Jump to content

FBI Virus on Main profile, Remove from different profile (via logmein)


Recommended Posts

Hello WoodyGrape and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  • Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Sweet Thanks for the help.  Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01
Ran by rui lopes (administrator) on ROSE on 10-09-2013 06:28:58
Running from C:\Users\rui lopes\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
() C:\Program Files\Softland\novaPDF Professional Server 7\novasvo7.exe
(WebConnect) C:\Program Files\WebConnect\updateWebConnect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPagePro12.0\opware12.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Xyron Inc.) C:\Program Files\Xyron Wishblade Controller\XYWSSupervisor.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(LogMeIn, Inc.) C:\Users\rui lopes\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe
(LogMeIn, Inc.) C:\Users\RUILOP~1\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe
(LogMeIn, Inc.) C:\Users\RUILOP~1\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [sSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2010-07-12] (Nullsoft, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Opware12] - C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe [49152 2002-08-01] (ScanSoft, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-25] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Runonce: [spUninstallCleanUp] - REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKCU\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKCU\...\Run: [AdobeUpdater] - C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe [970752 2007-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKCU\...\Run: [iSUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKCU\...\Runonce: [spUninstallDeleteDir] - rmdir /s /q "C:\Users\rui lopes\AppData\Roaming\SearchProtect"
MountPoints2: {b816d4da-a258-11df-9d25-806e6f6e6963} - E:\Setup.exe
MountPoints2: {e5a8939b-22da-11e2-b504-00508db68430} - D:\MotoCastSetup.exe -a
HKU\RoLopes\...\Run: [Raptr] - C:\PROGRA~1\Raptr\raptrstub.exe --startup
HKU\RoLopes\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [ 2012-02-23] (Apple Inc.)
HKU\RoLopes\...\Run: [iSUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [ 2004-06-16] (InstallShield Software Corporation)
HKU\RoLopes\...\Run: [searchProtect] - C:\Users\RoLopes\AppData\Roaming\SearchProtect\bin\cltmng.exe [ 2013-05-07] (Conduit)
HKU\RoLopes\...\Run: [XNNPn0Tvs.exe] - C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5\XNNPn0Tvs.exe [ 2013-09-09] ()
HKU\RoLopes\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\RoLopes\...\Command Processor: "C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5\XNNPn0Tvs.exe" <===== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xyron Wishblade Status Supervisor.lnk
ShortcutTarget: Xyron Wishblade Status Supervisor.lnk -> C:\Program Files\Xyron Wishblade Controller\XYWSSupervisor.exe (Xyron Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=2639&t=01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDyDtDzz0D0ByCzzyEtAtDyC0E0EtBtN0D0Tzu0CtByDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=963140867
SearchScopes: HKLM - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDyDtDzz0D0ByCzzyEtAtDyC0E0EtBtN0D0Tzu0CtByDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=963140867
SearchScopes: HKCU - DefaultScope {721F069D-273F-4DF4-B052-CDF713B13D52} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=047121D3-1A1D-4C40-83BE-9768411AB233&apn_sauid=699C4977-7096-4C66-A24D-FDF2CAF0F6CA
SearchScopes: HKCU - {0AC60B17-D8AC-871D-595C-0B8AC1E509C0} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKCU - {4DE50B51-7049-4A5E-AE87-A94E3AD7C23D} URL = http://www.mysearchresults.com/search?c=2639&t=01&q={searchTerms}
SearchScopes: HKCU - {721F069D-273F-4DF4-B052-CDF713B13D52} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=047121D3-1A1D-4C40-83BE-9768411AB233&apn_sauid=699C4977-7096-4C66-A24D-FDF2CAF0F6CA
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - {FB6A4C5C-6C26-44DA-9CE2-DB272259933A} URL = http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q={searchTerms}&src=IE-SearchBox
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: No Name - {1036AD63-AEAC-460B-9060-C96005D4DC86} -  No File
BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files\WebConnect\WebConnectbho.dll (Web Connect)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\RoLopes\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -  No File
BHO: No Name - {f904f51b-52dd-42ec-9dc8-d0856a0d1d67} -  No File
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {22E03916-85C5-44B0-8DC9-1830C11238D9} -  No File
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Privacy SafeGuard) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0
CHR Extension: (WebConnect) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_0
CHR Extension: (AVG SafeGuard) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.6.1.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\RUILOP~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\RoLopes\AppData\Local\funmoods-speeddial.crx
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\RoLopes\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx
CHR HKLM\...\Chrome\Extension: [ieakfmpjhljbpbfpldjkddkjmmgjmgon] - C:\Program Files\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 
========================== Services (Whitelisted) =================
 
R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated)
S2 DefaultTabUpdate; C:\Users\RoLopes\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-09-25] ()
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 LMIRescue_9c0fc4af-2319-431f-88b1-4fd99142c47a; C:\Users\RUILOP~1\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe [2570592 2013-09-09] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 novaPDF Professional; C:\Program Files\Softland\novaPDF Professional Server 7\novasvo7.exe [66888 2010-10-19] ()
R2 Update WebConnect; C:\Program Files\WebConnect\updateWebConnect.exe [206632 2013-08-29] (WebConnect)
 
