Possible Malware - BSODs Caused By BAD_POOL_HEADER

Gerrard · February 18, 2015

Hi,

From my post here - https://forums.malwarebytes.org/index.php?/topic/164965-bsod-bad-pool-header/#entry940637

It was suggested by 1PW that I open a topic here as I may have a malware infection.

As 1PW requested, below are my FRST.txt and Addition.txt files:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015

Ran by Gerrard (administrator) on GERRARD-PC on 18-02-2015 14:52:56

Running from C:\Users\Gerrard\Desktop\Fix

Loaded Profiles: Gerrard & UpdatusUser (Available profiles: Gerrard & UpdatusUser)

Platform: Microsoft Windows 7 Home Premium (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE

(Teruten) C:\Windows\System32\FsUsbExService.Exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe

(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.3.336.0\McCSPServiceHost.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2015-01-13] (McAfee, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-04-28] (Synaptics, Inc.)

HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2006-11-27] (Creative Technology Ltd)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)

HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2007-05-10] (Creative Technology Ltd.)

HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\...\Run: [DellSystemDetect] => C:\Users\Gerrard\AppData\Local\Apps\2.0\JWZ84O28.6XD\E7MAHV54.LHK\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-10] (Dell)

HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\...\MountPoints2: H - H:\DTVP_Launcher.exe

HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\...\MountPoints2: {6a01ec97-4178-11df-9f1d-001dd9e7fc28} - F:\DTVP_Launcher.exe

HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\...\MountPoints2: {d315f035-256f-11df-9eea-001dd9e7fc28} - "F:\WD SmartWare.exe" autoplay=true

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

ShortcutTarget: QuickSet.lnk -> C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe (Macrovision Corporation)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gerrard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gerrard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gerrard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

SearchScopes: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001 -> DefaultScope {F7F9D434-F6AD-4093-AB6C-AD44187AB04A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7ADRA_en

SearchScopes: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001 -> {F7F9D434-F6AD-4093-AB6C-AD44187AB04A} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7ADRA_en

BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 10.1.1.254

Tcpip\..\Interfaces\{8967732C-A582-4E5B-8C1D-D84B49F8178D}: [NameServer] 172.21.122.12 202.27.113.10

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @real.com/nppl3260;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-14]

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-13]

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.co.nz/"

CHR Profile: C:\Users\Gerrard\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-03-07]

CHR Extension: (Google Wallet) - C:\Users\Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]

CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Gerrard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-07]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-14]

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-09-08] (Acronis)

R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2010-03-03] (Creative Labs) [File not signed]

R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]

R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed]

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-21] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-21] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-21] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2015-01-13] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-22] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2015-01-07] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-04] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-04] (Hewlett-Packard) [File not signed]

R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)

S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-06] (Sonic Solutions) [File not signed]

S2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-06] (Sonic Solutions) [File not signed]

R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-07] (SigmaTel, Inc.)

S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-15] (MicroVision Development, Inc.) [File not signed]

S3 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492600 2007-09-08] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-02] (SlySoft, Inc.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-11-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-18] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]

R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-09] (IBM Corp.)

R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)

S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)

R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)

R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-05-07] (SigmaTel, Inc.)

R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2010-07-22] (Acronis)

R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2010-07-22] (Acronis)

R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [94920 2013-10-17] (High Criteria inc.)

