Julianender Posted February 11, 2015 ID:938541 Share Posted February 11, 2015 Was cleaning up my computer and used malwarebytes and now i get "bad image error" every time i open up a program.Any help would be great to fix this annoying bug. Link to post Share on other sites More sharing options...
Julianender Posted February 11, 2015 Author ID:938546 Share Posted February 11, 2015 Farbar Logs pls HELP Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015Ran by natalie (administrator) on NATALIE-PC on 11-02-2015 19:53:20Running from C:\Users\natalie\DownloadsLoaded Profiles: natalie (Available profiles: natalie & Julia & alejandro & Guest)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X]HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\Policies\system: [LogonHoursAction] 2HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\MountPoints2: {5b11f340-35f3-11e2-bd16-00266c0f9fae} - E:\iLinker.exeAppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [257808 2015-02-02] ()AppInit_DLLs-x32: c:\progra~2\search~1\search~1\bin\vc32lo~1.dll => c:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221968 2015-02-02] ()GroupPolicyUsers\S-1-5-21-3872554114-2949308933-1411773189-1004\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3872554114-2949308933-1411773189-1003\User: Group Policy restriction detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [s-1-5-21-3872554114-2949308933-1411773189-1000] => http=127.0.0.1:49315;https=127.0.0.1:49315SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> DefaultScope {51997D71-C36F-4647-BCAA-75F8D3594AA5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> {51997D71-C36F-4647-BCAA-75F8D3594AA5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = BHO: No Name -> {4F564F32-5637-006A-76A7-7A786E7484D7} -> No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)Toolbar: HKLM - No Name - {39B4841D-CFA0-42CC-AC66-F8C3AFA0E458} - No FileToolbar: HKLM-x32 - No Name - {39B4841D-CFA0-42CC-AC66-F8C3AFA0E458} - No FileToolbar: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileWinsock: Catalog9 01 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)Winsock: Catalog9 02 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)Winsock: Catalog9 03 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)Winsock: Catalog9 04 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)Winsock: Catalog9 15 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)Winsock: Catalog9-x64 01 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)Winsock: Catalog9-x64 02 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)Winsock: Catalog9-x64 03 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)Winsock: Catalog9-x64 04 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)Winsock: Catalog9-x64 15 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll () Chrome: =======CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333245&octid=EB_ORIGINAL_CTID&ISID=M6546E683-9C84-4CDC-B7CC-B129CC9CE7B0&SearchSource=55&CUI=&UM=8&UP=SP1603ACEB-2454-4BD5-9A0B-52A3F452FC83&SSPV=CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333245&octid=EB_ORIGINAL_CTID&ISID=M6546E683-9C84-4CDC-B7CC-B129CC9CE7B0&SearchSource=55&CUI=&UM=8&UP=SP1603ACEB-2454-4BD5-9A0B-52A3F452FC83&SSPV="CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()CHR Plugin: (Norton Confidential) - C:\Users\natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (Java Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Profile: C:\Users\natalie\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]CHR Extension: (Adblock Plus) - C:\Users\natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-04]CHR Extension: (Google Wallet) - C:\Users\natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3557136 2015-02-02] () [File not signed]R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8422760 2011-10-05] (DisplayLink Corp.)R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2015-02-11] (Symantec Corporation)R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.0.32700.0.sys [17408 2014-01-04] (http://libusb-win32.sourceforge.net) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 19:53 - 2015-02-11 19:54 - 00016394 _____ () C:\Users\natalie\Downloads\FRST.txt2015-02-11 19:52 - 2015-02-11 19:53 - 00000000 ____D () C:\FRST2015-02-11 19:52 - 2015-02-11 19:52 - 02132992 _____ (Farbar) C:\Users\natalie\Downloads\FRST64.exe2015-02-11 19:52 - 2015-02-11 19:52 - 01124352 _____ (Farbar) C:\Users\natalie\Downloads\FRST.exe2015-02-11 19:16 - 2015-02-11 19:16 - 00172438 _____ () C:\Users\natalie\Documents\cc_20150211_191605.reg2015-02-11 18:58 - 2015-02-11 18:58 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC2015-02-11 18:58 - 2015-02-11 18:58 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk2015-02-11 18:58 - 2015-02-11 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2015-02-11 18:58 - 2015-02-11 18:58 - 00000000 ____D () C:\Program Files\CCleaner2015-02-11 18:57 - 2015-02-11 18:58 - 05325208 _____ (Piriform Ltd) C:\Users\natalie\Downloads\ccsetup502.exe2015-02-11 18:32 - 2015-02-11 18:32 - 00000000 ____D () C:\ProgramData\ee4c10c2000069172015-02-11 18:23 - 2015-02-11 18:23 - 00022512 _____ () C:\windows\system32\Drivers\SPPD.sys2015-02-11 18:20 - 2015-02-11 18:20 - 00000000 ____D () C:\Users\natalie\AppData\Local\CrimeWatch2015-02-11 17:40 - 2015-02-11 17:43 - 00000000 ____D () C:\Users\natalie\AppData\Local\Tific2015-02-11 17:36 - 2015-02-11 17:36 - 00000045 _____ () C:\Users\natalie\AppData\Roaming\WB.CFG2015-02-11 17:31 - 2015-02-11 19:29 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-02-11 17:30 - 2015-02-11 17:30 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-11 17:30 - 2015-02-11 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-11 17:30 - 2015-02-11 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-02-11 17:30 - 2015-02-11 17:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-11 17:30 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2015-02-11 17:30 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2015-02-11 17:30 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2015-02-11 17:29 - 2015-02-11 17:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\natalie\Downloads\mbam-setup-2.0.4.1028.exe2015-02-11 17:26 - 2015-02-11 17:26 - 00000000 ____D () C:\Users\natalie\AppData\Local\{F421CAB5-8B23-40E7-893D-72EA5B11D6DC}2015-02-05 15:52 - 2015-02-05 15:52 - 00000000 ____D () C:\Users\Julia\AppData\Local\{D5858269-62C9-4266-9B12-C63415F15336}2015-01-31 22:32 - 2015-01-31 22:32 - 00000000 ____D () C:\ProgramData\Browser2015-01-31 22:31 - 2015-01-31 22:31 - 00000000 ____D () C:\Users\alejandro\Documents\Optimizer Pro2015-01-29 22:06 - 2015-01-29 22:06 - 00000000 ____D () C:\Users\Julia\AppData\Local\{92915BE8-6C0D-4518-99F6-0D20F8484712}2015-01-29 21:45 - 2015-01-29 21:45 - 00000000 ____D () C:\Users\natalie\AppData\Local\{9C7FD322-362A-45D8-84B0-37A84656BE17}2015-01-29 21:45 - 2015-01-29 21:45 - 00000000 ____D () C:\Users\natalie\AppData\Local\{70AEBA9A-588C-4AC2-9AA8-0B35C5349422}2015-01-29 17:44 - 2015-01-29 17:44 - 00002964 _____ () C:\windows\System32\Tasks\{25CC8761-DAFC-46EC-B2B1-FFA9BA7A434E}2015-01-29 17:34 - 2015-01-29 17:34 - 00002972 _____ () C:\windows\System32\Tasks\{F12D3291-D89F-44B4-8AB8-FB951DA2D1D1}2015-01-29 17:30 - 2015-02-11 18:24 - 00000000 ____D () C:\Users\natalie\AppData\Local\DesktopTemperature2015-01-29 17:28 - 2015-01-29 17:54 - 00001114 _____ () C:\Users\alejandro\Desktop\I am Bread (1) - Shortcut.lnk2015-01-29 17:02 - 2015-01-29 17:02 - 00000000 ____D () C:\Users\Julia\AppData\Local\{E8D2EB54-4D10-4C51-96E7-68FEC09DD338}2015-01-29 17:01 - 2015-01-29 17:01 - 00000000 ____D () C:\Users\Julia\AppData\Local\SearchProtect2015-01-29 16:40 - 2015-02-11 18:24 - 00000000 ____D () C:\ProgramData\yGICktAR2015-01-29 16:39 - 2015-02-11 18:19 - 00000000 ____D () C:\Program Files (x86)\SearchProtect2015-01-29 16:39 - 2015-01-29 21:40 - 00000000 ____D () C:\Users\natalie\AppData\Local\SearchProtect2015-01-29 16:39 - 2015-01-29 16:39 - 00000000 ____D () C:\Users\alejandro\AppData\Local\SearchProtect2015-01-28 20:45 - 2015-01-28 20:45 - 00000000 ____D () C:\Users\alejandro\AppData\Roaming\Optimizer Pro2015-01-28 20:42 - 2015-01-28 20:42 - 01142128 _____ () C:\Users\alejandro\Downloads\SteamSetup (2).exe2015-01-28 20:42 - 2015-01-28 20:42 - 00000000 ____D () C:\Users\natalie\Documents\Optimizer Pro2015-01-28 20:38 - 2015-01-29 16:53 - 00000000 ____D () C:\ProgramData\BlueStacksSetup2015-01-28 