==================== Drivers (Whitelisted) ====================
 
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKslc2b97723; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44216E09-DF63-4929-AF12-9DB207AE2021}\MpKslc2b97723.sys [29904 2013-09-09] (Microsoft Corporation)
S3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [52656 2009-09-28] ()
S3 OXUDIDRV; C:\Windows\system32\Drivers\OXUDIDRV_X32.sys [24880 2011-07-30] ()
S2 Par1284; C:\Program Files\Xyron Wishblade Create and Cut 8.1v1\Program\Par1284.sys [53344 2006-10-16] (Warp Nine Engineering)
S1 A2DDA; \??\C:\Users\RoLopes\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-10 06:27 - 2013-09-10 06:27 - 01082349 _____ (Farbar) C:\Users\rui lopes\Desktop\FRST.exe
2013-09-09 23:36 - 2013-09-09 23:36 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\rui lopes\Desktop\tdsskiller.exe
2013-09-09 22:16 - 2013-09-09 22:16 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 22:16 - 2013-09-09 22:16 - 00000000 ____D C:\Users\rui lopes\AppData\Roaming\Malwarebytes
2013-09-09 22:16 - 2013-09-09 22:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 22:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-09 22:12 - 2013-09-09 22:12 - 00000000 ____D C:\Users\rui lopes\AppData\Roaming\TuneUpMedia
2013-09-09 22:00 - 2013-09-09 22:01 - 00002756 _____ C:\Users\rui lopes\Desktop\Rkill.txt
2013-09-09 21:59 - 2013-09-09 21:59 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\rui lopes\Downloads\iExplore.exe
2013-09-09 21:56 - 2013-09-09 21:56 - 00000000 ____D C:\Users\RUILOP~1\AppData\Local\LogMeIn Rescue Applet
2013-09-09 21:52 - 2013-09-09 22:13 - 00000000 ____D C:\Users\rui lopes\AppData\Roaming\Nico Mak Computing
2013-09-09 21:51 - 2013-09-09 22:13 - 00000000 ____D C:\Users\rui lopes\AppData\Roaming\WinZip
2013-09-09 21:47 - 2013-09-09 21:47 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\tk6MHJky
2013-09-09 21:47 - 2013-09-09 21:47 - 00183296 _____ C:\Users\RoLopes\AppData\Local\ALPjKEzoFI
2013-09-09 21:47 - 2013-09-09 21:47 - 00183296 _____ C:\ProgramData\MhU8WQn0YlD
2013-09-09 21:44 - 2013-09-09 21:44 - 00003552 ____N C:\bootsqm.dat
2013-09-09 09:26 - 2013-09-09 09:26 - 00000000 ____D C:\Users\RUILOP~1\AppData\Local\avgchrome
2013-09-09 09:22 - 2013-09-09 09:22 - 00001108 __RSH C:\Users\rui lopes\ntuser.pol
2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\Ldxp5mFTaU
2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\Users\RoLopes\AppData\Local\YTAwXLj4Z
2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\ProgramData\HrpDE6WwxO9
2013-09-09 09:01 - 2013-09-09 09:21 - 00000000 ____D C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5
2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\YySnRP31VVs
2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\Users\RoLopes\AppData\Local\ApCF8G61l
2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\ProgramData\7J7YhLhUD3d
2013-09-06 18:49 - 2013-09-06 18:54 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\SearchProtect
2013-09-06 18:49 - 2013-09-06 18:49 - 00000000 ____D C:\Program Files\Conduit
2013-09-06 18:48 - 2013-09-09 22:10 - 00000000 ____D C:\Users\RoLopes\AppData\Local\Conduit
2013-09-06 18:47 - 2013-09-06 18:47 - 00000000 _____ C:\Users\RoLopes\Downloads\Pconverter_B3.exe.1hs81t7.partial
2013-09-06 18:20 - 2013-09-06 18:20 - 00000000 ____D C:\Users\RoLopes\AppData\Local\WinZip
2013-09-06 18:19 - 2013-09-06 18:20 - 00000000 ____D C:\ProgramData\WinZip
2013-09-06 18:19 - 2013-09-06 18:19 - 00002205 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-09-06 18:19 - 2013-09-06 18:19 - 00000000 ____D C:\Program Files\WinZip
2013-09-06 18:13 - 2013-09-06 18:13 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-06 18:13 - 2013-09-06 18:13 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-06 18:13 - 2013-09-06 18:13 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\2V2Z1C1P1H1P1Q1F2W1G1I1F1T1QtAtB
2013-09-06 18:12 - 2013-09-06 18:13 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\PCFixSpeed
2013-09-06 18:12 - 2013-09-06 18:12 - 101861744 _____ C:\Users\RoLopes\Downloads\winzip175.exe
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\Delta
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\BabSolution
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\24x7 Help
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-06 18:11 - 2013-09-06 18:12 - 00000000 ____D C:\Program Files\WebConnect
2013-09-06 18:11 - 2013-09-06 18:11 - 00608552 _____ C:\Users\RoLopes\Downloads\winzip setup.exe
2013-09-05 11:10 - 2013-09-05 11:10 - 00821248 _____ C:\Users\RoLopes\Desktop\FreeISOBurner.exe
2013-08-14 03:01 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 03:01 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 03:01 - 2013-07-25 20:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 03:01 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 03:01 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 03:01 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 03:01 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 03:01 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 03:01 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 03:01 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 03:01 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 03:01 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 03:01 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 03:01 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 03:01 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 03:01 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-13 17:03 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 17:03 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 17:03 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-13 17:03 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 17:03 - 2013-07-08 21:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 17:03 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 17:03 - 2013-07-08 21:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 17:03 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 17:03 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 17:03 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 17:03 - 2013-07-05 22:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 17:03 - 2013-06-14 20:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 13:22 - 2012-08-24 10:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-11 13:22 - 2012-08-24 10:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-11 13:22 - 2012-08-24 09:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-11 13:22 - 2012-08-24 09:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
 