S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]

U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 14:44 - 2015-02-18 14:53 - 00000000 ____D () C:\FRST

2015-02-18 14:43 - 2015-02-18 14:52 - 00000000 ____D () C:\Users\Gerrard\Desktop\Fix

2015-02-18 14:34 - 2015-02-18 14:35 - 00000000 ____D () C:\Users\Gerrard\Desktop\Dump

2015-02-18 14:17 - 2015-02-18 14:17 - 04747264 _____ () C:\Users\Gerrard\Documents\Fuel.vsd

2015-02-18 13:23 - 2015-02-18 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-02-17 13:58 - 2015-02-17 13:59 - 13946571 _____ () C:\Users\Gerrard\Downloads\SysinternalsSuite.zip

2015-02-17 13:28 - 2015-02-17 13:29 - 06528454 _____ () C:\Users\Gerrard\Downloads\paint.net.4.0.5.install.zip

2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Users\Gerrard\Desktop\Paul

2015-02-12 10:04 - 2015-02-14 16:58 - 00000464 _____ () C:\Users\Gerrard\Desktop\Social Calendar.txt

2015-02-11 10:50 - 2015-02-11 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed

2015-02-11 10:50 - 2015-02-11 10:50 - 00000000 ____D () C:\Program Files\WhoCrashed

2015-02-11 10:49 - 2015-02-11 10:49 - 02727584 _____ (Resplendence Software Projects Sp. ) C:\Users\Gerrard\Downloads\whocrashedSetup.exe

2015-02-11 10:32 - 2015-02-18 14:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-11 10:32 - 2015-02-11 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-11 10:32 - 2015-02-11 10:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-11 10:32 - 2015-02-11 10:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-02-11 10:32 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-11 10:32 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-11 10:32 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-11 10:20 - 2015-02-11 10:20 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gerrard\Downloads\mbam-setup-2.0.4.1028.exe

2015-02-11 10:19 - 2015-02-11 10:19 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Gerrard\Downloads\mbam-clean-2.1.1.1001.exe

2015-02-10 16:01 - 2015-02-10 16:01 - 00000000 ____D () C:\Users\Gerrard\AppData\Roaming\Dell

2015-02-10 16:00 - 2015-02-10 16:00 - 00000000 ____D () C:\ProgramData\PCDr

2015-02-10 16:00 - 2015-02-10 16:00 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows

2015-02-10 16:00 - 2015-02-10 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

2015-02-10 16:00 - 2015-02-10 16:00 - 00000000 ____D () C:\Program Files\Dell Support Center

2015-02-10 15:58 - 2015-02-10 16:00 - 00000000 ____D () C:\Program Files\My Dell

2015-02-10 15:54 - 2015-02-10 15:54 - 00000000 ____D () C:\Users\Gerrard\AppData\Roaming\PCDr

2015-02-10 15:52 - 2015-02-10 15:52 - 00000000 ____D () C:\Users\Gerrard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

2015-02-10 15:52 - 2015-02-10 15:52 - 00000000 ____D () C:\Users\Gerrard\AppData\Local\Deployment

2015-02-10 15:51 - 2015-02-10 15:51 - 00417064 _____ () C:\Users\Gerrard\Downloads\DellSystemDetect.exe

2015-02-10 14:43 - 2015-02-11 16:19 - 00000735 _____ () C:\Users\Gerrard\Desktop\Include in Document.txt

2015-02-09 15:33 - 2015-02-09 15:33 - 11666784 _____ (Microsoft Corporation) C:\Users\Gerrard\Downloads\visioviewer32bit.exe

2015-02-09 15:10 - 2015-02-09 15:26 - 357615384 _____ (Microsoft Corporation) C:\Users\Gerrard\Downloads\Visio_2013.exe

2015-02-09 11:25 - 2015-02-09 11:26 - 00011205 _____ () C:\Users\Gerrard\Downloads\ViewUsage.csv

2015-02-04 15:24 - 2015-02-18 13:15 - 00163519 ____N () C:\Windows\Minidump\021815-28704-01.dmp

2015-02-04 15:24 - 2015-02-17 13:43 - 00163519 ____N () C:\Windows\Minidump\021715-25989-01.dmp

2015-02-04 15:24 - 2015-02-17 13:15 - 00163775 ____N () C:\Windows\Minidump\021715-25662-01.dmp

2015-02-04 15:24 - 2015-02-11 10:35 - 00163519 ____N () C:\Windows\Minidump\021115-22354-01.dmp

