Jump to content

Virus lurking and seems to have returned


qim

Recommended Posts

This follows up from https://forums.malwarebytes.org/index.php?showtopic=141769&page=2#entry789083

I am having various problems which may be related to hardware, but appear to be related to malware.

I have a website and like many others it is receiving continuous hits through a referral  from a dubious outfit named semalt (dot) com.  At the same time various things are happening: computer slow, keep losing the internet, unable to backup, etc

A possibility is that this semalt site has compromised systems everywhere, as the hits come through referrals from diferent countries in South America and Europe.

I am telling all this, in case I too have been compromised, as the reason I am getting this traffic is that i visited their page and left my email address and obviously the IP and other info.

Anyway, I have runthe full  Malwarebytes and it showed nothing. I also ran Eset and it was clean.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16533
Run by qimi at 21:55:31 on 2014-02-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.351.1033.18.6056.3463 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\POP Peeper\POPPeeper.exe
C:\windows\system32\RunDll32.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\windows\system32\LogonUI.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
uRun: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\qimi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{18DBC74A-DE0D-4804-B59B-7EE2A2B67458} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}\1456E616F5B4572696 : DHCPNameServer = 10.81.224.1
TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}\2656C6B696E6E233369346 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}\64F4E4F5A5F4E4F564255454F594E4455425E45445 : DHCPNameServer = 192.168.3.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\0hj8uk30.default-1391934873739\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-25 30056]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-9-6 13824]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-1-28 20549]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 MySQL56;MySQL56;"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld [?]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-1-24 1142768]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-6 2656536]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-9-6 138024]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-9-6 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-9-6 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\windows\System32\drivers\OXSDIDRV_x64.sys [2009-9-28 51760]
S3 OXUDIDRV;OXUDIDRV;C:\windows\System32\drivers\OXUDIDRV_x64.sys [2013-11-12 31280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-9-6 166704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-3 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-14 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-16 19:07:20 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08817BAD-96FD-4B71-9BB4-B1C0C27C2062}\mpengine.dll
2014-02-15 18:36:58 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-15 11:39:46 -------- d-----w- C:\boot
2014-02-15 11:39:01 -------- d-----w- C:\Program Files\Macrium
2014-02-15 11:31:23 -------- d-----w- C:\ProgramData\Macrium
2014-02-15 10:39:32 -------- d-----w- C:\ProgramData\Package Cache
2014-02-15 10:39:17 -------- d-----w- C:\Program Files (x86)\Seagate
2014-02-12 19:11:10 -------- d-sh--w- C:\$RECYCLE.BIN
2014-02-12 17:13:01 -------- d-s---w- C:\ComboFix
2014-02-12 06:28:54 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-02-11 13:40:54 -------- d-----w- C:\windows\Hewlett-Packard
2014-02-09 09:02:22 -------- d-----w- C:\Users\qimi\AppData\Roaming\Opera Software
2014-02-09 09:02:22 -------- d-----w- C:\Users\qimi\AppData\Local\Opera Software
2014-02-07 15:36:50 -------- d-----w- C:\windows\ERUNT
2014-02-07 05:08:52 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-07 05:06:05 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-02-03 12:30:42 -------- d-----w- C:\Program Files\Inpaint
2014-01-24 06:16:33 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9FB99EC-C8DF-4E38-A2B5-193824BC87A5}\gapaengine.dll
2014-01-23 15:23:33 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-02-10 11:33:55 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-10 11:33:55 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 10:00:21 2334720 ----a-w- C:\windows\System32\jscript9.dll
2014-02-05 09:54:06 1392128 ----a-w- C:\windows\System32\wininet.dll
2014-02-05 09:52:51 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-05 09:51:59 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-05 09:51:52 599040 ----a-w- C:\windows\System32\vbscript.dll
2014-02-05 09:50:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-05 08:56:17 1806848 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-12-06 02:30:08 2048 ----a-w- C:\windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\windows\System32\msxml3.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-11-26 23:29:48 5693440 ----a-w- C:\windows\SysWow64\mstscax.dll
2013-11-26 22:49:20 6573056 ----a-w- C:\windows\System32\mstscax.dll
2013-11-26 11:40:00 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\windows\System32\d2d1.dll
.
============= FINISH: 21:56:05.97 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 14/04/2012 02:53:47
System Uptime: 16/02/2014 21:10:02 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | RC530/RC730
Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU 1 | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 500 GiB total, 418.457 GiB free.
D: is FIXED (NTFS) - 408 GiB total, 112.671 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP420: 14/02/2014 14:23:52 - Windows Backup
RP421: 14/02/2014 14:26:24 - Windows Backup
RP422: 14/02/2014 15:26:14 - Windows Backup
RP423: 14/02/2014 15:58:47 - Windows Backup
RP424: 14/02/2014 16:13:36 - Windows Backup
RP425: 14/02/2014 18:20:54 - Windows Backup
RP426: 14/02/2014 20:43:23 - Windows Backup
RP427: 15/02/2014 00:12:25 - Windows Backup
RP428: 15/02/2014 11:39:25 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP429: 15/02/2014 12:38:50 - Installed Macrium Reflect Free Edition
RP430: 15/02/2014 19:36:16 - Windows Update
RP431: 15/02/2014 21:03:59 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP432: 15/02/2014 22:24:20 - Windows Backup
RP433: 15/02/2014 22:42:20 - Windows Backup
RP434: 15/02/2014 22:43:53 - Windows Backup
RP435: 15/02/2014 22:45:07 - Windows Backup
RP436: 16/02/2014 19:00:09 - Windows Backup
.
==== Installed Programs ======================
.
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
?????????? Windows Live
??????????? ?? Windows Live
ActiveState Komodo Edit 8.0.1
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
Apache HTTP Server 2.2.22
Apple Application Support
Apple Software Update
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bejeweled 2 Deluxe
Belkin Setup and Router Monitor
Build-a-lot
Bullzip PDF Printer 9.3.0.1516
ChargeableUSB
Chime/Chime Pro for Internet Explorer
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
dnGREP 2.7.1 (x64)
Easy Content Share
Easy Display Manager
Easy Migration
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ERUNT 1.1j
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.7.2_WHQL
Farm Frenzy
Fast Start
FileZilla Client 3.7.3
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Free CSS Toolbox 1.2
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GIMP 2.8.4
Google Chrome
Google Update Helper
HP Deskjet 1510 series Basic Device Software
HP Deskjet 1510 series Help
HP FWUpdateEDO2
HP Photo Creations
hp print screen utility
HP Update
HTML-Kit Tools
Inpaint 5.6
Insaniquarium Deluxe
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Internet Explorer (Enable DEP)
Internet Explorer Developer Toolbar
Iomega Encryption
Java 7 Update 51
John Deere Drive Green
Junk Mail filter update
Kaspersky Security Scan
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Macrium Reflect Free Edition
Malwarebytes Anti-Malware version 1.75.0.1300
MDL Chime/Chime Pro for Internet Explorer
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Monitor da tecnologia Intel® Turbo Boost 2.0
Movie Color Enhancer
MozBackup 1.5.1
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
Multimedia POP
MySQL Connector C++ 1.1.2
MySQL Connector J
MySQL Connector Net 6.6.5
MySQL Connector/ODBC 5.2(w)
MySQL Documents 5.6
MySQL Examples and Samples 5.6
MySQL Installer
MySQL Notifier 1.0.3
MySQL Server 5.6
MySQL Workbench 5.2 CE
Notepad++
NVIDIA Control Panel 307.21
NVIDIA Graphics Driver 307.21
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA Update 1.10.8
NVIDIA Update Components
Opera Stable 19.0.1326.59
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
PeaZip 4.9.1
Peggle
Penguins!
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
POP Peeper
Pošta Windows Live
Product Improvement Study for HP Deskjet 1510 series
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RemoteComms External Disk Access
S?????? f?t???af??? t?? Windows Live
Safari
Samsung AnyWeb Print
Samsung Printer Live Update
Samsung Recovery Solution 5
Samsung Support Center 1.0
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
SD226 Biological Psychology
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Simple CSS 2.1
Skype™ 6.11
SopCast 3.4.7
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
SUPERAntiSpyware
swMSM
TextStylist
User Guide
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Veetle TV
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VueScan x64
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WOT for Internet Explorer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
16/02/2014 21:13:28, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
16/02/2014 21:13:28, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
16/02/2014 15:30:08, Error: bowser [8003]  - The master browser has received a server announcement from the computer KATERINA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}. The master browser is stopping or an election is being forced.
16/02/2014 14:22:38, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
16/02/2014 10:46:25, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user qimi-PC\qimi SID (S-1-5-21-251638132-866889896-205452805-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
16/02/2014 10:46:25, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user qimi-PC\qimi SID (S-1-5-21-251638132-866889896-205452805-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
16/02/2014 10:40:17, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:40:17, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
16/02/2014 10:40:17, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/02/2014 10:40:16, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
16/02/2014 10:40:16, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
16/02/2014 10:40:15, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/02/2014 10:40:06, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
16/02/2014 10:39:53, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SABI SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
15/02/2014 22:29:26, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user qimi-PC\qimi SID (S-1-5-21-251638132-866889896-205452805-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
15/02/2014 22:25:01, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
14/02/2014 23:34:16, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
14/02/2014 20:26:56, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
14/02/2014 18:55:01, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service Bluetooth Device Monitor with arguments "" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
14/02/2014 18:44:49, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
14/02/2014 18:44:49, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
14/02/2014 18:25:45, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
14/02/2014 18:25:22, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter SABI SASDIFSV SASKUTIL spldr Wanarpv6
14/02/2014 18:05:56, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x80070002   Error description: The system cannot find the file specified.    Signature version: 0.0.0.0;0.0.0.0   Engine version: 0.0.0.0
14/02/2014 16:28:48, Error: Ntfs [137]  - The default transaction resource manager on volume I: encountered a non-retryable error and could not start.  The data contains the error code.
14/02/2014 16:15:56, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: 2@01010013
13/02/2014 19:32:11, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-22-3F-E3-E6-BB. Network operations on this system may be disrupted as a result.
12/02/2014 19:24:33, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
12/02/2014 18:04:24, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
10/02/2014 13:54:19, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3675.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/02/2014 13:54:19, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.3675.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/02/2014 09:26:56, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
10/02/2014 08:42:46, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
09/02/2014 14:19:09, Error: bowser [8003]  - The master browser has received a server announcement from the computer KATERINA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{18DBC74A-DE0D-4804-B59B-7EE2A2B67458}. The master browser is stopping or an election is being forced.
09/02/2014 14:19:08, Error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
09/02/2014 10:25:05, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.3. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.
09/02/2014 00:04:35, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================
 