20:37 - 2015-02-11 18:33 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.332015-01-28 20:37 - 2015-02-11 18:24 - 00000000 ____D () C:\Users\natalie\AppData\Local\browser extensions2015-01-28 20:37 - 2015-01-29 21:29 - 10381600 _____ (BlueStack Systems Inc.) C:\Users\natalie\Downloads\bluestacks_05212014.exe2015-01-28 20:37 - 2015-01-28 20:37 - 00004560 _____ () C:\windows\System32\Tasks\Validate Installation2015-01-28 20:37 - 2015-01-28 20:37 - 00004352 _____ () C:\windows\System32\Tasks\Check Updates2015-01-28 20:37 - 2015-01-28 20:37 - 00003912 _____ () C:\windows\System32\Tasks\GeniusBox2015-01-28 20:37 - 2015-01-28 20:37 - 00003852 _____ () C:\windows\System32\Tasks\UpdateAdmin2015-01-28 20:37 - 2015-01-28 20:37 - 00000088 _____ () C:\Users\natalie\AppData\Local\a9a7480e0f40e7531f4f37d70cb16f432015-01-28 20:36 - 2015-02-11 19:54 - 00000340 _____ () C:\windows\Tasks\AgSupport.job2015-01-28 20:36 - 2015-02-11 18:24 - 00000000 ____D () C:\Program Files (x86)\StormWatch2015-01-28 20:36 - 2015-02-11 18:19 - 00000000 ____D () C:\Users\alejandro\AppData\Local\ArcadeGiant2015-01-28 20:36 - 2015-01-28 20:36 - 00003288 _____ () C:\windows\System32\Tasks\AgSupport2015-01-28 20:36 - 2015-01-15 09:40 - 00387200 _____ (Catalytix Web Services) C:\windows\system32\CatWSPrx64.dll2015-01-28 20:36 - 2015-01-15 09:40 - 00330808 _____ (Catalytix Web Services) C:\windows\SysWOW64\CatWSPrx.dll2015-01-28 20:23 - 2015-01-28 20:23 - 01142128 _____ () C:\Users\alejandro\Downloads\SteamSetup (1).exe2015-01-25 23:33 - 2015-01-25 23:33 - 00000000 ____D () C:\Users\natalie\AppData\Local\{0ADAF1B1-DDBB-4CD0-9348-46B43E42F919}2015-01-25 23:32 - 2015-01-25 23:33 - 00000000 ____D () C:\Users\natalie\AppData\Local\{739942C5-7791-4BB9-B450-99C502CE9B24}2015-01-25 23:26 - 2015-01-25 23:26 - 00000000 ____D () C:\Users\natalie\AppData\Local\{F9F9A20D-1A5F-4952-B567-F68AC6023E08}2015-01-23 16:50 - 2015-01-23 16:50 - 01142128 _____ () C:\Users\alejandro\Downloads\SteamSetup.exe2015-01-21 15:49 - 2015-01-21 15:49 - 00022528 _____ () C:\Users\alejandro\AppData\Local\dsisetup3281271052.exe2015-01-21 15:49 - 2015-01-21 15:49 - 00000010 _____ () C:\Users\alejandro\AppData\Local\DSI.DAT2015-01-17 23:01 - 2015-01-29 02:56 - 00000132 _____ () C:\Users\alejandro\AppData\Roaming\WB.CFG2015-01-17 22:00 - 2015-01-17 22:00 - 01110476 _____ () C:\Users\alejandro\Downloads\Setup [1].exe2015-01-17 21:58 - 2015-01-17 21:58 - 00729264 _____ ( ) C:\Users\alejandro\Downloads\Setup.exe2015-01-17 21:57 - 2015-01-17 21:57 - 09948572 _____ () C:\Users\alejandro\Downloads\BosonX_v1_0_5_PC.zip2015-01-14 16:04 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll2015-01-14 16:04 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys2015-01-14 16:04 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-01-14 16:04 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-01-14 16:04 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-01-14 16:04 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-01-14 16:04 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-01-14 16:04 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-01-14 16:04 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-01-14 16:04 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe2015-01-14 16:04 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll2015-01-14 16:04 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll2015-01-14 16:04 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 19:16 - 2012-04-01 07:27 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-11 19:15 - 2012-06-22 20:56 - 00000000 ____D () C:\Users\natalie\Tracing2015-02-11 19:15 - 2011-10-31 12:48 - 00000000 ____D () C:\windows\Panther2015-02-11 19:08 - 2012-09-28 17:38 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2015-02-11 18:57 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-11 18:57 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-11 18:54 - 2012-04-01 06:38 - 01927350 ____N () C:\windows\WindowsUpdate.log2015-02-11 18:50 - 2012-06-22 20:47 - 00000632 __RSH () C:\Users\natalie\ntuser.pol2015-02-11 18:50 - 2012-06-19 13:28 - 00000000 ____D () C:\Users\natalie2015-02-11 18:50 - 2012-04-01 07:27 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-11 