2015-02-04 15:24 - 2015-02-10 15:33 - 00163519 ____N () C:\Windows\Minidump\021015-22183-01.dmp

2015-02-04 15:24 - 2015-02-10 15:06 - 00164591 ____N () C:\Windows\Minidump\021015-24273-01.dmp

2015-02-04 15:24 - 2015-02-04 15:31 - 00163519 ____N () C:\Windows\Minidump\020415-22370-01.dmp

2015-02-03 15:54 - 2015-02-03 15:55 - 07683360 _____ (Auslogics Labs Pty Ltd ) C:\Users\Gerrard\Downloads\driver-updater-setup.exe

2015-02-03 08:38 - 2015-02-03 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-02-03 08:21 - 2010-03-04 17:04 - 00146304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2015-02-03 08:21 - 2010-03-04 16:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys

2015-02-03 08:20 - 2010-09-14 19:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll

2015-02-03 08:04 - 2012-11-22 22:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2015-02-03 08:04 - 2012-08-03 06:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2015-02-03 08:04 - 2011-03-11 18:44 - 00146304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2015-02-03 08:04 - 2011-03-11 18:44 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys

2015-02-03 08:04 - 2011-03-11 18:44 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys

2015-02-03 08:04 - 2011-03-11 18:43 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys

2015-02-03 08:04 - 2011-03-11 18:43 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys

2015-02-03 08:04 - 2011-03-11 18:43 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys

2015-02-03 08:04 - 2011-03-11 18:39 - 01686016 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll

2015-02-03 08:04 - 2011-03-11 18:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe

2015-02-03 08:04 - 2011-03-11 17:08 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

2015-02-03 08:04 - 2011-02-19 18:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-02-03 08:04 - 2010-12-21 18:38 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll

2015-02-03 08:04 - 2010-12-21 18:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2015-02-03 08:04 - 2010-12-21 18:38 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll

2015-02-03 08:04 - 2010-12-21 18:38 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll

2015-02-03 08:04 - 2010-12-21 18:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll

2015-02-03 08:04 - 2010-12-21 18:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll

2015-02-03 08:04 - 2010-12-21 18:34 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2015-02-03 08:03 - 2014-09-15 13:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-03 08:03 - 2012-07-07 08:31 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys

2015-02-03 08:03 - 2011-04-23 08:36 - 00026496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2015-02-03 08:03 - 2011-03-25 16:06 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2015-02-03 08:03 - 2011-03-25 16:06 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2015-02-03 08:03 - 2011-03-25 16:06 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2015-02-03 08:03 - 2011-03-25 16:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2015-02-03 08:03 - 2011-03-25 16:06 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2015-02-03 08:03 - 2011-03-25 16:06 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2015-02-03 08:03 - 2011-03-25 16:06 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2015-02-03 08:03 - 2011-03-13 00:31 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll

2015-02-03 08:03 - 2011-02-24 18:32 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2015-02-03 08:03 - 2011-02-03 18:45 - 00219008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2015-02-03 08:03 - 2010-11-02 17:46 - 00728448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2015-02-03 08:03 - 2010-11-02 17:23 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2015-02-02 15:34 - 2015-02-02 15:34 - 00304352 _____ () C:\Users\Gerrard\Downloads\lotus 123 for vista_10924_i27253038_il345.exe

2015-02-02 15:31 - 2015-02-02 15:31 - 01005878 _____ () C:\Users\Gerrard\Downloads\LOTUS123.ZIP

2015-02-02 15:30 - 2015-02-02 15:30 - 01369036 _____ () C:\Users\Gerrard\Downloads\8086tiny_125.zip

2015-01-29 16:21 - 2015-01-29 16:21 - 00000052 _____ () C:\Users\Gerrard\Documents\Tech Trends.txt