 

 

Link to post
Share on other sites

  • Root Admin

Well you're having issues with some services so let's try to fix that and then scan again for any type of infection.

 

Please run the following fixit from Microsoft.

Fix Windows Desktop Search when it crashes or not showing results

 

Then run a new FRST scan please and post back the logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Hi

 

I was unable to run Fixit. After clicking on the link you sent me I got the box that is aattached: then I followed the suggestion got the screen in the background of the attachement and when I chose one option I got the box again.

 

here are the scans

 

Many thanks

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by qimi (administrator) on QIMI-PC on 17-02-2014 08:08:17
Running from C:\Users\qimi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\windows\system32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Users\qimi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBJSKVWD\MicrosoftFixit.Search.RNP.139316045779373586.1.1.Run.exe
(Microsoft Corporation) C:\Users\qimi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7X52HFHA\MicrosoftFixit.dvd.FISC.139316045779373586.2.1.Run.exe
(Microsoft Corporation) C:\windows\system32\SnippingTool.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-10-08] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-251638132-866889896-205452805-1001\...\Run: [POP Peeper] - C:\Program Files (x86)\POP Peeper\POPPeeper.exe [1613824 2011-11-16] (Mortal Universe)
Startup: C:\Users\qimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-PT
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x443583D17425CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1391537426268
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\0hj8uk30.default-1391934873739
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-25]
CHR Extension: (Google Drive) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-25]
CHR Extension: (YouTube) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-25]
CHR Extension: (Google Search) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-25]
CHR Extension: (PageRank Status) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2013-07-27]
CHR Extension: (Google Wallet) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\qimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-25]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14242 2013-03-24] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-01-24] (Paramount Software UK Ltd)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
S3 OXUDIDRV; C:\windows\system32\Drivers\OXUDIDRV_X64.sys [31280 2010-05-25] ()
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-05] (Windows ® 2003 DDK 3790 provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-17 08:08 - 2014-02-17 08:09 - 00016040 _____ () C:\Users\qimi\Desktop\FRST.txt
2014-02-17 08:07 - 2014-02-17 08:08 - 00000000 ____D () C:\FRST
2014-02-17 08:06 - 2014-02-17 08:06 - 02152448 _____ (Farbar) C:\Users\qimi\Desktop\FRST64.exe
2014-02-16 21:56 - 2014-02-16 21:56 - 00023078 _____ () C:\Users\qimi\Desktop\attach.txt
2014-02-16 21:56 - 2014-02-16 21:56 - 00019948 _____ () C:\Users\qimi\Desktop\dds.txt
2014-02-16 21:54 - 2014-02-16 21:54 - 00688992 ____R (Swearware) C:\Users\qimi\Desktop\dds.scr
2014-02-16 17:51 - 2014-02-16 17:51 - 00000204 _____ () C:\Users\qimi\Desktop\Comprehensive guide to .htaccess- Blocking users- sites by referrer (2).url
2014-02-16 17:47 - 2014-02-16 17:47 - 00000438 _____ () C:\Users\qimi\Desktop\newHTA.txt2.txt
2014-02-16 17:23 - 2014-02-16 17:23 - 00000227 _____ () C:\Users\qimi\Desktop\10 SEO Analysis Tools You Should Be Using  Web Gnomes.url
2014-02-16 10:24 - 2014-02-16 10:24 - 00000204 _____ () C:\Users\qimi\Desktop\Comprehensive guide to .htaccess- Blocking bad bots and site rippers (aka offline browsers).url
2014-02-16 10:22 - 2014-02-16 13:39 - 00000239 _____ () C:\Users\qimi\Desktop\newHTA.txt
2014-02-16 09:44 - 2014-02-16 09:44 - 00019033 _____ () C:\Users\qimi\Desktop\Crystal.txt
2014-02-16 09:18 - 2014-02-16 09:18 - 00000204 _____ () C:\Users\qimi\Desktop\Comprehensive guide to .htaccess- Blocking users- sites by referrer.url
2014-02-16 07:59 - 2014-02-16 08:00 - 00000000 ____D () C:\Users\qimi\Desktop\Drive
2014-02-15 21:15 - 2014-02-15 21:15 - 00059902 _____ () C:\Users\qimi\Desktop\Fwd Fwd Fwd Information.eml
2014-02-15 21:15 - 2014-02-15 21:15 - 00029297 _____ () C:\Users\qimi\Desktop\Info.eml
2014-02-15 12:49 - 2014-02-15 14:06 - 00000000 ____D () C:\Users\qimi\Documents\Reflect
2014-02-15 12:39 - 2014-02-15 12:39 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-02-15 12:39 - 2014-02-15 12:39 - 00000000 ____D () C:\Program Files\Macrium
2014-02-15 12:32 - 2014-02-15 12:35 - 00000000 ____D () C:\Users\qimi\Downloads\Macrium
2014-02-15 12:31 - 2014-02-15 12:35 - 00000000 ____D () C:\ProgramData\Macrium
2014-02-15 11:39 - 2014-02-15 11:39 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-15 11:39 - 2014-02-15 11:39 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-02-15 11:29 - 2014-02-15 11:41 - 00000232 _____ () C:\windows\system32\results2.txt
2014-02-15 11:25 - 2014-02-15 11:28 - 00013356 _____ () C:\windows\system32\results.txt
2014-02-15 11:15 - 2014-02-15 11:15 - 00000231 _____ () C:\Users\qimi\Desktop\Unable to backup - Windows 7 Help Forums.url
2014-02-14 21:34 - 2014-02-14 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 15:59 - 2014-02-14 15:59 - 00000186 _____ () C:\Users\qimi\Desktop\Search Engine Optimization (SEO) Tools  SeoSiteCheckup.com.url
2014-02-13 08:40 - 2014-02-13 08:40 - 00000717 _____ () C:\Users\qimi\Desktop\Pintotours.net Site Info.url
2014-02-13 08:06 - 2014-02-13 08:06 - 00001880 _____ () C:\Users\qimi\Desktop\How to cloak your affiliate links • Yoast.url
2014-02-12 18:13 - 2014-02-15 03:03 - 00000000 ___SD () C:\ComboFix
2014-02-12 18:06 - 2014-02-12 18:06 - 00013462 _____ () C:\ComboFix.txt
2014-02-12 17:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-02-12 17:50 - 2014-02-12 17:50 - 00000259 _____ () C:\Users\qimi\Desktop\Google Keyword Planner The Ultimate Guide.url
2014-02-12 16:59 - 2014-02-12 16:59 - 00000178 _____ () C:\Users\qimi\Desktop\Lonely Planet travel forum  qim lloonn1.url