18:49 - 2012-04-01 07:34 - 00000000 ____D () C:\ProgramData\Norton2015-02-11 18:49 - 2012-04-01 07:28 - 00000000 ____D () C:\Program Files\Google2015-02-11 18:49 - 2012-04-01 07:27 - 00000000 ____D () C:\Program Files (x86)\Google2015-02-11 18:49 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2015-02-11 18:40 - 2012-06-19 13:30 - 00000000 ____D () C:\Users\natalie\AppData\Local\Google2015-02-11 18:39 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries2015-02-11 18:36 - 2012-06-22 19:33 - 00000000 ____D () C:\Users\alejandro2015-02-11 18:36 - 2012-06-19 23:27 - 00000000 ____D () C:\Users\Guest2015-02-11 18:36 - 2012-06-19 22:35 - 00000000 ____D () C:\Users\Julia2015-02-11 18:29 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF2015-02-11 18:27 - 2014-02-25 23:19 - 00000000 ____D () C:\Users\natalie\AppData\Roaming\Spotify2015-02-11 18:26 - 2014-02-25 23:20 - 00000000 ____D () C:\Users\natalie\AppData\Local\Spotify2015-02-11 18:08 - 2012-09-28 17:38 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-02-11 18:08 - 2012-09-28 17:38 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2015-02-11 18:08 - 2011-10-30 20:34 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-29 22:06 - 2012-07-01 21:21 - 00000904 __RSH () C:\Users\Julia\ntuser.pol2015-01-29 21:48 - 2012-06-22 21:05 - 00001240 __RSH () C:\Users\alejandro\ntuser.pol2015-01-29 17:52 - 2009-07-13 23:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD2015-01-29 17:13 - 2012-04-01 07:10 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games2015-01-28 20:35 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\Resources2015-01-18 18:58 - 2014-02-26 05:03 - 00775994 _____ () C:\windows\SysWOW64\PerfStringBackup.INI2015-01-18 18:58 - 2009-07-13 23:13 - 00775994 _____ () C:\windows\system32\PerfStringBackup.INI2015-01-17 22:01 - 2012-06-22 19:34 - 00001354 _____ () C:\Users\alejandro\Desktop\Entirnet Explore.lnk2015-01-17 20:41 - 2009-07-13 23:08 - 00032548 _____ () C:\windows\Tasks\SCHEDLGU.TXT2015-01-16 18:45 - 2012-04-01 07:10 - 00000000 ____D () C:\ProgramData\WildTangent2015-01-14 23:08 - 2014-12-29 15:00 - 00000000 ____D () C:\windows\system32\MRT2015-01-14 23:03 - 2014-12-29 15:00 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-01-12 17:12 - 2015-01-11 21:59 - 00000000 ____D () C:\Users\natalie\AppData\Local\{4ED3484F-6E34-4D62-9C08-E2F303F7A199}2015-01-12 17:12 - 2015-01-11 21:58 - 00000000 ____D () C:\Users\natalie\AppData\Local\{BC0A8166-B546-4653-B0A9-2181325499CB} ==================== Files in the root of some directories ======= 2015-02-11 17:36 - 2015-02-11 17:36 - 0000045 _____ () C:\Users\natalie\AppData\Roaming\WB.CFG2015-01-28 20:37 - 2015-01-28 20:37 - 0000088 _____ () C:\Users\natalie\AppData\Local\a9a7480e0f40e7531f4f37d70cb16f432012-11-27 19:44 - 2012-11-27 19:44 - 0003584 _____ () C:\Users\natalie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some zero byte size files/folders:==========================C:\Windows\SysWOW64\dlumd10.dllC:\Windows\SysWOW64\dlumd11.dllC:\Windows\SysWOW64\dlumd9.dllC:\Windows\System32\dlumd10.dllC:\Windows\System32\dlumd11.dllC:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-28 17:12 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015Ran by natalie at 2015-02-11 19:54:42Running from C:\Users\natalie\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenCCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.53 - Conexant)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDisplayLink Core Software (HKLM\...\{24710201-55DB-4C7C-963A-5BE230098E24}) (Version: 6.0.34621.0 - DisplayLink Corp.)DisplayLink Graphics (HKLM\...