==================== One Month Modified Files and Folders =======
 
2013-09-10 06:28 - 2013-09-10 06:28 - 00000000 ____D C:\FRST
2013-09-10 06:27 - 2013-09-10 06:27 - 01082349 _____ (Farbar) C:\Users\rui lopes\Desktop\FRST.exe
2013-09-10 06:18 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing
2013-09-10 06:14 - 2012-10-15 22:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 05:49 - 2010-09-10 14:37 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 03:00 - 2010-08-07 12:22 - 01998225 _____ C:\Windows\WindowsUpdate.log
2013-09-09 23:36 - 2013-09-09 23:36 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\rui lopes\Desktop\tdsskiller.exe
2013-09-09 22:16 - 2013-09-09 22:16 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-09 22:16 - 2013-09-09 22:16 - 00000000 ____D C:\Users\rui lopes\AppData\Roaming\Malwarebytes
2013-09-09 22:16 - 2013-09-09 22:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-09 22:13 - 2013-09-09 21:52 - 00000000 ____D C:\Users\rui lopes\AppData\Roaming\Nico Mak Computing
2013-09-09 22:13 - 2013-09-09 21:51 - 00000000 ____D C:\Users\rui lopes\AppData\Roaming\WinZip
2013-09-09 22:13 - 2012-09-14 20:36 - 00000000 ____D C:\Program Files\WinZip Registry Optimizer
2013-09-09 22:12 - 2013-09-09 22:12 - 00000000 ____D C:\Users\rui lopes\AppData\Roaming\TuneUpMedia
2013-09-09 22:12 - 2010-08-12 12:22 - 00000000 ____D C:\Windows\system32\appmgmt
2013-09-09 22:10 - 2013-09-06 18:48 - 00000000 ____D C:\Users\RoLopes\AppData\Local\Conduit
2013-09-09 22:01 - 2013-09-09 22:00 - 00002756 _____ C:\Users\rui lopes\Desktop\Rkill.txt
2013-09-09 22:00 - 2009-07-13 21:34 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 22:00 - 2009-07-13 21:34 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 21:59 - 2013-09-09 21:59 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\rui lopes\Downloads\iExplore.exe
2013-09-09 21:56 - 2013-09-09 21:56 - 00000000 ____D C:\Users\RUILOP~1\AppData\Local\LogMeIn Rescue Applet
2013-09-09 21:51 - 2013-04-27 17:23 - 08405015 _____ C:\Windows\TempFile
2013-09-09 21:51 - 2012-09-19 19:10 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-09 21:51 - 2010-09-10 14:37 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 21:51 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 21:51 - 2009-07-13 21:39 - 00087974 _____ C:\Windows\setupact.log
2013-09-09 21:47 - 2013-09-09 21:47 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\tk6MHJky
2013-09-09 21:47 - 2013-09-09 21:47 - 00183296 _____ C:\Users\RoLopes\AppData\Local\ALPjKEzoFI
2013-09-09 21:47 - 2013-09-09 21:47 - 00183296 _____ C:\ProgramData\MhU8WQn0YlD
2013-09-09 21:45 - 2010-08-07 12:48 - 00160456 _____ C:\Windows\PFRO.log
2013-09-09 21:44 - 2013-09-09 21:44 - 00003552 ____N C:\bootsqm.dat
2013-09-09 09:30 - 2012-08-05 16:14 - 00000000 ____D C:\Program Files\Free Window Registry Repair
2013-09-09 09:26 - 2013-09-09 09:26 - 00000000 ____D C:\Users\RUILOP~1\AppData\Local\avgchrome
2013-09-09 09:22 - 2013-09-09 09:22 - 00001108 __RSH C:\Users\rui lopes\ntuser.pol
2013-09-09 09:22 - 2010-11-20 20:53 - 00000000 ____D C:\Users\rui lopes
2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\Ldxp5mFTaU
2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\Users\RoLopes\AppData\Local\YTAwXLj4Z
2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\ProgramData\HrpDE6WwxO9
2013-09-09 09:21 - 2013-09-09 09:01 - 00000000 ____D C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5
2013-09-09 09:21 - 2010-08-23 21:36 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\Azureus
2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\YySnRP31VVs
2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\Users\RoLopes\AppData\Local\ApCF8G61l
2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\ProgramData\7J7YhLhUD3d
2013-09-09 07:18 - 2012-09-27 20:14 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\Raptr
2013-09-08 13:07 - 2010-08-07 12:31 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-08 11:21 - 2012-08-05 16:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-08 11:21 - 2011-02-04 19:57 - 00001945 _____ C:\Windows\epplauncher.mif
2013-09-06 18:54 - 2013-09-06 18:49 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\SearchProtect
2013-09-06 18:49 - 2013-09-06 18:49 - 00000000 ____D C:\Program Files\Conduit
2013-09-06 18:47 - 2013-09-06 18:47 - 00000000 _____ C:\Users\RoLopes\Downloads\Pconverter_B3.exe.1hs81t7.partial
2013-09-06 18:29 - 2010-10-20 23:20 - 00000000 ____D C:\Users\RoLopes\Documents\My eBooks
2013-09-06 18:20 - 2013-09-06 18:20 - 00000000 ____D C:\Users\RoLopes\AppData\Local\WinZip
2013-09-06 18:20 - 2013-09-06 18:19 - 00000000 ____D C:\ProgramData\WinZip
2013-09-06 18:19 - 2013-09-06 18:19 - 00002205 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-09-06 18:19 - 2013-09-06 18:19 - 00000000 ____D C:\Program Files\WinZip
2013-09-06 18:18 - 2012-11-08 12:22 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-06 18:13 - 2013-09-06 18:13 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-06 18:13 - 2013-09-06 18:13 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-06 18:13 - 2013-09-06 18:13 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\2V2Z1C1P1H1P1Q1F2W1G1I1F1T1QtAtB
2013-09-06 18:13 - 2013-09-06 18:12 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\PCFixSpeed
2013-09-06 18:12 - 2013-09-06 18:12 - 101861744 _____ C:\Users\RoLopes\Downloads\winzip175.exe
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\Delta
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\BabSolution
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\24x7 Help
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-06 18:12 - 2013-09-06 18:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-06 18:12 - 2013-09-06 18:11 - 00000000 ____D C:\Program Files\WebConnect
2013-09-06 18:11 - 2013-09-06 18:11 - 00608552 _____ C:\Users\RoLopes\Downloads\winzip setup.exe
2013-09-05 21:15 - 2012-09-14 20:35 - 00000000 ____D C:\Program Files\Vuze
2013-09-05 18:00 - 2012-09-14 20:36 - 00000000 ____D C:\Users\RoLopes\AppData\Roaming\Nico Mak Computing
2013-09-05 17:57 - 2012-10-15 22:52 - 00001798 _____ C:\Users\Public\Desktop\Vuze.lnk
2013-09-05 11:10 - 2013-09-05 11:10 - 00821248 _____ C:\Users\RoLopes\Desktop\FreeISOBurner.exe
2013-09-03 18:53 - 2011-10-08 20:54 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-21 01:14 - 2012-10-15 22:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 01:14 - 2012-10-15 22:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-16 14:55 - 2012-09-14 20:36 - 00001108 __RSH C:\Users\RoLopes\ntuser.pol
2013-08-16 14:55 - 2010-08-07 12:29 - 00000000 ____D C:\Users\RoLopes
2013-08-14 03:22 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 03:09 - 2013-08-07 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 03:06 - 2010-09-02 18:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 03:06 - 2010-08-07 12:41 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-11 18:30 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
 