2015-01-29 13:21 - 2015-01-29 13:21 - 04283816 _____ (Neowise Software ) C:\Users\Gerrard\Downloads\NeoDownloaderLiteSetup.exe

2015-01-29 08:34 - 2015-01-29 08:34 - 00001100 _____ () C:\Users\Gerrard\Desktop\Working Stuff.lnk

2015-01-29 08:34 - 2015-01-29 08:34 - 00001047 _____ () C:\Users\Gerrard\Desktop\Music Temp.lnk

2015-01-29 07:57 - 2015-02-03 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-01-28 14:51 - 2015-01-28 14:52 - 00509264 _____ (Microsoft Corporation) C:\Users\Gerrard\Downloads\winsdk_web.exe

2015-01-27 15:06 - 2015-02-18 13:15 - 00003828 _____ () C:\Windows\setupact.log

2015-01-27 15:06 - 2015-01-27 15:06 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-23 15:27 - 2015-01-23 15:27 - 00226501 _____ () C:\Users\Gerrard\Downloads\Credit-Card.zip

2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____H () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf

2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point32_01011.Wdf

2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center

2015-01-22 18:43 - 2012-07-26 16:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2015-01-22 18:43 - 2012-07-26 16:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys

2015-01-22 18:43 - 2012-07-26 15:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll

2015-01-22 18:43 - 2012-06-03 03:34 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2015-01-22 18:41 - 2015-01-22 18:42 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center

2015-01-21 13:14 - 2015-01-21 13:14 - 00008783 _____ () C:\Users\Gerrard\Documents\Frame Sizes.xlsx

2015-01-21 08:39 - 2015-01-21 08:39 - 00436504 _____ (IBM Corp.) C:\Users\Gerrard\Downloads\RapportSetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 14:53 - 2012-07-25 05:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-18 14:53 - 2010-03-04 00:30 - 00000000 ____D () C:\Users\Gerrard\Email

2015-02-18 13:54 - 2011-03-08 10:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-18 13:26 - 2009-07-14 17:34 - 00013424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-18 13:26 - 2009-07-14 17:34 - 00013424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-18 13:20 - 2010-03-02 07:21 - 01529977 _____ () C:\Windows\WindowsUpdate.log

2015-02-18 13:15 - 2011-03-08 10:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-18 13:15 - 2010-03-14 04:18 - 00000000 ____D () C:\Windows\Minidump

2015-02-18 13:15 - 2009-07-14 17:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-18 08:16 - 2014-12-19 14:49 - 00001384 _____ () C:\Users\Gerrard\Desktop\Horizon Systems.lnk

2015-02-17 14:46 - 2014-11-15 14:04 - 00001542 _____ () C:\Users\Gerrard\Desktop\Farmlands.lnk

2015-02-14 21:21 - 2009-07-14 15:37 - 00000000 ____D () C:\Windows\rescache

2015-02-14 18:01 - 2010-03-02 08:32 - 00782838 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-11 10:34 - 2010-03-02 09:07 - 00082914 _____ () C:\Windows\PFRO.log

2015-02-10 16:04 - 2012-09-30 07:26 - 00000000 ____D () C:\Temp

2015-02-10 15:52 - 2010-04-07 07:13 - 00000000 ____D () C:\Users\Gerrard\AppData\Local\Apps\2.0

2015-02-10 15:48 - 2012-01-23 06:28 - 00000000 ____D () C:\Users\Gerrard\Documents\Manuals

2015-02-10 07:45 - 2011-10-14 22:09 - 00000000 ____D () C:\Users\Gerrard\Documents\Working Stuff

2015-02-09 21:39 - 2010-03-03 08:17 - 00000000 ____D () C:\ProgramData\Roxio

2015-02-09 15:34 - 2012-04-27 00:49 - 00000000 ____D () C:\Program Files\MSECache

2015-02-09 14:15 - 2010-03-04 00:06 - 00000000 ____D () C:\Users\Gerrard\Documents\Lana

