Jump to content

Bad Image Error after Malwarebytes


Recommended Posts

Farbar Logs  pls HELP

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by natalie (administrator) on NATALIE-PC on 11-02-2015 19:53:20
Running from C:\Users\natalie\Downloads
Loaded Profiles: natalie (Available profiles: natalie & Julia & alejandro & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\MountPoints2: {5b11f340-35f3-11e2-bd16-00266c0f9fae} - E:\iLinker.exe
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [257808 2015-02-02] ()
AppInit_DLLs-x32: c:\progra~2\search~1\search~1\bin\vc32lo~1.dll => c:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221968 2015-02-02] ()
GroupPolicyUsers\S-1-5-21-3872554114-2949308933-1411773189-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3872554114-2949308933-1411773189-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [s-1-5-21-3872554114-2949308933-1411773189-1000] => http=127.0.0.1:49315;https=127.0.0.1:49315
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> DefaultScope {51997D71-C36F-4647-BCAA-75F8D3594AA5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> {51997D71-C36F-4647-BCAA-75F8D3594AA5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 
BHO: No Name -> {4F564F32-5637-006A-76A7-7A786E7484D7} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - No Name - {39B4841D-CFA0-42CC-AC66-F8C3AFA0E458} -  No File
Toolbar: HKLM-x32 - No Name - {39B4841D-CFA0-42CC-AC66-F8C3AFA0E458} -  No File
Toolbar: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3872554114-2949308933-1411773189-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog9 01 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)
Winsock: Catalog9 02 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)
Winsock: Catalog9 03 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)
Winsock: Catalog9 04 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)
Winsock: Catalog9 15 C:\windows\SysWOW64\CatWSPrx.dll [330808] (Catalytix Web Services)
Winsock: Catalog9-x64 01 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)
Winsock: Catalog9-x64 02 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)
Winsock: Catalog9-x64 03 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)
Winsock: Catalog9-x64 04 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)
Winsock: Catalog9-x64 15 C:\windows\system32\CatWSPrx64.dll [387200] (Catalytix Web Services)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333245&octid=EB_ORIGINAL_CTID&ISID=M6546E683-9C84-4CDC-B7CC-B129CC9CE7B0&SearchSource=55&CUI=&UM=8&UP=SP1603ACEB-2454-4BD5-9A0B-52A3F452FC83&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333245&octid=EB_ORIGINAL_CTID&ISID=M6546E683-9C84-4CDC-B7CC-B129CC9CE7B0&SearchSource=55&CUI=&UM=8&UP=SP1603ACEB-2454-4BD5-9A0B-52A3F452FC83&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\natalie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
CHR Extension: (Adblock Plus) - C:\Users\natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-04]
CHR Extension: (Google Wallet) - C:\Users\natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3557136 2015-02-02] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8422760 2011-10-05] (DisplayLink Corp.)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2015-02-11] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.0.32700.0.sys [17408 2014-01-04] (http://libusb-win32.sourceforge.net)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-11 19:53 - 2015-02-11 19:54 - 00016394 _____ () C:\Users\natalie\Downloads\FRST.txt
2015-02-11 19:52 - 2015-02-11 19:53 - 00000000 ____D () C:\FRST