2014-02-12 08:04 - 2014-02-05 11:19 - 17849344 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-12 08:04 - 2014-02-05 11:02 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-12 08:04 - 2014-02-05 11:00 - 02334720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-12 08:04 - 2014-02-05 10:54 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-12 08:04 - 2014-02-05 10:54 - 01347072 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-12 08:04 - 2014-02-05 10:52 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-12 08:04 - 2014-02-05 10:52 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-12 08:04 - 2014-02-05 10:52 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-12 08:04 - 2014-02-05 10:51 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-12 08:04 - 2014-02-05 10:51 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-12 08:04 - 2014-02-05 10:51 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-12 08:04 - 2014-02-05 10:51 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-12 08:04 - 2014-02-05 10:51 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-12 08:04 - 2014-02-05 10:50 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-12 08:04 - 2014-02-05 10:50 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-12 08:04 - 2014-02-05 10:50 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-12 08:04 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-12 08:04 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-12 08:04 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-12 08:04 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-12 08:04 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-12 08:04 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-12 08:04 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-12 08:04 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-12 08:04 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-12 08:04 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-12 08:04 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-12 08:04 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-12 08:04 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-12 08:04 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-12 08:04 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-12 08:04 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-12 07:28 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-12 07:28 - 2014-01-01 00:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-12 07:28 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-12 07:28 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-12 07:28 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-12 07:28 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-12 07:28 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-12 07:28 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-12 07:28 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-12 07:28 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-12 07:28 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-12 07:28 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-12 07:28 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-12 07:28 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-12 07:28 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-12 07:28 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-12 07:28 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:28 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-12 07:28 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-12 07:28 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 07:28 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-12 07:28 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-12 07:28 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-12 07:28 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-12 07:28 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 07:28 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 07:28 - 2013-11-27 00:29 - 05693440 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-02-12 07:28 - 2013-11-26 23:49 - 06573056 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-02-12 07:28 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-12 07:28 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-11 23:47 - 2014-02-11 23:47 - 00000185 _____ () C:\Users\qimi\Desktop\VirtualTourist qim vviirr1.url
2014-02-11 20:05 - 2014-02-11 20:05 - 00000066 _____ () C:\Users\qimi\Desktop\Panama.txt
2014-02-11 14:40 - 2014-02-11 14:40 - 00000000 ____D () C:\windows\Hewlett-Packard
2014-02-10 18:28 - 2014-02-10 18:28 - 00000075 _____ () C:\Users\qimi\Documents\Netgear wep.txt
2014-02-10 16:35 - 2014-02-10 16:35 - 00000189 _____ () C:\Users\qimi\Desktop\India, Hotels.url
2014-02-10 11:41 - 2014-02-10 11:46 - 00001251 _____ () C:\DelFix.txt
2014-02-09 12:14 - 2014-02-09 12:14 - 00005171 _____ () C:\Users\qimi\ip.txt
2014-02-09 10:02 - 2014-02-09 10:02 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\Opera Software
2014-02-09 10:02 - 2014-02-09 10:02 - 00000000 ____D () C:\Users\qimi\AppData\Local\Opera Software
2014-02-08 19:29 - 2014-02-08 19:29 - 00003330 _____ () C:\windows\System32\Tasks\{17BFDF23-9FD6-43B2-B64C-95D40FC35609}
2014-02-07 16:36 - 2014-02-10 11:41 - 00000000 ____D () C:\windows\ERUNT
2014-02-07 06:08 - 2014-02-07 06:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-07 06:06 - 2014-02-07 06:06 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-06 17:51 - 2014-02-06 17:36 - 00016256 _____ () C:\Users\qimi\Desktop\index2.html
2014-02-06 10:20 - 2014-02-06 10:20 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-05 16:11 - 2014-02-08 19:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 11:16 - 2014-02-05 11:16 - 00000235 _____ () C:\Users\qimi\Desktop\History - Alexa Rank.url
2014-02-05 00:55 - 2014-02-05 02:52 - 00000000 ____D () C:\Users\qimi\Desktop\hide-and-show
2014-02-04 12:25 - 2014-02-04 12:25 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-02-04 12:21 - 2014-02-04 12:25 - 00090650 _____ () C:\windows\hpdj6122.his
2014-02-04 12:21 - 2014-02-04 12:25 - 00007503 _____ () C:\windows\hpdj6122.ini
2014-02-03 13:30 - 2014-02-03 13:30 - 00000000 ____D () C:\Program Files\Inpaint
2014-01-30 15:39 - 2014-01-30 16:18 - 00000000 ____D () C:\Users\qimi\Desktop\Media queries
2014-01-23 16:23 - 2014-01-23 16:23 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 16:23 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-23 16:23 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-23 16:23 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-23 16:23 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-23 12:23 - 2014-01-23 12:42 - 00000000 ____D () C:\Users\qimi\Desktop\css
2014-01-23 11:28 - 2014-01-23 12:24 - 00000471 _____ () C:\Users\qimi\Desktop\PrivateSignature.html
2014-01-23 11:26 - 2014-01-23 12:23 - 00000000 ____D () C:\Users\qimi\Desktop\signature
2014-01-22 18:56 - 2014-01-23 07:16 - 00001287 _____ () C:\Users\qimi\Desktop\PersonalSign.html