Files to move or delete:
====================
C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5\XNNPn0Tvs.exe
C:\Users\RoLopes\AppData\Local\Temp\APNStub.exe
C:\Users\RoLopes\AppData\Local\Temp\haspdinst_x64.exe
C:\Users\RoLopes\AppData\Local\Temp\i4jdel0.exe
C:\Users\RoLopes\AppData\Local\Temp\i4jdel1.exe
C:\Users\RoLopes\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\RoLopes\AppData\Local\Temp\MSETUP4.EXE
C:\Users\RoLopes\AppData\Local\Temp\nsnB54A.exe
C:\Users\RoLopes\AppData\Local\Temp\nsq91BB.exe
C:\Users\RoLopes\AppData\Local\Temp\nsu764.exe
C:\Users\RoLopes\AppData\Local\Temp\nsyA546.exe
C:\Users\RoLopes\AppData\Local\Temp\oi_{244382C5-A374-4F85-A98F-13225B5BCC0E}.exe
C:\Users\RoLopes\AppData\Local\Temp\SPStub.exe
C:\Users\RoLopes\AppData\Local\Temp\vygqvusnpykaaqqpknv.dll
C:\Users\RoLopes\AppData\Local\Temp\vygqvusnpykaaqqpknv.exe
C:\Users\RoLopes\AppData\Local\Temp\winzipdusetup_WZDU16_20130711.exe
C:\Users\RoLopes\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe
C:\Users\RUILOP~1\AppData\Local\Temp\7za.exe
C:\Users\RUILOP~1\AppData\Local\Temp\nsyAF65.exe
C:\Users\RUILOP~1\AppData\Local\Temp\tbPcon.dll
C:\Users\RUILOP~1\AppData\Local\Temp\uninst1.exe
C:\Users\RUILOP~1\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\RUILOP~1\AppData\Local\Temp\YontooSetup-Silent.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-12 00:25
 
==================== End Of Log ============================
 
 
And From Addition.txt
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013 01
Ran by rui lopes at 2013-09-10 06:29:57
Running from C:\Users\rui lopes\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.0.3.13070)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Photoshop Elements 9 (Version: 9.0.3.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Premiere Elements 9 (Version: 9.0)
Adobe Premiere Elements 9 (Version: 9.0.1)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Any DVD Cloner Platinum 1.1.1
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Application Verifier (Version: 4.1.1078)
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
ArcSoft PhotoStudio 5.5
Audacity 1.3.12 (Unicode)
Bonjour (Version: 3.0.0.10)
Camera Window (Version: 4.6.1)
Canon Camera Support Core Library (Version: 7.0.1.17)
Canon Camera Window for ZoomBrowser EX (Version: 4.6.1)
Canon CanoScan 8800F User Registration
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon i9900
Canon Inkjet Printer Driver Add-On Module
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iX6500 series Printer Driver
Canon iX6500 series User Registration
Canon MP Navigator EX 1.0
Canon My Printer
Canon PhotoRecord (Version: 02.00.00029)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.1)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 0.9.1)
Canon Solution Menu EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1 (Version: 3.1.13)
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX (Version: 04.06.00032)
Clone2Go DVD Ripper 1.9.2
Cutting Master 2 for CraftROBO 1.20
Debugging Tools for Windows (x86) (Version: 6.12.2.633)
DivX Setup (Version: 2.6.1.5)
DVD Shrink 3.2
Easy-WebPrint
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
GIMP (Version: 2.6.11)
Google Chrome (Version: 29.0.1547.66)
Google Update Helper (Version: 1.3.21.153)
honestech VHS to DVD 2.0 Deluxe (Version: 2.2)
iCloud (Version: 2.1.1.3)
Inkscape 0.46 (Version: 0.46)
iTunes (Version: 11.0.2.26)
Jasc Paint Shop Pro 9 (Version: 9.00.0000)
LAME v3.98.3 for Audacity
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Manual CanoScan 5000,5000F,8000F
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Reader
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows Debugging Symbols (Version: 7100)
Microsoft Windows Debugging Symbols (Version: 7600)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Mobipocket Reader 6.2 (Version: 6.2.608)
MP3 WAV WMA Converter (Version: MP3 WAV WMA Converter)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Premium (Version: 7.03.1357)
neroxml (Version: 1.0.0)
novaPDF Professional Server 7.2 printer
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OmniPage Pro 12.0 (Version: 12.00.0000)
Parallels runtime modules (Version: 1.00.0000)
Parallels Transporter Agent (Version: 6.00.15055)
Parallels USB Driver (Version: 6.00.15055)
PhotoStitch (Version: 3.1.13)
Picasa 3 (Version: 3.8)
Presto! PageManager 6
Presto! PageManager 7.15.16 (Version: 7.15.16)
Privacy SafeGuard version 1.1 (Version: 1.1)
QuickTime (Version: 7.73.80.64)
RAW Image Task (Version: 0.9.1)
RemoteCapture Task (Version: 0.9.1)
RemoteComms External Disk Access (Version: 1.25.0003)
Safari (Version: 5.34.57.2)
ScanSoft OmniPage SE 4 (Version: 15.2.0020)
ScanSoft RealSpeak (Version: 12.00.0000)
SmartSound Quicktracks for Premiere Elements 9.0 (Version: 3.12.3090)
SnapAPI (Version: 3.0.306)
System Requirements Lab
System Requirements Lab for Intel (Version: 4.5.5.0)
The Print Shop®
TuneUp 2.4.6.4 (Version: 2.4.6.4)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 VIDBOX NW01 (Version: 1.0.2.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VideoAdvantage USB (Version: 1.00.0000)
VideoAdvantage USB Driver (Version: 1.0.0.1)
Vuze (Version: 5.1.0.0)
WebConnect 3.0.0 (Version: 3.0.0)
Winamp (Version: 5.581 )
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinZip 17.5 (Version: 17.5.10562)
Xyron Wishblade (Version: 3.00)
Xyron Wishblade Controller (Version: 3.20)
Xyron Wishblade Create and Cut 8.1v1 (Version: 1.00.0000)
 