2015-02-11 19:52 - 2015-02-11 19:52 - 02132992 _____ (Farbar) C:\Users\natalie\Downloads\FRST64.exe
2015-02-11 19:52 - 2015-02-11 19:52 - 01124352 _____ (Farbar) C:\Users\natalie\Downloads\FRST.exe
2015-02-11 19:16 - 2015-02-11 19:16 - 00172438 _____ () C:\Users\natalie\Documents\cc_20150211_191605.reg
2015-02-11 18:58 - 2015-02-11 18:58 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-02-11 18:58 - 2015-02-11 18:58 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-11 18:58 - 2015-02-11 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-11 18:58 - 2015-02-11 18:58 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-11 18:57 - 2015-02-11 18:58 - 05325208 _____ (Piriform Ltd) C:\Users\natalie\Downloads\ccsetup502.exe
2015-02-11 18:32 - 2015-02-11 18:32 - 00000000 ____D () C:\ProgramData\ee4c10c200006917
2015-02-11 18:23 - 2015-02-11 18:23 - 00022512 _____ () C:\windows\system32\Drivers\SPPD.sys
2015-02-11 18:20 - 2015-02-11 18:20 - 00000000 ____D () C:\Users\natalie\AppData\Local\CrimeWatch
2015-02-11 17:40 - 2015-02-11 17:43 - 00000000 ____D () C:\Users\natalie\AppData\Local\Tific
2015-02-11 17:36 - 2015-02-11 17:36 - 00000045 _____ () C:\Users\natalie\AppData\Roaming\WB.CFG
2015-02-11 17:31 - 2015-02-11 19:29 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 17:30 - 2015-02-11 17:30 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-11 17:30 - 2015-02-11 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-11 17:30 - 2015-02-11 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 17:30 - 2015-02-11 17:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-11 17:30 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-11 17:30 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-11 17:30 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-11 17:29 - 2015-02-11 17:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\natalie\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-11 17:26 - 2015-02-11 17:26 - 00000000 ____D () C:\Users\natalie\AppData\Local\{F421CAB5-8B23-40E7-893D-72EA5B11D6DC}
2015-02-05 15:52 - 2015-02-05 15:52 - 00000000 ____D () C:\Users\Julia\AppData\Local\{D5858269-62C9-4266-9B12-C63415F15336}
2015-01-31 22:32 - 2015-01-31 22:32 - 00000000 ____D () C:\ProgramData\Browser
2015-01-31 22:31 - 2015-01-31 22:31 - 00000000 ____D () C:\Users\alejandro\Documents\Optimizer Pro
2015-01-29 22:06 - 2015-01-29 22:06 - 00000000 ____D () C:\Users\Julia\AppData\Local\{92915BE8-6C0D-4518-99F6-0D20F8484712}
2015-01-29 21:45 - 2015-01-29 21:45 - 00000000 ____D () C:\Users\natalie\AppData\Local\{9C7FD322-362A-45D8-84B0-37A84656BE17}
2015-01-29 21:45 - 2015-01-29 21:45 - 00000000 ____D () C:\Users\natalie\AppData\Local\{70AEBA9A-588C-4AC2-9AA8-0B35C5349422}
2015-01-29 17:44 - 2015-01-29 17:44 - 00002964 _____ () C:\windows\System32\Tasks\{25CC8761-DAFC-46EC-B2B1-FFA9BA7A434E}
2015-01-29 17:34 - 2015-01-29 17:34 - 00002972 _____ () C:\windows\System32\Tasks\{F12D3291-D89F-44B4-8AB8-FB951DA2D1D1}
2015-01-29 17:30 - 2015-02-11 18:24 - 00000000 ____D () C:\Users\natalie\AppData\Local\DesktopTemperature
2015-01-29 17:28 - 2015-01-29 17:54 - 00001114 _____ () C:\Users\alejandro\Desktop\I am Bread (1) - Shortcut.lnk
2015-01-29 17:02 - 2015-01-29 17:02 - 00000000 ____D () C:\Users\Julia\AppData\Local\{E8D2EB54-4D10-4C51-96E7-68FEC09DD338}
2015-01-29 17:01 - 2015-01-29 17:01 - 00000000 ____D () C:\Users\Julia\AppData\Local\SearchProtect
2015-01-29 16:40 - 2015-02-11 18:24 - 00000000 ____D () C:\ProgramData\yGICktAR
2015-01-29 16:39 - 2015-02-11 18:19 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-29 16:39 - 2015-01-29 21:40 - 00000000 ____D () C:\Users\natalie\AppData\Local\SearchProtect