\{E970DFED-0D14-4937-A887-0F1346707321}) (Version: 6.0.34689.0 - DisplayLink Corp.)EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)Java 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabel@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Penguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenRealtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) HiddenSAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)Spotify (HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) HiddenToshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 14-01-2015 16:02:53 Windows Update14-01-2015 23:02:45 Windows Update18-01-2015 18:52:45 Windows Update22-01-2015 17:38:06 Windows Update28-01-2015 16:04:28 Windows Update31-01-2015 22:42:48 Windows Update11-02-2015 18:18:43 Windows Update11-02-2015 18:36:12 Removed UpdateAdmin11-02-2015 18:37:25 Removed ooVoo11-02-2015 18:37:53 Removed Bonjour11-02-2015 18:39:09 Removed BlueStacks Notification Center ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {231127ED-E649-4A8C-9432-149C04E629A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)Task: {48EE3D1A-1B35-49DE-9D02-2D46EB58C194} - System32\Tasks\Validate Installation => C:\Users\natalie\AppData\Local\browser extensions\updater.exeTask: {518EB5EE-8248-4FDB-87A8-9128D82EF920} - System32\Tasks\UpdateAdmin => C:\Users\natalie\AppData\Local\UpdateAdmin\UpdateAdmin.exeTask: {579590E6-A2B1-4957-AA9D-DC760BA24799} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)Task: {5ABAC3DC-1031-4E12-A18C-24D079788746} - System32\Tasks\Check Updates => C:\Users\natalie\AppData\Local\browser extensions\updater.exeTask: {6791ECF6-FBFA-45B9-A803-9D483F271447} - System32\Tasks\{25CC8761-DAFC-46EC-B2B1-FFA9BA7A434E} => C:\Users\alejandro\Downloads\I am Bread.exeTask: {6D3A106B-43D9-4203-8873-586BF5CD9B8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)Task: {78F120A2-4A31-476C-B7AC-7E6FE4A12B1B} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM ControlTask: {B6557E24-6997-4C4F-A59E-A2DA425DEF9C} - \avaxvyyvyf No Task File <==== ATTENTIONTask: {BBAD4E07-1C2C-49DD-B075-F04884FDFA0D} - System32\Tasks\{F12D3291-D89F-44B4-8AB8-FB951DA2D1D1} => C:\Users\alejandro\Downloads\I am Bread (1).exeTask: {C83A6301-8776-41BA-BAF9-09FC2D0124A5} - System32\Tasks\AgSupport => Rundll32.exe C:\Users\ALEJAN~1\AppData\Local\ARCADE~1\AgHelp.dll,Start <==== ATTENTIONTask: {D1EB862C-F0FD-47DE-80D1-3FC66CDA20B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)Task: {E1F7A1CB-9375-4F1D-8895-242EAA743089} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\natalie\AppData\Local\browser extensions\client.exe"Task: {EB6FD153-53C9-4298-8057-0DB0D3BE9A6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\AgSupport.job => C:\Users\ALEJAN~1\AppData\Local\ARCADE~1\AgHelp.dll <==== ATTENTIONTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2011-04-04 20:18 - 2011-04-04 20:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2011-06-09 22:09 - 2011-06-09 22:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2015-02-05 15:56 - 2015-01-26 21:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll2015-02-05 15:56 - 2015-01-26 21:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll2015-02-05 15:56 - 2015-01-26 21:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\natalie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Apple Mobile Device => 2MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorunMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundMSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDMSCONFIG\startupreg: Spotify => "C:\Users\natalie\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartMSCONFIG\startupreg: Spotify Web Helper => "C:\Users\natalie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 ==================== Accounts: ============================= Administrator (S-1-5-21-3872554114-2949308933-1411773189-500 - Administrator - Disabled)alejandro (S-1-5-21-3872554114-2949308933-1411773189-1004 - Limited - Enabled) => C:\Users\alejandroGuest (S-1-5-21-3872554114-2949308933-1411773189-501 - Limited - Enabled) => C:\Users\GuestHomeGroupUser$ (S-1-5-21-3872554114-2949308933-1411773189-1008 - Limited - Enabled)Julia (S-1-5-21-3872554114-2949308933-1411773189-1003 - Limited - Enabled) => C:\Users\Julianatalie (S-1-5-21-3872554114-2949308933-1411773189-1000 - Administrator - Enabled) => C:\Users\natalie ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/11/2015 06:52:12 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0xce0Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3 Error: (02/11/2015 06:52:11 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x7f4Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3 Error: (02/11/2015 06:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x13c8Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3 