2015-02-05 10:53 - 2012-05-10 07:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-02-05 10:53 - 2011-05-17 20:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-02-04 09:34 - 2009-07-14 15:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2015-02-03 09:23 - 2010-03-04 00:12 - 00000000 ____D () C:\Users\Gerrard\Downloads\Downloads From Old Vista Drive

2015-02-03 09:09 - 2009-07-14 17:33 - 00486344 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-03 08:51 - 2010-03-02 12:14 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-03 08:40 - 2010-03-02 09:34 - 00130088 _____ () C:\Users\Gerrard\AppData\Local\GDIPFONTCACHEV1.DAT

2015-02-03 08:37 - 2009-07-14 15:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2015-01-29 07:56 - 2014-05-15 06:30 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2015-01-29 07:56 - 2010-03-02 12:14 - 00000000 ____D () C:\Program Files\Microsoft Office

2015-01-28 15:21 - 2009-07-14 17:52 - 00000000 ____D () C:\Program Files\MSBuild

2015-01-27 15:41 - 2011-03-30 11:25 - 00007597 _____ () C:\Users\Gerrard\AppData\Local\resmon.resmoncfg

2015-01-24 13:47 - 2012-10-14 11:07 - 00000000 ____D () C:\Users\Gerrard\AppData\Roaming\Audacity

2015-01-23 08:36 - 2012-06-06 03:27 - 00000000 ____D () C:\Users\Gerrard\Documents\Visual Studio 2010

2015-01-21 08:44 - 2013-08-16 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2015-01-20 14:40 - 2009-07-14 15:37 - 00000000 ____D () C:\Windows\registration

2015-01-20 11:34 - 2013-10-12 07:18 - 00000000 ____D () C:\Users\Gerrard\AppData\Local\Citrix

2015-01-20 11:34 - 2010-03-29 01:41 - 00000000 ____D () C:\Users\Gerrard\AppData\Roaming\Mozilla

2015-01-20 11:28 - 2013-10-12 07:20 - 00000000 ____D () C:\Users\Gerrard\AppData\Roaming\Juniper Networks

2015-01-20 08:45 - 2012-07-19 08:37 - 00000000 ____D () C:\ProgramData\Samsung

2015-01-20 08:35 - 2015-01-14 11:05 - 00000000 ____D () C:\Users\Gerrard\Documents\SelfMV

2015-01-20 08:06 - 2012-09-23 04:12 - 00000000 ____D () C:\Users\Gerrard\AppData\Roaming\Samsung

2015-01-20 08:05 - 2012-09-30 07:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2015-01-20 07:37 - 2010-03-02 09:08 - 00000000 ____D () C:\ProgramData\NVIDIA

==================== Files in the root of some directories =======

2013-04-25 09:28 - 2013-04-25 09:28 - 0183640 _____ () C:\Users\Gerrard\AppData\Local\ars.cache

2013-04-25 09:28 - 2013-04-25 09:28 - 0350314 _____ () C:\Users\Gerrard\AppData\Local\census.cache

2011-10-12 05:29 - 2014-09-18 22:14 - 0020480 _____ () C:\Users\Gerrard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-04-25 09:07 - 2013-04-25 09:07 - 0000036 _____ () C:\Users\Gerrard\AppData\Local\housecall.guid.cache

2011-03-30 11:25 - 2015-01-27 15:41 - 0007597 _____ () C:\Users\Gerrard\AppData\Local\resmon.resmoncfg

2010-04-06 08:51 - 2010-04-07 01:33 - 0000040 ___SH () C:\ProgramData\.zreglib

2010-03-03 04:56 - 2010-03-03 08:00 - 0000832 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:

====================

C:\Users\Gerrard\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-14 21:03

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015

Ran by Gerrard at 2015-02-18 14:53:50

Running from C:\Users\Gerrard\Desktop\Fix

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden

3GP to MP3 Converter (HKLM\...\3GP to MP3 Converter_is1) (Version: - Shiver)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)

Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden

Acronis True Image Home (HKLM\...\{E5343B27-55DF-40BD-9FCF-A643C1331E8A}) (Version: 11.0.8022 - Acronis)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Photoshop Elements 2.0 (HKLM\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)

Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden

Amazon MP3 Downloader 1.0.9 (HKLM\...\Amazon MP3 Downloader) (Version: - )

Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)

Amazon Music Importer (Version: 2.1.0 - Amazon Services LLC) Hidden

AnyDVD (HKLM\...\AnyDVD) (Version: 6.7.8.0 - SlySoft)

AnyRail5EN (HKLM\...\{E87E2DE8-29B8-44B2-85EB-CB0209D0F044}) (Version: 5.5.5 - DRail Modelspoor Software)

A-PDF Restrictions Remover 1.6 (HKLM\...\A-PDF Restrictions Remover_is1) (Version: - A-PDF Solution)

Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)

Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber)

Audiograbber MP3 Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden

C7200 (Version: 130.0.365.000 - Hewlett-Packard) Hidden

C7200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden

Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden

Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Data Lifeguard Diagnostic for Windows (HKLM\...\{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}) (Version: 1.17 - Western Digital Corporation)

Dell System Detect (HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)

Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden

Digital Photography Winter Fun Pack (HKLM\...\{347D1603-FA83-4B2C-B504-8BC1FF59DB50}) (Version: 1.0.0 - <no manufacturer>)

DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)

DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden

Dropbox (HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\...\Dropbox) (Version: 1.6.18 - Dropbox, Inc.)

Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden

Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 2.10 - Philipp Winterberg)

Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden

Handbrake 0.9.4 (HKLM\...\Handbrake) (Version: 0.9.4 - )

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)

HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)

HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden

hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden

HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden

HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden

iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)

Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)

JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )

Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )

McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)

MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft AutoRoute v11.0 (HKLM\...\{8704D51E-25B7-4F23-81E7-AA4F54790220}) (Version: 11.00.18.1900 - Microsoft Corporation)

Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)

Microsoft Lync Basic 2013 (HKLM\...\Office15.LYNCENTRY) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)

Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)

Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft SharedView (HKLM\...\{190297F8-14EC-4ECA-BFAC-72843DBFB382}) (Version: 8.0.5725.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)

Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual Basic 2010 Express - ENU (HKLM\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)

Mihov Picture Downloader 1.5 (remove only) (HKLM\...\Mihov Picture Downloader) (Version: - )

Mp3tag v2.50 (HKLM\...\Mp3tag) (Version: v2.50 - Florian Heidenreich)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

MyFreeCodec (HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\...\MyFreeCodec) (Version: - )

Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden

Nokia PC Suite 4.88 (HKLM\...\{BCB8B85E-E28A-424F-AE81-A7553DAA32A4}) (Version: - )

NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)

NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)

NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)

NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)

OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)

PS_AIO_02_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden

PS_AIO_02_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden

PS_AIO_02_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden

QuickSet (HKLM\...\{7F0C4457-8E64-491B-8D7B-991504365D1E}) (Version: 8.0.11 - Dell Inc.)

QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)

Radio Downloader (HKLM\...\{DFC9529D-50DB-431F-BDFE-961AA30B17EE}) (Version: 0.24.2.0 - NerdoftheHerd.com)

Rapport (Version: 3.5.1404.61 - Trusteer) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 15.0) (Version: - RealNetworks)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recuva (HKLM\...\Recuva) (Version: 1.37 - Piriform)

RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)

Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)

Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)

Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)

Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)

Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)

Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)

Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)

Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.)

Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)

Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden

Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)

Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)

Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden

Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-012D-0000-0000-0000000FF1CE}_Office15.LYNCENTRY_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)

Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden

SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)

Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden

Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden

Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )

Spotify (HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)

Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden

TomTom HOME (HKLM\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.3 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden

Total Recorder 8.5 Standard Edition (HKLM\...\TotalRecorder) (Version: - )

TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden

Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)

UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)

WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden

WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)

Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.7.5 - Shark007)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gerrard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Gerrard\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe N (the data entry has 6 more characters).

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gerrard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gerrard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gerrard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gerrard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1005_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Citrix\ICA Client\Wfica.ocx No File

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1005_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\Citrix\ICA Client\Wfica.ocx No File

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1005_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\UpdatusUser\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.e (the data entry has 10 more characters).

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File

CustomCLSID: HKU\S-1-5-21-1696010641-1652278836-1394396144-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File

==================== Restore Points =========================

22-01-2015 18:41:08 DCInstallRestorePoint

29-01-2015 07:51:20 Installed Microsoft Lync Basic 2013

29-01-2015 07:52:15 LYNCENTRY

29-01-2015 08:17:53 Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

03-02-2015 08:19:58 Windows Update

10-02-2015 07:47:40 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 15:04 - 2014-07-08 11:20 - 00001206 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.livejasmin.com

127.0.0.1 creatives.livejasmin.com

127.0.0.1 www.streamate.com

127.0.0.1 www.partypoker.com

127.0.0.1 cdn.nsimg.net

127.0.0.1 banners.adultfriendfinder.com

127.0.0.1 go.urlcash.net

127.0.0.1 live-cams-1.livejasmin.com

127.0.0.1 pu.plugrush.com

127.0.0.1 syndication.exoclick.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18F52E63-10BD-414F-A558-BEEF4E5A2557} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe

Task: {2026C154-93A2-480E-939B-D72F15346EA7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {5EE665B7-A55B-46BB-B183-AA6645F7777C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {6E0617FA-3EC2-4B5B-82A7-F60007BF758E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {75111F5F-341D-4885-9118-20DDE7E96FED} - System32\Tasks\{25350066-26A8-43C0-9F43-5C47417452D3} => pcalua.exe -a C:\Users\Gerrard\Downloads\winsdk_web.exe -d C:\Users\Gerrard\Downloads

Task: {A3720439-4A37-4B6A-8F22-2F4C5D391FB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

Task: {AC2109D0-DB85-4C58-B0FF-A6AA13A1355F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {C9BA531B-1C31-4BAB-9A46-9ECD6A8C170A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {D35A8E84-B470-4AF1-90B0-5E8C68C4B557} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {DFF10C04-60FA-41DD-8E8C-7DD19BFE8B25} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1696010641-1652278836-1394396144-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-09] (RealNetworks, Inc.)

Task: {E6041930-4859-4FD0-85E1-F0CE2966845D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-11] (PC-Doctor, Inc.)

Task: {EEF7FDBB-265F-4BA4-BACD-D1D9F037DC9A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1696010641-1652278836-1394396144-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-09] (RealNetworks, Inc.)

Task: {F4DEB516-D948-4931-9272-2A270B4262E9} - System32\Tasks\{1BE77BF5-E0CC-4EDB-B44E-FEA2CF5C0F90} => Iexplore.exe http://ui.skype.com/ui/0/5.8.0.156.259/en/abandoninstall?page=tsMain

Task: {F51FC3A8-6902-4808-BD29-AC68B6764CE5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-01 00:16 - 2014-08-01 00:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-08-01 00:16 - 2014-08-01 00:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-01-05 22:08 - 2013-08-30 12:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll

2010-03-03 08:19 - 2006-10-27 05:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL

2007-02-21 02:01 - 2007-02-21 02:01 - 00105184 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll

2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll

2010-03-03 04:44 - 2006-11-13 23:07 - 00066560 ____N () C:\Windows\system32\CmdRtr.dll

2010-03-03 04:44 - 2006-11-21 02:29 - 00101376 ____N () C:\Windows\system32\APOMngr.dll