2015-01-29 16:39 - 2015-01-29 16:39 - 00000000 ____D () C:\Users\alejandro\AppData\Local\SearchProtect
2015-01-28 20:45 - 2015-01-28 20:45 - 00000000 ____D () C:\Users\alejandro\AppData\Roaming\Optimizer Pro
2015-01-28 20:42 - 2015-01-28 20:42 - 01142128 _____ () C:\Users\alejandro\Downloads\SteamSetup (2).exe
2015-01-28 20:42 - 2015-01-28 20:42 - 00000000 ____D () C:\Users\natalie\Documents\Optimizer Pro
2015-01-28 20:38 - 2015-01-29 16:53 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-28 20:37 - 2015-02-11 18:33 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.33
2015-01-28 20:37 - 2015-02-11 18:24 - 00000000 ____D () C:\Users\natalie\AppData\Local\browser extensions
2015-01-28 20:37 - 2015-01-29 21:29 - 10381600 _____ (BlueStack Systems Inc.) C:\Users\natalie\Downloads\bluestacks_05212014.exe
2015-01-28 20:37 - 2015-01-28 20:37 - 00004560 _____ () C:\windows\System32\Tasks\Validate Installation
2015-01-28 20:37 - 2015-01-28 20:37 - 00004352 _____ () C:\windows\System32\Tasks\Check Updates
2015-01-28 20:37 - 2015-01-28 20:37 - 00003912 _____ () C:\windows\System32\Tasks\GeniusBox
2015-01-28 20:37 - 2015-01-28 20:37 - 00003852 _____ () C:\windows\System32\Tasks\UpdateAdmin
2015-01-28 20:37 - 2015-01-28 20:37 - 00000088 _____ () C:\Users\natalie\AppData\Local\a9a7480e0f40e7531f4f37d70cb16f43
2015-01-28 20:36 - 2015-02-11 19:54 - 00000340 _____ () C:\windows\Tasks\AgSupport.job
2015-01-28 20:36 - 2015-02-11 18:24 - 00000000 ____D () C:\Program Files (x86)\StormWatch
2015-01-28 20:36 - 2015-02-11 18:19 - 00000000 ____D () C:\Users\alejandro\AppData\Local\ArcadeGiant
2015-01-28 20:36 - 2015-01-28 20:36 - 00003288 _____ () C:\windows\System32\Tasks\AgSupport
2015-01-28 20:36 - 2015-01-15 09:40 - 00387200 _____ (Catalytix Web Services) C:\windows\system32\CatWSPrx64.dll
2015-01-28 20:36 - 2015-01-15 09:40 - 00330808 _____ (Catalytix Web Services) C:\windows\SysWOW64\CatWSPrx.dll
2015-01-28 20:23 - 2015-01-28 20:23 - 01142128 _____ () C:\Users\alejandro\Downloads\SteamSetup (1).exe
2015-01-25 23:33 - 2015-01-25 23:33 - 00000000 ____D () C:\Users\natalie\AppData\Local\{0ADAF1B1-DDBB-4CD0-9348-46B43E42F919}
2015-01-25 23:32 - 2015-01-25 23:33 - 00000000 ____D () C:\Users\natalie\AppData\Local\{739942C5-7791-4BB9-B450-99C502CE9B24}
2015-01-25 23:26 - 2015-01-25 23:26 - 00000000 ____D () C:\Users\natalie\AppData\Local\{F9F9A20D-1A5F-4952-B567-F68AC6023E08}
2015-01-23 16:50 - 2015-01-23 16:50 - 01142128 _____ () C:\Users\alejandro\Downloads\SteamSetup.exe
2015-01-21 15:49 - 2015-01-21 15:49 - 00022528 _____ () C:\Users\alejandro\AppData\Local\dsisetup3281271052.exe
2015-01-21 15:49 - 2015-01-21 15:49 - 00000010 _____ () C:\Users\alejandro\AppData\Local\DSI.DAT
2015-01-17 23:01 - 2015-01-29 02:56 - 00000132 _____ () C:\Users\alejandro\AppData\Roaming\WB.CFG
2015-01-17 22:00 - 2015-01-17 22:00 - 01110476 _____ () C:\Users\alejandro\Downloads\Setup [1].exe
2015-01-17 21:58 - 2015-01-17 21:58 - 00729264 _____ ( ) C:\Users\alejandro\Downloads\Setup.exe
2015-01-17 21:57 - 2015-01-17 21:57 - 09948572 _____ () C:\Users\alejandro\Downloads\BosonX_v1_0_5_PC.zip