 
==================== Restore Points  =========================
 
08-09-2013 18:00:01 Windows Update
08-09-2013 18:15:28 WinZip Registry Optimizer Sun, Sep 08, 13  11:15
08-09-2013 18:19:25 Windows Update
10-09-2013 04:59:22 Removed Java 7 Update 9
10-09-2013 05:09:15 Removed JavaFX 2.1.1
10-09-2013 05:11:32 Removed Sentinel Protection Installer 7.3.1
 
==================== Hosts content: ==========================
 
2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {080A9B4A-8CEC-4C7B-BDF6-4F5C28C84DA9} - System32\Tasks\EPUpdater => C:\Users\RoLopes\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-08-04] ()
Task: {0A1CB755-85EF-47BF-B826-0141537A35AE} - System32\Tasks\{A852D83A-231C-4CC3-B7FC-9F579095406B} => C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe [2004-07-26] (DVD Shrink)
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {11634D8A-7CB3-4D36-BBB8-D7616069F703} - System32\Tasks\{0E4E00C9-BC9A-4047-8376-73F121204A66} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {2002C8EE-1413-4014-B59A-129511945C0C} - System32\Tasks\4889 => C:\Windows\System32\wscript.exe [2009-07-13] (Microsoft Corporation)
Task: {20C3A0F2-A4CB-4A3A-B45E-66C5F1265351} - System32\Tasks\{15CBE04D-555A-4A7A-8AC2-876001C07499} => C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe [2004-07-26] (DVD Shrink)
Task: {30936864-D245-4800-90F9-8D8D69A17416} - System32\Tasks\User_Feed_Synchronization-{42BD7846-FAD9-4D08-9CB6-2718D74A1854} => C:\Windows\system32\msfeedssync.exe [2013-04-27] (Microsoft Corporation)
Task: {530E9B12-9822-44A6-9C19-65538815378B} - System32\Tasks\0 => Iexplore.exe 
Task: {5BC4B2E0-B7ED-497E-9C44-E459338F5164} - System32\Tasks\{4AD9468B-7B40-4D13-9359-473AD0F80274} => C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe [2004-07-26] (DVD Shrink)
Task: {700EC338-801F-4CEC-8FFE-38074C8E096A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {7E612FC8-762F-4E14-9EC1-C877F159CD69} - System32\Tasks\{27EBC709-289C-43C5-A9B9-9AD5CCE8F4AD} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {8138F8A8-DBDE-4A8D-816E-C6400C439C07} - System32\Tasks\{66FA905A-15A1-4910-A6B2-16AD16C6E4C1} => C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe [2004-07-26] (DVD Shrink)
Task: {9560B764-E76A-4F0F-8C13-3E613A6DFA4E} - System32\Tasks\{0589EF90-752E-48FC-B69C-7A2E7DC647B5} => C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe [2004-07-26] (DVD Shrink)
Task: {9D2AC31D-B748-4A97-AECF-607FBDE2C0E7} - System32\Tasks\AdobeAAMUpdater-1.0-RoLopes-PC-RoLopes => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {BA0667E2-C4B6-43EC-A12E-DB390729B0BF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {C676884E-F9D2-4683-912F-792AC9C10481} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {CF79A937-8464-42C2-9A1F-613DC936DA15} - System32\Tasks\User_Feed_Synchronization-{0B2B3C5C-5321-498B-B5E9-DFD19830CB24} => C:\Windows\system32\msfeedssync.exe [2013-04-27] (Microsoft Corporation)
Task: {D37F657B-3FAB-448F-86DF-B072C0CBE928} - System32\Tasks\{C036651E-E556-4ED1-A875-F507FBEA3DC4} => C:\Program Files\Adobe\Photoshop Elements 5.0\Photoshop Elements 5.0.exe
Task: {D6E70252-C6DF-469A-B516-1CA169908146} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-10] (Google Inc.)
Task: {D887BD4A-2935-41C9-8C7A-3A8F5223935C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-10] (Google Inc.)
Task: {DFD85F31-796F-4A11-8179-9AA1DB17842C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E51C9AFF-7DE7-47E4-8CD4-7B8EC015056F} - System32\Tasks\{7EC8E78A-FD69-4810-A977-65A9542AF997} => C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsEditor.exe
Task: {E8A064C3-BF21-4816-B6FD-F596822D684B} - System32\Tasks\{10C1496C-D683-48A9-AD29-DC366A14F20E} => C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe [2004-07-26] (DVD Shrink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-06 18:12 - 2013-08-13 07:40 - 02699216 _____ () C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
2002-08-01 04:49 - 2002-08-01 04:49 - 00159744 _____ (ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll
2013-09-09 21:56 - 2013-09-09 21:56 - 00178528 _____ (LogMeIn, Inc.) C:\Users\rui lopes\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\rahook.dll
2013-09-09 21:57 - 2013-09-09 21:56 - 00178528 _____ (LogMeIn, Inc.) C:\Users\rui lopes\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMIRhook.000.dll
2013-07-15 17:50 - 2013-07-15 17:50 - 00012144 ____R (WinZip Computing, S.L.) C:\Program Files\WinZip\wzshlstb.dll
2008-01-22 10:12 - 2008-01-22 10:12 - 01291560 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
2008-04-08 08:56 - 2008-04-08 08:56 - 00099624 _____ (Nero AG) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
2011-07-15 19:55 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2011-01-07 08:58 - 2008-05-22 23:57 - 00020992 _____ (MagicISO, Inc.) C:\Program Files\MagicISO\misosh.dll
2007-02-05 09:29 - 2007-02-05 09:29 - 00139264 _____ (Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll
2011-07-28 16:09 - 2011-07-28 16:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-11-08 12:10 - 2010-07-25 19:08 - 00077824 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2012-11-08 12:12 - 2010-10-27 17:09 - 00040960 _____ (CANON INC.) C:\Program Files\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
2009-07-13 17:18 - 2010-11-20 05:20 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
2012-11-09 09:16 - 2010-11-15 06:00 - 03252736 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\W32X86\3\CNMXUIAO.DLL
2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00073064 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2008-05-14 08:34 - 2008-05-14 08:34 - 03077416 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll
2008-01-22 10:13 - 2008-01-22 10:13 - 00059176 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll
2008-01-22 10:13 - 2008-01-22 10:13 - 00020264 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll
2008-01-22 10:13 - 2008-01-22 10:13 - 02721064 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll
2013-04-27 17:14 - 2006-02-02 01:00 - 00114688 _____ (Graphtec Corp.) C:\Program Files\Xyron Wishblade Controller\GITKUSBP2.DLL
2008-01-22 10:14 - 2008-01-22 10:14 - 00320808 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll
2008-01-22 10:13 - 2008-01-22 10:13 - 00054056 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll
2008-01-22 10:12 - 2008-01-22 10:12 - 00742696 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll
2008-01-22 10:13 - 2008-01-22 10:13 - 00541992 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll
2008-01-22 10:13 - 2008-01-22 10:13 - 00107816 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll
2008-01-22 10:13 - 2008-01-22 10:13 - 00181544 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll
2008-01-22 10:13 - 2008-01-22 10:13 - 00181544 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll
2013-09-09 21:56 - 2013-09-09 21:56 - 01946984 _____ (LogMeIn, Inc.) C:\Users\rui lopes\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\rarcc.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\ProgramData\TEMP:443E07A5
AlternateDataStreams: C:\ProgramData\TEMP:B946D9EE
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: A2 Direct Disk Access Support Driver
Description: A2 Direct Disk Access Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: A2DDA
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2013 10:12:00 PM) (Source: Microsoft-Windows-RestartManager) (User: ROSE)
Description: Application or service 'Sentinel Protection Server' could not be restarted.
 