2014-01-20 15:36 - 2014-01-20 15:36 - 00002581 _____ () C:\Users\qimi\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-02-17 08:09 - 2014-02-17 08:08 - 00016040 _____ () C:\Users\qimi\Desktop\FRST.txt
2014-02-17 08:08 - 2014-02-17 08:07 - 00000000 ____D () C:\FRST
2014-02-17 08:06 - 2014-02-17 08:06 - 02152448 _____ (Farbar) C:\Users\qimi\Desktop\FRST64.exe
2014-02-17 08:04 - 2011-09-06 17:19 - 01846319 _____ () C:\windows\WindowsUpdate.log
2014-02-17 07:55 - 2013-04-25 17:28 - 00001004 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 07:42 - 2013-06-15 09:11 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 07:25 - 2009-07-14 06:13 - 00783398 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-16 21:56 - 2014-02-16 21:56 - 00023078 _____ () C:\Users\qimi\Desktop\attach.txt
2014-02-16 21:56 - 2014-02-16 21:56 - 00019948 _____ () C:\Users\qimi\Desktop\dds.txt
2014-02-16 21:54 - 2014-02-16 21:54 - 00688992 ____R (Swearware) C:\Users\qimi\Desktop\dds.scr
2014-02-16 21:37 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-02-16 21:18 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 21:18 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 21:10 - 2013-04-25 17:28 - 00001000 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 21:10 - 2012-11-01 18:48 - 00012548 _____ () C:\windows\setupact.log
2014-02-16 21:10 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-16 21:00 - 2013-03-05 19:37 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\FileZilla
2014-02-16 18:50 - 2013-04-25 17:28 - 00004000 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 18:50 - 2013-04-25 17:28 - 00003748 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 18:24 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-02-16 17:51 - 2014-02-16 17:51 - 00000204 _____ () C:\Users\qimi\Desktop\Comprehensive guide to .htaccess- Blocking users- sites by referrer (2).url
2014-02-16 17:47 - 2014-02-16 17:47 - 00000438 _____ () C:\Users\qimi\Desktop\newHTA.txt2.txt
2014-02-16 17:23 - 2014-02-16 17:23 - 00000227 _____ () C:\Users\qimi\Desktop\10 SEO Analysis Tools You Should Be Using  Web Gnomes.url
2014-02-16 13:39 - 2014-02-16 10:22 - 00000239 _____ () C:\Users\qimi\Desktop\newHTA.txt
2014-02-16 12:51 - 2013-03-17 15:16 - 00000000 ____D () C:\Users\qimi\Desktop\website
2014-02-16 11:57 - 2013-09-01 20:17 - 00000000 ____D () C:\Users\qimi\Desktop\Tools
2014-02-16 10:24 - 2014-02-16 10:24 - 00000204 _____ () C:\Users\qimi\Desktop\Comprehensive guide to .htaccess- Blocking bad bots and site rippers (aka offline browsers).url
2014-02-16 09:44 - 2014-02-16 09:44 - 00019033 _____ () C:\Users\qimi\Desktop\Crystal.txt
2014-02-16 09:18 - 2014-02-16 09:18 - 00000204 _____ () C:\Users\qimi\Desktop\Comprehensive guide to .htaccess- Blocking users- sites by referrer.url
2014-02-16 08:01 - 2014-01-17 19:14 - 00000528 _____ () C:\Users\qimi\Desktop\alexa.txt
2014-02-16 08:00 - 2014-02-16 07:59 - 00000000 ____D () C:\Users\qimi\Desktop\Drive
2014-02-15 22:29 - 2012-04-21 17:07 - 00000000 ____D () C:\Users\qimi\AppData\Local\CrashDumps
2014-02-15 21:15 - 2014-02-15 21:15 - 00059902 _____ () C:\Users\qimi\Desktop\Fwd Fwd Fwd Information.eml
2014-02-15 21:15 - 2014-02-15 21:15 - 00029297 _____ () C:\Users\qimi\Desktop\Info.eml
2014-02-15 19:59 - 2011-12-26 19:22 - 00000000 ___RD () C:\Users\qimi\Desktop\University of Oxford
2014-02-15 14:06 - 2014-02-15 12:49 - 00000000 ____D () C:\Users\qimi\Documents\Reflect
2014-02-15 12:39 - 2014-02-15 12:39 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-02-15 12:39 - 2014-02-15 12:39 - 00000000 ____D () C:\Program Files\Macrium
2014-02-15 12:35 - 2014-02-15 12:32 - 00000000 ____D () C:\Users\qimi\Downloads\Macrium
2014-02-15 12:35 - 2014-02-15 12:31 - 00000000 ____D () C:\ProgramData\Macrium
2014-02-15 11:41 - 2014-02-15 11:29 - 00000232 _____ () C:\windows\system32\results2.txt
2014-02-15 11:39 - 2014-02-15 11:39 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-15 11:39 - 2014-02-15 11:39 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-02-15 11:28 - 2014-02-15 11:25 - 00013356 _____ () C:\windows\system32\results.txt
2014-02-15 11:22 - 2012-10-17 08:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 11:15 - 2014-02-15 11:15 - 00000231 _____ () C:\Users\qimi\Desktop\Unable to backup - Windows 7 Help Forums.url
2014-02-15 03:03 - 2014-02-12 18:13 - 00000000 ___SD () C:\ComboFix
2014-02-15 03:03 - 2013-05-09 11:47 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-15 03:03 - 2012-04-14 03:04 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\POP Peeper
2014-02-15 03:03 - 2012-04-14 02:06 - 00000000 ___RD () C:\Users\qimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-15 03:03 - 2011-09-06 01:49 - 00000000 ____D () C:\ProgramData\WinClon
2014-02-15 03:03 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-02-15 03:03 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-02-15 03:02 - 2012-04-16 13:58 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\Thunderbird
2014-02-14 21:35 - 2014-02-14 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 18:06 - 2012-04-14 01:53 - 00000000 ____D () C:\Users\qimi
2014-02-14 15:59 - 2014-02-14 15:59 - 00000186 _____ () C:\Users\qimi\Desktop\Search Engine Optimization (SEO) Tools  SeoSiteCheckup.com.url
2014-02-13 08:40 - 2014-02-13 08:40 - 00000717 _____ () C:\Users\qimi\Desktop\Pintotours.net Site Info.url
2014-02-13 08:06 - 2014-02-13 08:06 - 00001880 _____ () C:\Users\qimi\Desktop\How to cloak your affiliate links • Yoast.url
2014-02-12 18:06 - 2014-02-12 18:06 - 00013462 _____ () C:\ComboFix.txt
2014-02-12 18:04 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-02-12 17:56 - 2012-09-28 17:49 - 00000000 ____D () C:\windows\erdnt
2014-02-12 17:50 - 2014-02-12 17:50 - 00000259 _____ () C:\Users\qimi\Desktop\Google Keyword Planner The Ultimate Guide.url
2014-02-12 16:59 - 2014-02-12 16:59 - 00000178 _____ () C:\Users\qimi\Desktop\Lonely Planet travel forum  qim lloonn1.url
2014-02-12 08:13 - 2013-07-16 13:04 - 00000000 ____D () C:\windows\system32\MRT
2014-02-12 08:10 - 2012-04-15 15:18 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-12 08:06 - 2012-04-16 15:35 - 00767708 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-11 23:47 - 2014-02-11 23:47 - 00000185 _____ () C:\Users\qimi\Desktop\VirtualTourist qim vviirr1.url
2014-02-11 20:05 - 2014-02-11 20:05 - 00000066 _____ () C:\Users\qimi\Desktop\Panama.txt
2014-02-11 14:45 - 2014-01-07 11:43 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\HpUpdate
2014-02-11 14:40 - 2014-02-11 14:40 - 00000000 ____D () C:\windows\Hewlett-Packard
2014-02-11 11:57 - 2013-12-01 17:05 - 00000000 ____D () C:\Users\qimi\Desktop\map-buttons-new
2014-02-10 18:28 - 2014-02-10 18:28 - 00000075 _____ () C:\Users\qimi\Documents\Netgear wep.txt