2015-01-14 16:04 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 16:04 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 16:04 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 16:04 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 16:04 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 16:04 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 16:04 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:04 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:04 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 16:04 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 16:04 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 16:04 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 16:04 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-11 19:16 - 2012-04-01 07:27 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 19:15 - 2012-06-22 20:56 - 00000000 ____D () C:\Users\natalie\Tracing
2015-02-11 19:15 - 2011-10-31 12:48 - 00000000 ____D () C:\windows\Panther
2015-02-11 19:08 - 2012-09-28 17:38 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 18:57 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 18:57 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 18:54 - 2012-04-01 06:38 - 01927350 ____N () C:\windows\WindowsUpdate.log
2015-02-11 18:50 - 2012-06-22 20:47 - 00000632 __RSH () C:\Users\natalie\ntuser.pol
2015-02-11 18:50 - 2012-06-19 13:28 - 00000000 ____D () C:\Users\natalie
2015-02-11 18:50 - 2012-04-01 07:27 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 18:49 - 2012-04-01 07:34 - 00000000 ____D () C:\ProgramData\Norton
2015-02-11 18:49 - 2012-04-01 07:28 - 00000000 ____D () C:\Program Files\Google
2015-02-11 18:49 - 2012-04-01 07:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-11 18:49 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-11 18:40 - 2012-06-19 13:30 - 00000000 ____D () C:\Users\natalie\AppData\Local\Google
2015-02-11 18:39 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-11 18:36 - 2012-06-22 19:33 - 00000000 ____D () C:\Users\alejandro
2015-02-11 18:36 - 2012-06-19 23:27 - 00000000 ____D () C:\Users\Guest
2015-02-11 18:36 - 2012-06-19 22:35 - 00000000 ____D () C:\Users\Julia
2015-02-11 18:29 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-11 18:27 - 2014-02-25 23:19 - 00000000 ____D () C:\Users\natalie\AppData\Roaming\Spotify
2015-02-11 18:26 - 2014-02-25 23:20 - 00000000 ____D () C:\Users\natalie\AppData\Local\Spotify
2015-02-11 18:08 - 2012-09-28 17:38 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-11 18:08 - 2012-09-28 17:38 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-11 18:08 - 2011-10-30 20:34 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 22:06 - 2012-07-01 21:21 - 00000904 __RSH () C:\Users\Julia\ntuser.pol
2015-01-29 21:48 - 2012-06-22 21:05 - 00001240 __RSH () C:\Users\alejandro\ntuser.pol
2015-01-29 17:52 - 2009-07-13 23:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-01-29 17:13 - 2012-04-01 07:10 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-01-28 20:35 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\Resources
2015-01-18 18:58 - 2014-02-26 05:03 - 00775994 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-18 18:58 - 2009-07-13 23:13 - 00775994 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-17 22:01 - 2012-06-22 19:34 - 00001354 _____ () C:\Users\alejandro\Desktop\Entirnet Explore.lnk
2015-01-17 20:41 - 2009-07-13 23:08 - 00032548 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-16 18:45 - 2012-04-01 07:10 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-14 23:08 - 2014-12-29 15:00 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 23:03 - 2014-12-29 15:00 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-12 17:12 - 2015-01-11 21:59 - 00000000 ____D () C:\Users\natalie\AppData\Local\{4ED3484F-6E34-4D62-9C08-E2F303F7A199}
2015-01-12 17:12 - 2015-01-11 21:58 - 00000000 ____D () C:\Users\natalie\AppData\Local\{BC0A8166-B546-4653-B0A9-2181325499CB}
 
==================== Files in the root of some directories =======
 
2015-02-11 17:36 - 2015-02-11 17:36 - 0000045 _____ () C:\Users\natalie\AppData\Roaming\WB.CFG
2015-01-28 20:37 - 2015-01-28 20:37 - 0000088 _____ () C:\Users\natalie\AppData\Local\a9a7480e0f40e7531f4f37d70cb16f43
2012-11-27 19:44 - 2012-11-27 19:44 - 0003584 _____ () C:\Users\natalie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-28 17:12
 
==================== End Of Log ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by natalie at 2015-02-11 19:54:42
Running from C:\Users\natalie\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.53 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{24710201-55DB-4C7C-963A-5BE230098E24}) (Version: 6.0.34621.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{E970DFED-0D14-4937-A887-0F1346707321}) (Version: 6.0.34689.0 - DisplayLink Corp.)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Spotify (HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
14-01-2015 16:02:53 Windows Update
14-01-2015 23:02:45 Windows Update
18-01-2015 18:52:45 Windows Update
22-01-2015 17:38:06 Windows Update
28-01-2015 16:04:28 Windows Update
31-01-2015 22:42:48 Windows Update
11-02-2015 18:18:43 Windows Update
11-02-2015 18:36:12 Removed UpdateAdmin
11-02-2015 18:37:25 Removed ooVoo
11-02-2015 18:37:53 Removed Bonjour
11-02-2015 18:39:09 Removed BlueStacks Notification Center
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {231127ED-E649-4A8C-9432-149C04E629A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {48EE3D1A-1B35-49DE-9D02-2D46EB58C194} - System32\Tasks\Validate Installation => C:\Users\natalie\AppData\Local\browser extensions\updater.exe
Task: {518EB5EE-8248-4FDB-87A8-9128D82EF920} - System32\Tasks\UpdateAdmin => C:\Users\natalie\AppData\Local\UpdateAdmin\UpdateAdmin.exe
Task: {579590E6-A2B1-4957-AA9D-DC760BA24799} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {5ABAC3DC-1031-4E12-A18C-24D079788746} - System32\Tasks\Check Updates => C:\Users\natalie\AppData\Local\browser extensions\updater.exe
Task: {6791ECF6-FBFA-45B9-A803-9D483F271447} - System32\Tasks\{25CC8761-DAFC-46EC-B2B1-FFA9BA7A434E} => C:\Users\alejandro\Downloads\I am Bread.exe
Task: {6D3A106B-43D9-4203-8873-586BF5CD9B8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {78F120A2-4A31-476C-B7AC-7E6FE4A12B1B} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {B6557E24-6997-4C4F-A59E-A2DA425DEF9C} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {BBAD4E07-1C2C-49DD-B075-F04884FDFA0D} - System32\Tasks\{F12D3291-D89F-44B4-8AB8-FB951DA2D1D1} => C:\Users\alejandro\Downloads\I am Bread (1).exe
Task: {C83A6301-8776-41BA-BAF9-09FC2D0124A5} - System32\Tasks\AgSupport => Rundll32.exe C:\Users\ALEJAN~1\AppData\Local\ARCADE~1\AgHelp.dll,Start <==== ATTENTION
Task: {D1EB862C-F0FD-47DE-80D1-3FC66CDA20B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {E1F7A1CB-9375-4F1D-8895-242EAA743089} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\natalie\AppData\Local\browser extensions\client.exe"
Task: {EB6FD153-53C9-4298-8057-0DB0D3BE9A6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AgSupport.job => C:\Users\ALEJAN~1\AppData\Local\ARCADE~1\AgHelp.dll <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-04-04 20:18 - 2011-04-04 20:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-06-09 22:09 - 2011-06-09 22:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-02-05 15:56 - 2015-01-26 21:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-05 15:56 - 2015-01-26 21:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-05 15:56 - 2015-01-26 21:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3872554114-2949308933-1411773189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\natalie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Spotify => "C:\Users\natalie\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\natalie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3872554114-2949308933-1411773189-500 - Administrator - Disabled)
alejandro (S-1-5-21-3872554114-2949308933-1411773189-1004 - Limited - Enabled) => C:\Users\alejandro
Guest (S-1-5-21-3872554114-2949308933-1411773189-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3872554114-2949308933-1411773189-1008 - Limited - Enabled)
Julia (S-1-5-21-3872554114-2949308933-1411773189-1003 - Limited - Enabled) => C:\Users\Julia
natalie (S-1-5-21-3872554114-2949308933-1411773189-1000 - Administrator - Enabled) => C:\Users\natalie
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/11/2015 06:52:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xce0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2015 06:52:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x7f4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2015 06:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x13c8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2015 06:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xc5c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2015 06:52:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x5d4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2015 06:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x12b8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2015 06:52:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xb3c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2015 06:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2015 06:41:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x14e0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/11/2015 06:41:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x17fc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (02/11/2015 06:51:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/11/2015 06:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect Service service failed to start due to the following error: 
%%216
 