Error: (09/09/2013 10:12:00 PM) (Source: Microsoft-Windows-RestartManager) (User: ROSE)
Description: Application or service 'Sentinel Keys Server' could not be restarted.
 
Error: (09/09/2013 10:11:49 PM) (Source: SentinelKeysServer) (User: )
Description: 
 
Error: (09/09/2013 09:55:22 PM) (Source: MsiInstaller) (User: ROSE)
Description: Product: Jasc Paint Shop Pro 9 -- Error 1706.No valid source could be found for product Jasc Paint Shop Pro 9.  The Windows Installer cannot continue.
 
Error: (09/09/2013 09:54:25 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 134c
 
Start Time: 01ceade19df084cc
 
Termination Time: 151
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (09/09/2013 09:26:22 AM) (Source: MsiInstaller) (User: ROSE)
Description: Product: Jasc Paint Shop Pro 9 -- Error 1706.No valid source could be found for product Jasc Paint Shop Pro 9.  The Windows Installer cannot continue.
 
Error: (09/08/2013 11:23:04 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4dc
 
Start Time: 01ceacbfa33c1850
 
Termination Time: 48
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (09/08/2013 11:23:04 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1568
 
Start Time: 01ceacbfa0d62ac9
 
Termination Time: 84
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (09/06/2013 06:51:44 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)
 
Error: (09/06/2013 06:44:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16660, time stamp: 0x51f1c5f3
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db96c5
Exception code: 0xc0000005
Fault offset: 0x000477a2
Faulting process id: 0x1268
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
 
System errors:
=============
Error: (09/09/2013 10:08:56 PM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/09/2013 10:08:55 PM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Routing Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/09/2013 10:00:20 PM) (Source: Service Control Manager) (User: )
Description: The PLFlash DeviceIoControl Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/09/2013 09:51:47 PM) (Source: Service Control Manager) (User: )
Description: The Par1284 service failed to start due to the following error: 
%%20
 
Error: (09/09/2013 09:51:46 PM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service depends the following service: taphss. This service might not be installed.
 
Error: (09/09/2013 09:45:59 PM) (Source: Service Control Manager) (User: )
Description: The Par1284 service failed to start due to the following error: 
%%20
 
Error: (09/09/2013 09:45:59 PM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service depends the following service: taphss. This service might not be installed.
 
Error: (09/08/2013 10:57:26 AM) (Source: DCOM) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error: (09/08/2013 10:56:58 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated with the following error: 
%%-2147417831
 
Error: (09/08/2013 10:47:14 AM) (Source: Service Control Manager) (User: )
Description: The Par1284 service failed to start due to the following error: 
%%20
 
 
Microsoft Office Sessions:
=========================
Error: (09/09/2012 02:33:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19772 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (08/28/2011 10:03:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 120167 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/13/2011 11:17:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/13/2011 11:04:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/13/2011 10:28:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/13/2011 10:27:42 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1301 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error: (04/18/2011 03:18:23 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36147 seconds with 720 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-05-11 11:12:53.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-10 14:29:09.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-24 17:56:06.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-23 23:06:41.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-23 23:02:41.187
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-23 19:20:46.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-23 19:17:04.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-23 19:15:25.140
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-23 19:11:45.843
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-23 19:05:49.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 45%
Total physical RAM: 3070.49 MB
Available physical RAM: 1684.65 MB
Total Pagefile: 6139.27 MB
Available Pagefile: 4780.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.2 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:86.16 GB) NTFS
Drive f: (NewSpare) (Fixed) (Total:465.76 GB) (Free:446.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00C300C3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E85C66DC)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

While working your system, don't take any actions without my instructions, because I couldn't help you effectively in the best case or nothing at all.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory as FRST.exe and save it as fixlist.txt

 

HKU\RoLopes\...\Run: [XNNPn0Tvs.exe] - C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5\XNNPn0Tvs.exe [ 2013-09-09] ()

HKU\RoLopes\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION

HKU\RoLopes\...\Command Processor: "C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5\XNNPn0Tvs.exe" <===== ATTENTION!