2014-02-10 16:35 - 2014-02-10 16:35 - 00000189 _____ () C:\Users\qimi\Desktop\India, Hotels.url
2014-02-10 12:33 - 2013-06-15 09:11 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-10 12:33 - 2012-09-26 20:29 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 12:33 - 2012-09-26 20:29 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 11:46 - 2014-02-10 11:41 - 00001251 _____ () C:\DelFix.txt
2014-02-10 11:41 - 2014-02-07 16:36 - 00000000 ____D () C:\windows\ERUNT
2014-02-10 09:29 - 2010-11-21 04:47 - 00645356 _____ () C:\windows\PFRO.log
2014-02-10 08:32 - 2012-04-14 02:25 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\Skype
2014-02-09 12:14 - 2014-02-09 12:14 - 00005171 _____ () C:\Users\qimi\ip.txt
2014-02-09 10:02 - 2014-02-09 10:02 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\Opera Software
2014-02-09 10:02 - 2014-02-09 10:02 - 00000000 ____D () C:\Users\qimi\AppData\Local\Opera Software
2014-02-08 19:34 - 2012-04-16 09:59 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-08 19:34 - 2012-04-14 02:20 - 00000000 ____D () C:\Users\qimi\AppData\Roaming\Adobe
2014-02-08 19:33 - 2012-04-14 02:04 - 00000000 ____D () C:\Users\qimi\AppData\Local\Adobe
2014-02-08 19:30 - 2014-02-05 16:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-08 19:30 - 2012-08-11 14:45 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-02-08 19:29 - 2014-02-08 19:29 - 00003330 _____ () C:\windows\System32\Tasks\{17BFDF23-9FD6-43B2-B64C-95D40FC35609}
2014-02-08 19:25 - 2012-04-14 02:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-07 06:25 - 2014-02-07 06:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-07 06:06 - 2014-02-07 06:06 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-06 17:36 - 2014-02-06 17:51 - 00016256 _____ () C:\Users\qimi\Desktop\index2.html
2014-02-06 10:48 - 2013-11-07 15:08 - 00000247 _____ () C:\Users\qimi\Desktop\English Dictionary.url
2014-02-06 10:20 - 2014-02-06 10:20 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-05 11:19 - 2014-02-12 08:04 - 17849344 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-05 11:16 - 2014-02-05 11:16 - 00000235 _____ () C:\Users\qimi\Desktop\History - Alexa Rank.url
2014-02-05 11:02 - 2014-02-12 08:04 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-05 11:00 - 2014-02-12 08:04 - 02334720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-05 10:54 - 2014-02-12 08:04 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-05 10:54 - 2014-02-12 08:04 - 01347072 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-05 10:52 - 2014-02-12 08:04 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-05 10:52 - 2014-02-12 08:04 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-05 10:52 - 2014-02-12 08:04 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-05 10:51 - 2014-02-12 08:04 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-05 10:51 - 2014-02-12 08:04 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-05 10:51 - 2014-02-12 08:04 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-05 10:51 - 2014-02-12 08:04 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-05 10:51 - 2014-02-12 08:04 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-05 10:50 - 2014-02-12 08:04 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-05 10:50 - 2014-02-12 08:04 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-05 10:50 - 2014-02-12 08:04 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-05 09:58 - 2014-02-12 08:04 - 12345344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-05 09:56 - 2014-02-12 08:04 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-05 09:53 - 2014-02-12 08:04 - 09739264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-05 09:51 - 2014-02-12 08:04 - 01105408 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-05 09:50 - 2014-02-12 08:04 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-05 09:49 - 2014-02-12 08:04 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-05 09:49 - 2014-02-12 08:04 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-05 09:48 - 2014-02-12 08:04 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-05 09:48 - 2014-02-12 08:04 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-05 09:48 - 2014-02-12 08:04 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-05 09:48 - 2014-02-12 08:04 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-05 09:48 - 2014-02-12 08:04 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-05 09:47 - 2014-02-12 08:04 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-05 09:47 - 2014-02-12 08:04 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-05 09:47 - 2014-02-12 08:04 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-05 09:46 - 2014-02-12 08:04 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-05 02:52 - 2014-02-05 00:55 - 00000000 ____D () C:\Users\qimi\Desktop\hide-and-show
2014-02-04 18:00 - 2011-12-26 19:21 - 00005033 _____ () C:\Users\qimi\Desktop\telefones andorra.txt
2014-02-04 12:25 - 2014-02-04 12:25 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-02-04 12:25 - 2014-02-04 12:21 - 00090650 _____ () C:\windows\hpdj6122.his
2014-02-04 12:25 - 2014-02-04 12:21 - 00007503 _____ () C:\windows\hpdj6122.ini
2014-02-04 12:25 - 2014-01-07 11:44 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-03 13:30 - 2014-02-03 13:30 - 00000000 ____D () C:\Program Files\Inpaint
2014-02-03 12:59 - 2011-09-06 01:27 - 00030260 _____ () C:\windows\DPINST.LOG
2014-01-31 14:34 - 2012-04-16 11:07 - 00000000 ____D () C:\Program Files (x86)\POP Peeper
2014-01-30 16:18 - 2014-01-30 15:39 - 00000000 ____D () C:\Users\qimi\Desktop\Media queries
2014-01-29 23:34 - 2013-11-10 08:59 - 00000000 ____D () C:\Users\qimi\Desktop\Web
2014-01-23 16:23 - 2014-01-23 16:23 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 16:23 - 2013-10-16 10:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 16:23 - 2013-10-16 10:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-23 12:42 - 2014-01-23 12:23 - 00000000 ____D () C:\Users\qimi\Desktop\css
2014-01-23 12:24 - 2014-01-23 11:28 - 00000471 _____ () C:\Users\qimi\Desktop\PrivateSignature.html
2014-01-23 12:23 - 2014-01-23 11:26 - 00000000 ____D () C:\Users\qimi\Desktop\signature
2014-01-23 07:16 - 2014-01-22 18:56 - 00001287 _____ () C:\Users\qimi\Desktop\PersonalSign.html
2014-01-23 07:14 - 2012-05-20 21:22 - 00001087 _____ () C:\windows\SD329.INI
2014-01-20 15:48 - 2013-05-24 09:24 - 00000000 ____D () C:\Users\qimi\.gimp-2.8
2014-01-20 15:36 - 2014-01-20 15:36 - 00002581 _____ () C:\Users\qimi\AppData\Local\recently-used.xbel
2014-01-20 14:20 - 2012-09-19 09:38 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-08 07:09