Error: (02/11/2015 06:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0xc5cFaulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3 Error: (02/11/2015 06:52:08 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x5d4Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3 Error: (02/11/2015 06:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x12b8Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3 Error: (02/11/2015 06:52:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0xb3cFaulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3 Error: (02/11/2015 06:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 06:41:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x14e0Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3 Error: (02/11/2015 06:41:09 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddccFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000Faulting process id: 0x17fcFaulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3 System errors:=============Error: (02/11/2015 06:51:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (02/11/2015 06:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Search Protect Service service failed to start due to the following error: %%216 Error: (02/11/2015 06:49:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The pygqDCCpEPl service failed to start due to the following error: %%2 Error: (02/11/2015 06:46:40 PM) (Source: bowser) (EventID: 8003) (User: )Description: The master browser has received a server announcement from the computer JUKON-PCthat believes that it is the master browser for the domain on transport NetBT_Tcpip_{39281A54-8DB7-4BE7-84F0-06A834EC510A}.The master browser is stopping or an election is being forced. Error: (02/11/2015 06:39:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The BlueStacks Updater Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/11/2015 06:26:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (02/11/2015 06:25:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The BlueStacks Android Service service terminated with the following error: %%1064 Error: (02/11/2015 06:25:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The pygqDCCpEPl service failed to start due to the following error: %%2 Error: (02/11/2015 06:25:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Search Protect Service service failed to start due to the following error: %%216 Error: (02/11/2015 06:10:38 PM) (Source: bowser) (EventID: 8003) (User: )Description: The master browser has received a server announcement from the computer JUKON-PCthat believes that it is the master browser for the domain on transport NetBT_Tcpip_{39281A54-8DB7-4BE7-84F0-06A834EC510A}.The master browser is stopping or an election is being forced. Microsoft Office Sessions:=========================Error: (02/11/2015 06:52:12 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c000000500000000ce001d0465e2338f4efC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown60f45cc0-b251-11e4-ba37-00266c0f9fae Error: (02/11/2015 06:52:11 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c0000005000000007f401d0465e227af957C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown60350192-b251-11e4-ba37-00266c0f9fae Error: (02/11/2015 06:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000013c801d0465e21cd78bdC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5f892eae-b251-11e4-ba37-00266c0f9fae Error: (02/11/2015 06:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c000000500000000c5c01d0465e21719bc4C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5f2b7cef-b251-11e4-ba37-00266c0f9fae Error: (02/11/2015 06:52:08 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c0000005000000005d401d0465e20e956f5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5ea90496-b251-11e4-ba37-00266c0f9fae Error: (02/11/2015 06:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000012b801d0465e201ba3b2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5dd66f41-b251-11e4-ba37-00266c0f9fae Error: (02/11/2015 06:52:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c000000500000000b3c01d0465e1cd5460cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5c0b9399-b251-11e4-ba37-00266c0f9fae