Error: (02/11/2015 06:49:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pygqDCCpEPl service failed to start due to the following error: 
%%2
 
Error: (02/11/2015 06:46:40 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer JUKON-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{39281A54-8DB7-4BE7-84F0-06A834EC510A}.
The master browser is stopping or an election is being forced.
 
Error: (02/11/2015 06:39:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/11/2015 06:26:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/11/2015 06:25:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/11/2015 06:25:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pygqDCCpEPl service failed to start due to the following error: 
%%2
 
Error: (02/11/2015 06:25:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect Service service failed to start due to the following error: 
%%216
 
Error: (02/11/2015 06:10:38 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer JUKON-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{39281A54-8DB7-4BE7-84F0-06A834EC510A}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (02/11/2015 06:52:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c000000500000000ce001d0465e2338f4efC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown60f45cc0-b251-11e4-ba37-00266c0f9fae
 
Error: (02/11/2015 06:52:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c0000005000000007f401d0465e227af957C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown60350192-b251-11e4-ba37-00266c0f9fae
 
Error: (02/11/2015 06:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000013c801d0465e21cd78bdC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5f892eae-b251-11e4-ba37-00266c0f9fae
 
Error: (02/11/2015 06:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c000000500000000c5c01d0465e21719bc4C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5f2b7cef-b251-11e4-ba37-00266c0f9fae
 
Error: (02/11/2015 06:52:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c0000005000000005d401d0465e20e956f5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5ea90496-b251-11e4-ba37-00266c0f9fae
 
Error: (02/11/2015 06:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000012b801d0465e201ba3b2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5dd66f41-b251-11e4-ba37-00266c0f9fae
 
Error: (02/11/2015 06:52:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c000000500000000b3c01d0465e1cd5460cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5c0b9399-b251-11e4-ba37-00266c0f9fae
 
Error: (02/11/2015 06:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2015 06:41:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000014e001d0465c98cff8abC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownd68d2d2d-b24f-11e4-b301-00266c0f9fae
 
Error: (02/11/2015 06:41:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000017fc01d0465c97f9bcd2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownd5b6f154-b24f-11e4-b301-00266c0f9fae
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 4043.86 MB
Available physical RAM: 2384.95 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 6303.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (TI106321W0B) (Fixed) (Total:282.96 GB) (Free:211.96 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 010ED62A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please upload report in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 



FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

There is still some malware left. We will clean it now:
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.