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by qimi at 2014-02-17 08:10:04
Running from C:\Users\qimi\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis (x32 Version: 15.4.5722.2 - Microsoft Corporation)
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ActiveState Komodo Edit 8.0.1 (x32 Version: 8.0.1 - ActiveState Software Inc.)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (x32 Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apache HTTP Server 2.2.22 (x32 Version: 2.2.22 - Apache Software Foundation)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
BatteryLifeExtender (x32 Version: 1.0.11 - Samsung)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belkin Setup and Router Monitor (x32 Version:  - )
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bullzip PDF Printer 9.3.0.1516 (Version: 9.3.0.1516 - Bullzip)
ChargeableUSB (x32 Version: 1.0.0.0 - SAMSUNG)
Chime/Chime Pro for Internet Explorer (x32 Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
dnGREP 2.7.1 (x64) (Version: 2.7.1 - Denis Stankovski)
Easy Content Share (x32 Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (x32 Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (x32 Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (x32 Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (x32 Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (x32 Version: 4.0.0.4 - Samsung)
EasyFileShare (x32 Version: 1.0.11 - Samsung)
ERUNT 1.1j (x32 Version:  - Lars Hederer)
ESET Online Scanner v3 (x32 Version:  - )
ETDWare PS/2-X64 8.0.7.2_WHQL (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fast Start (x32 Version: 2.2.0.0 - SAMSUNG)
FileZilla Client 3.7.3 (HKCU Version: 3.7.3 - Tim Kosse)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free CSS Toolbox 1.2 (x32 Version: Free CSS Toolbox 1.0 - Blumentals Software)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.4 (Version: 2.8.4 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Deskjet 1510 series Basic Device Software (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (x32 Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (x32 Version: 1.0.0.7702 - HP)
hp print screen utility (x32 Version:  - )
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HTML-Kit Tools (x32 Version: 1.0 - HTML-Kit.com)
Inpaint 5.6 (Version:  - Teorex)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2266 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.0.0.1046 - Intel Corporation)
Internet Explorer (Enable DEP) (Version:  - )
Internet Explorer Developer Toolbar (x32 Version: 1.0.2188 - Microsoft)
Iomega Encryption (Version: 1.03.0001 - Iomega an EMC Company)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (x32 Version: 12.0.1.117 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.117 - Kaspersky Lab) Hidden
Kontrola Windows Live Mesh ActiveX za daljinske veze (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Macrium Reflect Free Edition (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6465 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MDL Chime/Chime Pro for Internet Explorer (x32 Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Monitor da tecnologia Intel® Turbo Boost 2.0 (Version: 2.0.82.0 - Intel)
Movie Color Enhancer (x32 Version: 1.0 - Samsung Electronics Co., Ltd.)
MozBackup 1.5.1 (x32 Version:  - Pavel Cvrcek)
Mozilla Firefox 27.0.1 (x86 en-US) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (x32 Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (x32 Version: 1.0 - )
MySQL Connector C++ 1.1.2 (Version: 1.1.2 - Oracle and/or its affiliates)
MySQL Connector J (x32 Version: 5.1.23 - Oracle Corporation)
MySQL Connector Net 6.6.5 (x32 Version: 6.6.5 - Oracle)
MySQL Connector/ODBC 5.2(w) (Version: 5.2.4 - Oracle Corporation)
MySQL Documents 5.6 (x32 Version: 5.6.10 - Oracle Corporation)
MySQL Examples and Samples 5.6 (x32 Version: 5.6.10 - Oracle Corporation)
MySQL Installer (x32 Version: 1.1.7.0 - Oracle Corporation)
MySQL Notifier 1.0.3 (x32 Version: 1.0.3 - Oracle)
MySQL Server 5.6 (Version: 5.6.10 - Oracle Corporation)
MySQL Workbench 5.2 CE (x32 Version: 5.2.47 - Oracle Corporation)
Notepad++ (x32 Version: 6.4.3 - Notepad++ Team)
NVIDIA Control Panel 307.21 (Version: 307.21 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.21 (Version: 307.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Opera Stable 19.0.1326.59 (x32 Version: 19.0.1326.59 - Opera Software ASA)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2 - Microsoft Corporation)
PeaZip 4.9.1 (x32 Version:  - Giorgio Tani)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
POP Peeper (x32 Version:  - Mortal Universe)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Product Improvement Study for HP Deskjet 1510 series (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
RemoteComms External Disk Access (x32 Version: 1.25.0003 - PLX Technology)
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
Samsung AnyWeb Print (x32 Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (x32 Version:  - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (x32 Version: 5.0.0.9 - Samsung)
Samsung Support Center 1.0 (x32 Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (x32 Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (x32 Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (x32 Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SD226 Biological Psychology (x32 Version:  - The Open University)
SeaTools for Windows (x32 Version:  - Seagate Technology)
Simple CSS 2.1 (x32 Version:  - HostM.com Web Hosting)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SopCast 3.4.7 (x32 Version: 3.4.7 - www.sopcast.com)
SUPERAntiSpyware (Version: 5.5.1016 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TextStylist (x32 Version:  - )
User Guide (x32 Version: 1.5 - )
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Veetle TV (x32 Version: 0.9.19 - Veetle, Inc)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VueScan x64 (Version:  - )
WildTangent Games (x32 Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX kontrola za daljinske veze (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WOT for Internet Explorer (Version: 13.9.2.0 - WOT Services Oy)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (x32 Version: 15.4.5722.2 - Microsoft Corporation)
원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤 (x32 Version: 15.4.5722.2 - Microsoft Corporation)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