Error: (02/11/2015 06:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 06:41:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000014e001d0465c98cff8abC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownd68d2d2d-b24f-11e4-b301-00266c0f9fae Error: (02/11/2015 06:41:09 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000017fc01d0465c97f9bcd2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownd5b6f154-b24f-11e4-b301-00266c0f9fae ==================== Memory info =========================== Processor: Intel® Pentium® CPU B960 @ 2.20GHzPercentage of memory in use: 41%Total physical RAM: 4043.86 MBAvailable physical RAM: 2384.95 MBTotal Pagefile: 8085.9 MBAvailable Pagefile: 6303.72 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (TI106321W0B) (Fixed) (Total:282.96 GB) (Free:211.96 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 010ED62A)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 11, 2015 ID:938602 Share Posted February 11, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop.Right-click on icon and select Run as Administrator to start the tool.Wait until the database is updated.Accept the Terms of use and click Scan.When finished, please click Clean.Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.Please upload report in your reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please upload them into your next reply. Link to post Share on other sites More sharing options...
Julianender Posted February 11, 2015 Author ID:938830 Share Posted February 11, 2015 After rebooting from running adwcleaner there are no more bad image error popups. Here are the rest of the logs attached. Thank you again for the help.AdwCleanerS0.txtFRST.txtAddition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 11, 2015 ID:938857 Share Posted February 11, 2015 There is still some malware left. We will clean it now: Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please post it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
Julianender Posted February 12, 2015 Author ID:938957 Share Posted February 12, 2015 Here is the fixlog. Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 12, 2015 ID:939067 Share Posted February 12, 2015 Very good. How is your PC now? Link to post Share on other sites More sharing options...
Julianender Posted February 14, 2015 Author ID:939546 Share Posted February 14, 2015 Seems to be running great now with no more incidents. Thanks again. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 14, 2015 ID:939565 Share Posted February 14, 2015 Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself Recommended reading: MUST READ - security tips:Computer Security - a short guide to staying safer online.Simple and easy ways to keep your computer safe and secure on the InternetHow Malware Spreads - How did I get infectedMUST READ - general maintenance:What to do if your Computer is running slowly?The Importance of Software Updating: In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running. Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.How to configure and use Automatic Updates in WindowsHow to update JavaHow to update Adobe ReaderRecommended additional software: TFC - to clean unneeded temporary files.Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.McShield - to prevent infections spread by removable media.Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.Adblock - to surf the web without annoying ads! Post-cleanup procedures: Download DelFix by Xplode and save it to your desktop.Run the tool by right click on the icon and Run as administrator option.Make sure that these ones are checked:Remove disinfection toolsPurge system restoreReset system settingsPush Run.The program will run for a few seconds and display a notepad report. You do not need to attach it.The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFixTool deletes old system restore points and create a fresh system restore point after cleaning. My help is free for everybody.If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: Thank you! Stay safe,TwinHeadedEagle Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 4, 2015 Root Admin ID:944919 Share Posted March 4, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts