32:25 3153920 ----a-w- C:\windows\System32\win32k.sys 2013-07-11 09:32:11 1643520 ----a-w- C:\windows\System32\DWrite.dll 2013-07-11 09:32:11 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll 2013-07-10 10:44:36 -------- d-----w- C:\2b3e061a644f9f0d3f25ca53 2013-07-10 09:03:04 624128 ----a-w- C:\windows\System32\qedit.dll 2013-07-10 09:03:04 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll 2013-07-08 14:51:16 -------- d-----w- C:\Users\od\AppData\Roaming\PDAppFlex 2013-07-08 14:51:03 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2013-06-30 04:04:11 -------- d-----w- C:\Program Files (x86)\Cisco Systems 2013-06-30 04:03:44 -------- d-----w- C:\ProgramData\Cisco Systems . ==================== Find3M ==================== . 2013-07-13 21:55:05 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe 2013-07-13 21:55:05 17920 ----a-w- C:\windows\System32\rpcnetp.exe 2013-07-13 21:51:29 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll 2013-07-13 21:51:29 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll 2013-06-12 18:01:15 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 18:01:15 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll 2013-05-10 16:39:07 39936 ----a-w- C:\windows\SysWow64\identprv.dll 2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-05-02 06:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll . ============= FINISH: 18:26:14.34 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/14/2010 6:23:59 PM System Uptime: 7/13/2013 5:54:57 PM (1 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU | 2261/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 454 GiB total, 380.411 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP264: 7/9/2013 5:04:50 AM - Windows Update RP265: 7/10/2013 6:40:52 AM - Windows Update RP266: 7/11/2013 5:07:29 AM - Windows Update RP267: 7/11/2013 2:58:40 PM - Restore Operation RP268: 7/11/2013 3:21:37 PM - Windows Update RP269: 7/12/2013 1:44:35 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 64 Bit HP CIO Components Installer Adobe AIR Adobe Creative Cloud Adobe Flash Player 11 ActiveX Adobe InDesign CC Adobe Reader X (10.1.7) Amazon Links Apple Application Support Apple Mobile Device Support Apple Software Update Bejeweled 2 Deluxe Bing Bar Bing Rewards Client Installer Blackhawk Striker 2 Bonjour Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.4 Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities WFT-E1/E2/E3 Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Cisco Connect Compatibility Pack for the 2007 Office system Computrace Conduit Engine Coupon Printer for Windows D3DX10 Direct DiscRecorder Dolby Control Center DomaIQ DVD MovieFactory for TOSHIBA eMusic Download Manager 6 Faerie Solitaire FATE Undiscovered Realms Google Chrome Google Toolbar for Internet Explorer Google Update Helper iCloud Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology iTunes Java 6 Update 14 Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works MobileMe Control Panel Monopoly MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetZero Launcher PDF Settings CC PlayReady PC Runtime amd64 Polar Bowler Quickbooks Financial Center QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek WLAN Driver RICOH R5U230 Media Driver ver.2.06.03.02 Safari Scrabble Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition ShopAtHome.com Toolbar Skype Launcher Swag Bucks Toolbar Synaptics Pointing Device Driver Toshiba Application Installer TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA eco Utility TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD Protection TOSHIBA HDD/SSD Alert TOSHIBA Media Controller Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA USB Sleep and Charge Utility TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration TV Bar 1.2 Toolbar Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App Virtual Families Virtual Villagers - The Secret City WildTangent Games WildTangent Games App WildTangent Games App (Toshiba Games) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 7/13/2013 6:26:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:55:50 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:55:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/13/2013 5:55:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/13/2013 5:55:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/13/2013 5:55:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/13/2013 5:55:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 7/13/2013 5:55:18 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:53:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:53:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 7/13/2013 5:53:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 7/13/2013 5:52:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 7/13/2013 5:52:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:52:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 7/13/2013 5:52:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:52:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:52:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:52:51 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:52:51 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/13/2013 5:52:50 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/13/2013 5:52:50 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 7/13/2013 5:52:50 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/13/2013 5:52:50 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/13/2013 5:51:50 PM, Error: Service Control Manager [7023] - The Internet Connection Sharing (ICS) service terminated with the following error: %%-2147467243 7/13/2013 5:51:48 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid. 7/13/2013 5:51:48 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress. 7/13/2013 5:50:38 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 7/13/2013 5:50:36 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The operation completed successfully. 7/13/2013 4:08:33 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack. 7/13/2013 4:08:33 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.146, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. 