14-02-2014 13:23:52 Windows Backup
14-02-2014 13:26:24 Windows Backup
14-02-2014 14:26:14 Windows Backup
14-02-2014 14:58:47 Windows Backup
14-02-2014 15:13:36 Windows Backup
14-02-2014 17:20:54 Windows Backup
14-02-2014 19:43:23 Windows Backup
14-02-2014 23:12:25 Windows Backup
15-02-2014 10:39:25 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
15-02-2014 11:38:50 Installed Macrium Reflect Free Edition
15-02-2014 18:36:16 Windows Update
15-02-2014 20:03:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
15-02-2014 21:24:20 Windows Backup
15-02-2014 21:42:20 Windows Backup
15-02-2014 21:43:53 Windows Backup
15-02-2014 21:45:07 Windows Backup
16-02-2014 18:00:09 Windows Backup

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-10 08:43 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00A03DEC-E8E9-4ACB-B6BB-9C57388EC6D0} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {058D4251-156A-4218-8529-AB63666FD6B8} - System32\Tasks\{BD4A80A6-CD6F-4DE1-B385-F19BE896B0EC} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {13D54712-1F90-469A-AC35-6AF912914E7B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {16393E1D-B09E-4CDB-9E72-76B004AA87EA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {247697C0-BB17-4F96-AE95-F3DCBF49FAA0} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-11] (Samsung Electronics)
Task: {358655A1-0546-4B93-BB54-61D52ACAB9F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)
Task: {39928468-7E97-4F25-8427-D83748454092} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {4864D1D0-47FB-4CC8-9348-0E4B3E18B4CD} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {496CBF63-691B-4919-842C-7AF2F31FC928} - System32\Tasks\{591566B1-8C1C-4408-B19E-9E2C6315DCCB} => C:\Program Files (x86)\Common Files\Microsoft Shared\DW\DW20.EXE [2007-04-09] (Microsoft Corporation)
Task: {6C4EE398-6790-4193-93EF-A9B2FA49C7A2} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {755C5B68-C374-461F-863B-F0D1EAF2A621} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {9ACFA905-23A9-40CD-935A-D1C000FEE21A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {AE6D570A-549C-41A8-BEC1-21F6909CF59B} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.)
Task: {AF70348C-9BD7-4F86-AC37-EA438A5DA8CC} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)
Task: {D0DEE7EC-22FB-4EA2-9A25-FF9FAB101CDD} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {DAF59F8D-7363-406F-B785-7CA92E1C21C5} - System32\Tasks\{040278A4-34D3-4381-AFF6-FBC07B5B71C3} => C:\Program Files (x86)\Common Files\Microsoft Shared\DW\DW20.EXE [2007-04-09] (Microsoft Corporation)
Task: {DB2797CF-7071-499A-8DBF-2C0FC8DA3275} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25] (Google Inc.)
Task: {E04DCB53-82A1-4D09-B1C3-6C21D63CDD3D} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {E42F7251-A764-4374-99C8-A28EA7027B36} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: {E4F6656C-60EA-4858-A948-3813A420585E} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.)
Task: {F388BEF1-FACE-4228-983F-ACF0635E050A} - System32\Tasks\{9828B178-0495-45EF-BD1D-D7FAD097F640} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {F7DB4622-A955-45F8-97B0-3F7C4CA51891} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-10] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2011-09-06 05:42 - 2010-12-17 02:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-06 01:36 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2011-09-06 01:51 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2011-09-06 01:49 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2014-02-05 16:11 - 2014-02-05 16:11 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-02-05 16:11 - 2014-02-05 16:11 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-05 16:11 - 2014-02-05 16:11 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-02-14 21:34 - 2014-02-14 21:35 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\qimi\Leído  Anyós Panorama - Cambio de administrador.eml:OECustomProperty
AlternateDataStreams: C:\Users\qimi\Desktop\Fwd Fwd Fwd Information.eml:OECustomProperty
AlternateDataStreams: C:\Users\qimi\Desktop\Info.eml:OECustomProperty
AlternateDataStreams: C:\Users\qimi\Desktop\Pedido de Acesso a dados policiais - Proc. n.º 9331_2013.eml:OECustomProperty
AlternateDataStreams: C:\Users\qimi\Desktop\RV RETIRADA DOCUMENTOS.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk => C:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: dnGREP => "C:\Program Files\dnGREP\dnGREP.exe" /warmUp
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 07:49:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/16/2014 09:12:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 09:10:44 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerName     .