2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\Ldxp5mFTaU

2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\Users\RoLopes\AppData\Local\YTAwXLj4Z

2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\ProgramData\HrpDE6WwxO9

2013-09-09 09:01 - 2013-09-09 09:21 - 00000000 ____D C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5

2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\YySnRP31VVs

2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\Users\RoLopes\AppData\Local\ApCF8G61l

2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\ProgramData\7J7YhLhUD3d

C:\Users\RoLopes\AppData\Local\Temp\vygqvusnpykaaqqpknv.dll

C:\Users\RoLopes\AppData\Local\Temp\vygqvusnpykaaqqpknv.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Alright, Here is the new log.... hopefully restarting doesnt screw this profile.. here goes nothing:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-09-2013 01
Ran by rui lopes at 2013-09-10 08:46:39 Run:1
Running from C:\Users\rui lopes\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKU\RoLopes\...\Run: [XNNPn0Tvs.exe] - C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5\XNNPn0Tvs.exe [ 2013-09-09] ()
HKU\RoLopes\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\RoLopes\...\Command Processor: "C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5\XNNPn0Tvs.exe" <===== ATTENTION!
2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\Ldxp5mFTaU
2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\Users\RoLopes\AppData\Local\YTAwXLj4Z
2013-09-09 09:21 - 2013-09-09 09:21 - 00183296 _____ C:\ProgramData\HrpDE6WwxO9
2013-09-09 09:01 - 2013-09-09 09:21 - 00000000 ____D C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5
2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\Users\RoLopes\AppData\Roaming\YySnRP31VVs
2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\Users\RoLopes\AppData\Local\ApCF8G61l
2013-09-09 09:01 - 2013-09-09 09:01 - 00183296 _____ C:\ProgramData\7J7YhLhUD3d
C:\Users\RoLopes\AppData\Local\Temp\vygqvusnpykaaqqpknv.dll
C:\Users\RoLopes\AppData\Local\Temp\vygqvusnpykaaqqpknv.exe
*****************
 
HKU\RoLopes\Software\Microsoft\Windows\CurrentVersion\Run\\XNNPn0Tvs.exe => Value not found.
HKU\RoLopes\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\RoLopes\Software\Microsoft\Command Processor\\AutoRun => Value not found.
C:\Users\RoLopes\AppData\Roaming\Ldxp5mFTaU => Moved successfully.
C:\Users\RoLopes\AppData\Local\YTAwXLj4Z => Moved successfully.
C:\ProgramData\HrpDE6WwxO9 => Moved successfully.
C:\Users\RoLopes\AppData\Local\hAMrpXu3ea5 => Moved successfully.
C:\Users\RoLopes\AppData\Roaming\YySnRP31VVs => Moved successfully.
C:\Users\RoLopes\AppData\Local\ApCF8G61l => Moved successfully.
C:\ProgramData\7J7YhLhUD3d => Moved successfully.
C:\Users\RoLopes\AppData\Local\Temp\vygqvusnpykaaqqpknv.dll => Moved successfully.
C:\Users\RoLopes\AppData\Local\Temp\vygqvusnpykaaqqpknv.exe => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Here they are:

================= dds.txt =================

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660
Run by rui lopes at 18:41:16 on 2013-09-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3070.1809 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\RoLopes\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Users\rui lopes\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe
C:\Users\RUILOP~1\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe
C:\Program Files\Softland\novaPDF Professional Server 7\novasvo7.exe
C:\Windows\system32\IoctlSvc.exe
C:\Users\RUILOP~1\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\opware12.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\rui lopes\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Xyron Wishblade Controller\XYWSSupervisor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\msiexec.exe
C:\Users\RUILOP~1\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\rolopes\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - LocalServer32 - <no file>
BHO: {f904f51b-52dd-42ec-9dc8-d0856a0d1d67} - <orphaned>
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Easy-WebPrint: {03C1C47F-0538-4645-8372-D3109B9FC636} - c:\program files\canon\easy-webprint\Toolband.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office12\REFIEBAR.DLL
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater\AdobeUpdater.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [Opware12] "c:\program files\scansoft\omnipagepro12.0\Opware12.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\xyronw~1.lnk - c:\program files\xyron wishblade controller\XYWSSupervisor.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}




TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{70C9B41D-50ED-4624-944F-66A5097FF244} : DHCPNameServer = 66.174.92.14 69.78.96.14 8.8.8.8
TCP: Interfaces\{87F406DE-5858-4078-9E77-86DE5BE3B75B} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F9F31369-23C8-4849-B4AF-FB1F3B0AB6A5} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - LocalServer32 - <no file>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\rolopes\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-9-25 107520]
R2 LMIRescue_2e0904d1-e5db-417e-9fb8-454decdaaa7d;LogMeIn Rescue (2e0904d1-e5db-417e-9fb8-454decdaaa7d);c:\users\ruilop~1\appdata\local\logmei~1\lmir0001.tmp\LMI_Rescue_srv.exe [2013-9-11 2570592]
R2 LMIRescueUA_56367;LogMeIn Rescue (56367);c:\users\rui lopes\appdata\local\logmein rescue unattended\lmir0001.tmp\unattended_srv.exe [2013-9-10 1964408]
R2 novaPDF Professional;novaPDF Professional;c:\program files\softland\novapdf professional server 7\novasvo7.exe [2010-10-20 66888]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2011-7-30 24880]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-17 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-7 1343400]
.
=============== Created Last 30 ================
.
2013-09-12 01:28:53 712264 ----a-w- c:\program files\8hUninstall Allin1Convert.dll
2013-09-12 01:28:53 194952 ----a-w- c:\program files\8hres.dll
2013-09-11 03:45:57 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b84a9fd5-e449-4bce-b8b5-300e123d6f54}\mpengine.dll
2013-09-10 15:57:10 76168 ----a-w- c:\windows\system32\unlock.dll
2013-09-10 15:57:09 -------- d-----w- c:\users\rui lopes\appdata\local\LogMeIn Rescue Unattended
2013-09-10 13:28:19 -------- d-----w- C:\FRST
2013-09-10 05:16:21 -------- d-----w- c:\users\rui lopes\appdata\roaming\Malwarebytes
2013-09-10 05:16:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-10 05:16:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-10 05:16:03 -------- d-----w- c:\users\rui lopes\appdata\local\Programs
2013-09-10 05:12:41 -------- d-----w- c:\users\rui lopes\appdata\roaming\TuneUpMedia
2013-09-10 04:56:12 -------- d-----w- c:\users\rui lopes\appdata\local\LogMeIn Rescue Applet
2013-09-10 04:52:11 -------- d-----w- c:\users\rui lopes\appdata\roaming\Nico Mak Computing
2013-09-10 04:51:54 -------- d-----w- c:\users\rui lopes\appdata\roaming\WinZip
2013-09-09 18:32:46 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-09 16:26:05 -------- d-----w- c:\users\rui lopes\appdata\local\avgchrome
2013-09-07 04:29:12 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6ed92688-bc19-42db-956e-59e91bfce891}\gapaengine.dll
2013-09-07 01:49:09 -------- d-----w- c:\program files\Conduit
2013-09-07 01:13:03 -------- d-----w- c:\windows\system32\Extensions
2013-09-07 01:13:01 -------- d-----w- c:\windows\system32\searchplugins
2013-09-07 01:11:59 -------- d-----w- c:\program files\WebConnect
2013-08-14 00:03:37 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 00:03:34 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 00:03:34 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 00:03:34 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 00:03:34 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 00:03:31 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 00:03:29 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 00:03:29 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 00:03:26 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 00:03:25 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 00:03:19 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 00:03:16 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
==================== Find3M  ====================
.
2013-09-11 02:14:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 02:14:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-19 04:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 04:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
============= FINISH: 18:41:49.18 ===============

 

 

=========================== attach.txt ===========================

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/7/2010 12:29:39 PM
System Uptime: 9/11/2013 6:33:46 PM (0 hours ago)
.
Motherboard: http://www.abit.com.tw/ |  | IP35 PRO(P35+ICH9R)
Processor: Intel® Core2 Duo CPU     E4500  @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 84.921 GiB free.
E: is CDROM (UDF)
F: is FIXED (NTFS) - 466 GiB total, 446.163 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ABT2005\3&2411E6FE&1
Manufacturer:
Name:
PNP Device ID: ACPI\ABT2005\3&2411E6FE&1
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: A2 Direct Disk Access Support Driver
Device ID: ROOT\LEGACY_A2DDA\0000
Manufacturer:
Name: A2 Direct Disk Access Support Driver
PNP Device ID: ROOT\LEGACY_A2DDA\0000
Service: A2DDA
.
==== System Restore Points ===================
.
RP563: 9/8/2013 11:00:01 AM - Windows Update
RP565: 9/8/2013 11:15:28 AM - WinZip Registry Optimizer Sun, Sep 08, 13  11:15
RP566: 9/8/2013 11:19:25 AM - Windows Update
RP567: 9/9/2013 9:59:22 PM - Removed Java 7 Update 9
RP568: 9/9/2013 10:09:15 PM - Removed JavaFX 2.1.1
RP569: 9/9/2013 10:11:32 PM - Removed Sentinel Protection Installer 7.3.1
RP570: 9/11/2013 6:29:13 PM - Removed Application Verifier
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Any DVD Cloner Platinum 1.1.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
ArcSoft PhotoStudio 5.5
Audacity 1.3.12 (Unicode)
Bonjour
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon CanoScan 8800F User Registration
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon i9900
Canon Inkjet Printer Driver Add-On Module
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iX6500 series Printer Driver
Canon iX6500 series User Registration
Canon MP Navigator EX 1.0
Canon My Printer
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Solution Menu EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CanoScan 8800F
Clone2Go DVD Ripper 1.9.2
Cutting Master 2 for CraftROBO 1.20
Debugging Tools for Windows (x86)
DivX Setup
DVD Shrink 3.2
Easy-WebPrint
Elements 9 Organizer
Elements STI Installer
GIMP
Google Chrome
Google Update Helper
honestech VHS to DVD 2.0 Deluxe
iCloud
Inkscape 0.46
iTunes
Jasc Paint Shop Pro 9
LAME v3.98.3 for Audacity
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300
Manual CanoScan 5000,5000F,8000F
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Windows Debugging Symbols
Microsoft Windows Performance Toolkit
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MobileMe Control Panel
Mobipocket Reader 6.2
MP3 WAV WMA Converter
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
neroxml
novaPDF Professional Server 7.2 printer
OGA Notifier 2.0.0048.0
OmniPage Pro 12.0
Parallels runtime modules
Parallels Transporter Agent
Parallels USB Driver
PhotoStitch
Picasa 3
Presto! PageManager 6
Presto! PageManager 7.15.16
QuickTime
RAW Image Task
RemoteCapture Task
RemoteComms External Disk Access
Safari
ScanSoft OmniPage SE 4
ScanSoft RealSpeak
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SmartSound Quicktracks for Premiere Elements 9.0
SnapAPI
System Requirements Lab
System Requirements Lab for Intel
The Print Shop®
TuneUp 2.4.6.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 VIDBOX NW01
VC80CRTRedist - 8.0.50727.6195
VideoAdvantage USB
VideoAdvantage USB Driver
Vuze
Winamp
WinRAR 4.01 (32-bit)
WinZip 17.5
Xyron Wishblade
Xyron Wishblade Controller
Xyron Wishblade Create and Cut 8.1v1
.
==== Event Viewer Messages From Past Week ========
.
9/9/2013 9:51:46 PM, Error: Service Control Manager [7003]  - The Hotspot Shield Service service depends the following service: taphss. This service might not be installed.
9/9/2013 10:08:56 PM, Error: Service Control Manager [7034]  - The Hotspot Shield Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
9/9/2013 10:08:55 PM, Error: Service Control Manager [7034]  - The Hotspot Shield Routing Service service terminated unexpectedly.  It has done this 1 time(s).
9/9/2013 10:00:20 PM, Error: Service Control Manager [7034]  - The PLFlash DeviceIoControl Service service terminated unexpectedly.  It has done this 1 time(s).
9/8/2013 10:56:58 AM, Error: Service Control Manager [7023]  - The iPod Service service terminated with the following error:  %%-2147417831
9/7/2013 9:36:06 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/11/2013 6:34:12 PM, Error: Service Control Manager [7000]  - The Par1284 service failed to start due to the following error:  The system cannot find the device specified.
9/11/2013 6:27:37 PM, Error: Service Control Manager [7031]  - The Update WebConnect service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

 

Link to post
Share on other sites

Step 1

Please uninstall this application: Vuze

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.