7/12/2013 7:30:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect. 7/12/2013 7:30:41 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/12/2013 7:30:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 7/12/2013 4:06:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 7/12/2013 12:32:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 7/12/2013 12:32:20 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/12/2013 1:44:10 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 7/11/2013 5:51:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect. 7/11/2013 5:51:55 AM, Error: Service Control Manager [7000] - The TPCH Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/11/2013 5:51:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1} 7/11/2013 5:23:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2850851). 7/11/2013 5:13:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2835361). 7/11/2013 5:13:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2834886). 7/11/2013 5:13:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286). 7/11/2013 3:51:41 PM, Error: Service Control Manager [7022] - The Intel® Management & Security Application User Notification Service service hung on starting. 7/11/2013 3:32:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2835364). 7/11/2013 3:32:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2832414). . ==== End Of File ===========================
  21. Greetings, Malwarebytes forum. My name is Erik, and here is my problem: My computer was playing ads in the background, loads of them at once, whenever I started up my computer. This was a couple of days ago. I restarted in safe mode, ran Malwarebytes, ran Spybot, but still had problems. Some forums suggested some stuff that I ran, but realise was perhaps not the best choice, as this forum recommends not running any temporary file cleaners yet (which was then unknown to me). I ran TDSSKiller, which found a harbinger rootkit and removed it (it says). I ran SystemLook. I clicked a link from a malwareremoval com forum post in order to download it, and trusted it blindly I suppose. It seems someone had turned that link into a download of easylifeapp (or was that my own malware?) I couldn't remove that thing for all I tried. I did get a real SystemLook, and ran it. It or something else caused my computer to restart (which I made sure was in safe mode). Then came ESET online scanner, which found 52 threats and removed 43 of those. One of the many threats was the Bagle worm. Most of the worm files were removed, but not all. I want to fix my computer completely, and switch to Linux. I just have lost most of my installers and prefer to backup my programs as they are, with all my files, and otherwise start fresh. Here is the requested dds log file: DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.17.2 Run by Erik at 16:27:35 on 2013-06-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4833 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/30&hid=1288959593&lg=EN&cc=US uDefault_Page_URL = g.msn.com/USCON/1 mStart Page = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/30&hid=1288959593&lg=EN&cc=US uProxyOverride = <local> uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - LocalServer32 - <no file> mWinlogon: Userinit = userinit.exe, BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file> BHO: Zoomex: {B662A5D3-A35A-B033-EE17-0C0CCEC68727} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - LocalServer32 - <no file> TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file> uRun: [Google Update] "C:\Users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [292C0D6C-BC4F-47DE-8C7E-8C5528E735A7] cmd.exe /C start /D "C:\Users\Erik\AppData\Local\Temp" /B 292C0D6C-BC4F-47DE-8C7E-8C5528E735A7.exe -postboot StartupFolder: C:\Users\Erik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{4B5A6CB4-7F49-4B39-BB04-C27E15468736} : NameServer = 0.0.0.0 TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\0556C68616D602D4573796360214274737023547574696F6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\0556C68616D6D457379636142747373547574696F6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\4405451434 : DHCPNameServer = 192.168.2.1 192.168.2.1 167.206.251.129 167.206.251.130 TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\45753475966496 : DHCPNameServer = 10.240.205.161 10.240.205.162 TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\A4F686E6E6970225F636B656473702D202B41666564756279616 : DHCPNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{65AB2A8E-0C7E-4984-9412-8F9B1B396EE7} : DHCPNameServer = 192.168.42.129 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> x64-BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash x64-Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/30&hid=1288959593&lg=EN&cc=US&l=1&q= FF - prefs.js: browser.search.selectedEngine - EasyLife FF - prefs.js: browser.startup.homepage - hxxp://search.easylifeapp.com/?pid=388&src=ff1&r=2013/05/30&hid=1288959593&lg=EN&cc=US FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/30&hid=1288959593&lg=EN&cc=US&l=1&q= FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Erik\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-05-10 21:56; 50d9fc30dd63e@50d9fc30dd677.com; C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\extensions\50d9fc30dd63e@50d9fc30dd677.com FF - ExtSQL: 2013-05-10 21:56; 50d9fcc62d939@50d9fcc62d972.com; C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\extensions\50d9fcc62d939@50d9fcc62d972.com FF - ExtSQL: 2013-05-30 12:28; br7a@gwvgkf-.co.uk; C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\extensions\br7a@gwvgkf-.co.uk . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-18 55280] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-9 279616] R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2012-6-27 33320] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-18 56344] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-18 74280] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-11-18 7689216] S1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2012-6-27 89128] S1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2012-6-27 116776] S1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2012-6-27 113192] S1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2012-6-27 93224] S1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2012-6-27 116776] S1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2012-6-27 304680] S1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2012-6-27 109096] S1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2012-6-27 112680] S1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2012-7-12 219688] S1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2012-6-27 105000] S1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2012-7-13 205352] S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-18 98208] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-28 606720] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] S2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2012-1-6 331608] S2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-1-4 363336] S2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?] S2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-7-13 140064] S2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992] S2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2012-7-13 167464] S2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2012-7-13 119336] S2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2012-7-13 123944] S2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2012-7-13 130088] S2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-7-13 36640] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-10 1153368] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-18 1692480] S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-18 2533400] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-28 911872] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328] S3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-11-18 71168] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-11-18 175104] S3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-11-18 81920] S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088] S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-11-18 172704] S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.exe [2012-1-6 77520] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-18 158976] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-18 287232] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-18 245792] S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-18 1255736] S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832] S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2012-6-27 68648] . =============== Created Last 30 ================ . 2013-06-01 02:50:49 -------- d-----w- C:\Program Files (x86)\ESET 2013-05-31 13:16:56 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CE10C0-168B-4D69-9B06-E5E6805D1A63}\mpengine.dll 2013-05-30 17:00:47 921 ----a-w- C:\Windows\QSFVExit.bat 2013-05-30 16:27:23 -------- d-----w- C:\ProgramData\SearchNewTab 2013-05-30 16:26:51 -------- d-----w- C:\ProgramData\StarApp 2013-05-30 14:44:41 -------- d-----w- C:\TDSSKiller_Quarantine 2013-05-22 13:07:26 -------- d-----w- C:\ProgramData\PC-Doctor for Windows 2013-05-22 13:07:02 -------- d-----w- C:\Program Files\My Dell 2013-05-22 04:33:00 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-05-16 14:00:49 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-16 14:00:49 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-15 23:19:42 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-14 16:35:22 -------- d-----w- C:\Windows\SysWow64\wbem\ga-IE 2013-05-14 16:35:21 -------- d-----w- C:\Windows\SysWow64\ga-IE 2013-05-14 16:35:21 -------- d-----w- C:\Windows\System32\wbem\ga-IE 2013-05-14 16:35:20 -------- d-----w- C:\Windows\System32\ga-IE 2013-05-14 16:35:20 -------- d-----w- C:\Windows\ga-IE . ==================== Find3M ==================== . 2013-05-15 03:35:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 03:35:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-15 03:04:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-15 03:04:14 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-03-15 03:04:13 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 16:29:07.15 =============== And here is the attach one: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/16/2011 4:12:07 PM System Uptime: 6/1/2013 3:42:20 PM (1 hours ago) . Motherboard: Dell Inc. | | 08VFX1 Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | U2E1 | 2527/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 203.403 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP297: 5/14/2013 10:06:35 AM - Windows Update RP298: 5/14/2013 12:32:57 PM - Language Pack Installation RP299: 5/15/2013 10:37:03 AM - Removed Skype™ 6.3 RP300: 5/16/2013 9:58:00 AM - Windows Update RP301: 5/21/2013 8:05:23 AM - Windows Update RP303: 5/21/2013 11:31:17 AM - Windows Defender Checkpoint RP304: 5/24/2013 9:48:24 AM - Windows Update RP306: 5/24/2013 10:00:24 AM - Windows Defender Checkpoint RP308: 5/25/2013 5:39:53 PM - Windows Defender Checkpoint RP309: 5/28/2013 10:31:04 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) aaa Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader X (10.1.7) Adobe Stock Photos 1.0 Advanced Audio FX Engine Any Video Converter 3.1.8 ASIO4ALL Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Best Buy pc app Best Service Chris Hein Horns BitLord 1.2 Bulgarian (Phonetic) by Iliya Dankov CamStudio OSS Desktop Recorder D3DX10 DAEMON Tools Lite Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Product Registration Dell Webcam Central East West Colossus East West EWQLSO Gold Edition East West Ra East West Stormdrum Kompakt escv ESET Online Scanner v3 Expat Shield 2.24 FamilySearch Indexing 3.17.3 FoxTab PDF Converter Free Mp3 Wma Converter V 1.91 GetDiz 4.5 Google Chrome Google Earth Plug-in Google Update Helper GoToAssist 8.0.0.514 Guitar Pro 5.2 HiJackThis ImgBurn Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor Intel® Wireless Display Intel® PROSet/Wireless WiMAX Software Internet Explorer Java 7 Update 17 Java Auto Updater Java 6 Update 21 (64-bit) Java 6 Update 35 Junk Mail filter update Live 8.0.4 Live! Cam Avatar Creator Malwarebytes Anti-Malware Version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office File Validation Add-In Microsoft Office Office 64-bit Components 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Starter 2010 - English Microsoft Office Word 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works 6-9 Converter Mignet Assistant Service Mozilla Firefox 21.0 (x86 ga-IE) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 My Dell Native Instruments Controller Editor Native Instruments Guitar Rig 4 Native Instruments Kontakt 4 Native Instruments Kontakt Factory Selection Native Instruments Service Center Panda Cloud Antivirus Panda Security URL Filtering PDF24 Creator 3.8.0 Quickset64 RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealStrat 1.0 Realtek High Definition Audio Driver RealUpgrade 1.1 Reason 5.0 Roxio Burn Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sibelius 6 Sibelius Scorch (Firefox, Opera, Netscape only) Spybot - Search & Destroy Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Mobile Device Updater Component WinRAR archiver Xvid 1.2.2 final uninstall YTD Toolbar v6.6 Zune Zune Language Pack (DEU) Zune Language Pack (ESP) Zune Language Pack (FRA) Zune Language Pack (ITA) Zune Language Pack (NLD) Zune Language Pack (PTB) Zune Language Pack (PTG) . ==== Event Viewer Messages From Past Week ======== . 6/1/2013 4:21:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/1/2013 3:53:27 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/1/2013 3:43:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/1/2013 3:43:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/1/2013 3:43:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/1/2013 3:43:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/1/2013 3:43:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 6/1/2013 3:42:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache NNSALPC NNSHTTP NNSIDS NNSPICC NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC spldr Wanarpv6 6/1/2013 3:42:52 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 6/1/2013 3:39:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 5/31/2013 9:09:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 5/31/2013 9:08:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Panda Product Service service to connect. 5/31/2013 9:08:20 AM, Error: Service Control Manager [7000] - The Panda Product Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/31/2013 11:49:37 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/31/2013 11:49:37 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/31/2013 11:49:37 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/31/2013 11:49:37 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/31/2013 11:34:08 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/31/2013 11:34:08 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/31/2013 11:34:08 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/31/2013 11:34:08 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/30/2013 12:55:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 5/30/2013 10:46:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache NNSALPC NNSHTTP NNSIDS NNSPICC NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC spldr sptd Wanarpv6 5/30/2013 10:45:21 AM, Error: sptd [4] - Driver detected an internal error in its data structures for . 5/30/2013 10:25:33 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/30/2013 10:25:33 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/30/2013 10:25:33 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/30/2013 10:25:33 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure. 5/30/2013 10:25:33 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 5/30/2013 10:25:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 5/29/2013 9:44:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIHardwareService service. 5/29/2013 11:13:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - Rinneadh athbhútáil ar an ríomhaire ó sheiceáil dífhabhtóirí. Ba é 0x0000001e (0xffffffffc0000005, 0xfffffa8008b253ef, 0x0000000000000000, 0x000000007efa003c) an seiceáil dífhabhtóirí. Sábháladh dumpa in: C:\Windows\MEMORY.DMP. Aitheantóir na tuairisce: 052913-26863-01. 5/28/2013 10:19:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 5/26/2013 5:13:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - Rinneadh athbhútáil ar an ríomhaire ó sheiceáil dífhabhtóirí. Ba é 0x0000007e (0xffffffffc0000005, 0xfffff88001985369, 0xfffff8800b487018, 0xfffff8800b486870) an seiceáil dífhabhtóirí. Sábháladh dumpa in: C:\Windows\MEMORY.DMP. Aitheantóir na tuairisce: 052613-32729-01. 5/25/2013 5:33:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. 5/25/2013 3:39:49 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OEM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}. The master browser is stopping or an election is being forced. . ==== End Of File =========================== I am extremely grateful for all the help I'm told I will receive. I appreciate what ye forum experts volunteer to do in order to help those who have less experience, knowledge, expertise, or whatever else. Thanks, Erik.
  22. Hello, I am currently infected with the Win32/Conficker.B virus on my work machine. A little background on it, someone here at work downloaded the virus on one of our network drives which has spread to many machines I assume. Our MIS department has recently swapped servers so it won't spread anymore, but several machines are still infected by this virus. I have run several different scans in and out of safe mode only to have it return. As of today, Malwarebytes no longer recognizes the virus for some reason, but Microsoft Security Essentials is still finding instances of it. I've been dealing with this for over a week now and have had no success removing. It will be greatly appreciated if you can help rid my machine of this nasty virus. Much obliged, Jeff D attach.txt dds.txt
  23. Ok, I Am To Understand That MBAM Will Not Be Able To Remove This Infection From My PC. That's Not Too Big Of A Deal, Most Of My Media Is Backed Up Onto An External HD Of One Kind Or Another. My Only Concern Is That Most Is Not All. I Shoot Video Of Local Bands And Artists Here In Seattle, Just For Fun, And Between My Last Backup Session And The Worm.Parite Infection I Have Some New Video Projects In The Works. I Have Updated MBAM Everyday, Rescan, And Worm.Parite Will Either Have 1 File Or A Bunch (297 One Time). If I Remove As Many As Possible Before It Replicates, What Are The Chances That Plugging In My External And Backing Up The Last Of My Media Will Result In The External (Or My Reformatted PC) Being Infected Further? Any Information Is Appreciated! Cheers!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.