Error: (02/16/2014 06:16:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/16/2014 02:22:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 02:21:34 PM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerName     .

Error: (02/16/2014 10:44:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 10:42:40 AM) (Source: Apache Service) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerName     .

Error: (02/16/2014 10:41:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 10:36:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/16/2014 09:13:28 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/16/2014 09:13:28 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/16/2014 03:30:08 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer KATERINA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}.
The master browser is stopping or an election is being forced.

Error: (02/16/2014 02:24:17 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/16/2014 02:24:17 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/16/2014 02:22:38 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/16/2014 10:46:25 AM) (Source: DCOM) (User: qimi-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}qimi-PCqimiS-1-5-21-251638132-866889896-205452805-1001LocalHost (Using LRPC)

Error: (02/16/2014 10:46:25 AM) (Source: DCOM) (User: qimi-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}qimi-PCqimiS-1-5-21-251638132-866889896-205452805-1001LocalHost (Using LRPC)

Error: (02/16/2014 10:45:02 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/16/2014 10:45:02 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Microsoft Office Sessions:
=========================
Error: (02/17/2014 07:49:32 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/16/2014 09:12:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 09:10:44 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerName

Error: (02/16/2014 06:16:55 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/16/2014 02:22:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 02:21:34 PM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerName

Error: (02/16/2014 10:44:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 10:42:40 AM) (Source: Apache Service)(User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.2 for ServerName

Error: (02/16/2014 10:41:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 10:36:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-02-10 08:42:46.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-10 08:42:46.606
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-10 08:42:46.559
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-10 08:42:46.497
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-28 21:26:48.154
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-28 21:26:48.094
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-28 21:26:48.044
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-28 21:26:47.984
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-11 14:19:28.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-11 14:19:28.837
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 6056.29 MB
Available physical RAM: 4043.5 MB
Total Pagefile: 12110.76 MB
Available Pagefile: 7987.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:500 GB) (Free:417.63 GB) NTFS
Drive d: () (Fixed) (Total:408.01 GB) (Free:112.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: A9ACFE6D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=408 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)

==================== End Of Log ============================

 

 

post-118743-0-07250300-1392621169_thumb.

Link to post
Share on other sites

Hi

 

Two points I should add.

 

I have had problems with the Internet coming and going and believe, now, that this has been due to conflicts among the router's IPs. We have 4 computers, 1 iPod and 1 mobile on wi-fi, and it seems that they started to get confused and sharing the same IPs. The solution has been to turn everything off and strat again. It then works although on the main computer I sometimes have to refresh the page as it does not open first time.

 

regarding the backups I have been trying to investigate if the HD is ok. I ran chkdsk and chkdsk /F and it showed nothing. .I also ran CrystalDisk, which returned a clean bill of health However, I am unable to run SeaTools which may suggest a problem somewhere. These SeaTools failures may be registerd in the logs that i sent you.

 

i appreciate that these may well be hardware problems, but also suspect that there may be some malware at the root of my problems.

 

regards

 

qim

Link to post
Share on other sites

  • Root Admin

The router itself has a built-in DHCP server to automatically manage IP addresses and normally can manage hundreds of devices without an issue.

 

Let me have you run the following on this computer and we'll continue to check it.  You probably need to use a bootable CD to test the hard drive using the SeaTools properly but we can address that too in an upcoming round.  For now please run this.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Hi

 

Nice to see you back. I go to bed and you get up!

 

Let me tell you a couple of things before going on: I have tried to run SeaTools and it showed problems when running the short test, and must have gone into a loop i«on the long test and I had to abort. I will attach a screen shot.

 

As for ComboFix I was surprised to see references to ComboFix AND the drive in the last log

Date: 2013-11-11 14:19:28.837
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source

 

Could it be that CombiFix damaged the drive or is making it fail somehow until that is removed?

 

I will wait for your reply before running ComboFix

 

 

post-118743-0-24671400-1392679175_thumb.

post-118743-0-05660200-1392679190_thumb.

Link to post
Share on other sites

  • Root Admin

No there is no way any software can do physical damage to a hard drive.  If those screen shots are from your current system then that does explain the problems you're having. Basically the hard drive is bad and needs to be replaced.

 

I was under the assumption that it was crashing and not letting you run it but seeing that entry proves the drive is bad.  Basically you need to backup your data to another drive as soon as you can before you potentially lose the data.  Then get a new hard drive and reinstall Windows.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.