2015-02-08 20:59 - 2015-02-04 22:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll

2015-02-08 20:59 - 2015-02-04 22:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll

2015-02-08 20:59 - 2015-02-04 22:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll

2009-02-27 02:46 - 2009-02-27 02:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

2014-11-12 17:17 - 2014-11-12 17:17 - 01754296 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll

2011-06-23 00:46 - 2011-06-23 00:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

2013-07-11 06:07 - 2013-07-11 06:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Gerrard\Nokia Backup:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Downloads\DVD Ripping:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\AnyDVDHD:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\AnyDVD_logs:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\Bluetooth Exchange Folder:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\Dell Webcam Center:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\Gerrard Burras - Happy Birthday Lana.wma:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\Lana:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\My Google Gadgets:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\My Greeting Card Templates:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\My Scans:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\My Shapes:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\OneNote Notebooks:Roxio EMC Stream

AlternateDataStreams: C:\Users\Gerrard\Documents\TomTom:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1696010641-1652278836-1394396144-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gerrard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 10.1.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Gerrard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Gerrard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AnyDVD => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run

MSCONFIG\startupreg: Nokia Tray Application => C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe

MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

MSCONFIG\startupreg: SigmatelSysTrayApp => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot

MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1696010641-1652278836-1394396144-500 - Administrator - Disabled)

Gerrard (S-1-5-21-1696010641-1652278836-1394396144-1001 - Administrator - Enabled) => C:\Users\Gerrard

Guest (S-1-5-21-1696010641-1652278836-1394396144-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1696010641-1652278836-1394396144-1002 - Limited - Enabled)

UpdatusUser (S-1-5-21-1696010641-1652278836-1394396144-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Photosmart C7200 series

Description: Photosmart C7200 series

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: HP

Service: StillCam

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C7200 series

Description: Photosmart C7200 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (02/17/2015 08:45:48 AM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={8EFF032A-6526-4DBB-BB5D-74887E4C7FA2}: The user Gerrard-PC\Gerrard dialed a connection named CRT VPN which has failed. The error code returned on failure is 691.

Error: (02/16/2015 04:21:26 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={18FBD945-363B-4A67-AE28-A4FC8E6D30C3}: The user Gerrard-PC\Gerrard dialed a connection named CRT VPN which has failed. The error code returned on failure is 0.

Error: (02/16/2015 04:20:44 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={193E33CB-DBFE-4628-9116-6E96455D8E8D}: The user Gerrard-PC\Gerrard dialed a connection named CRT VPN which has failed. The error code returned on failure is 691.

Error: (02/16/2015 01:03:54 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={52A21EB0-20CD-4CBE-8C02-B625124C0493}: The user Gerrard-PC\Gerrard dialed a connection named CRT VPN which has failed. The error code returned on failure is 0.

Error: (02/16/2015 07:50:09 AM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/16/2015 07:47:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 120852087

Error: (02/16/2015 07:47:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 120852087

Error: (02/16/2015 07:47:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/14/2015 10:13:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 17145

Error: (02/14/2015 10:13:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 17145

System errors:

=============

Error: (02/18/2015 01:18:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (02/18/2015 01:15:18 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: 0x00000019 (0x00000020, 0x88fd0090, 0x88fd00a0, 0x0802000b)C:\Windows\Minidump\021815-28704-01.dmp021815-28704-01

Error: (02/18/2015 01:15:16 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 12:40:20 on ‎18/‎02/‎2015 was unexpected.

Error: (02/18/2015 10:26:09 AM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{8967732C-A582-4E5B-8C1D-D84B49F8178D} because another computer on the network has the same name. The server could not start.

Error: (02/18/2015 10:25:44 AM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{8967732C-A582-4E5B-8C1D-D84B49F8178D} because another computer on the network has the same name. The server could not start.

Error: (02/17/2015 09:50:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (02/17/2015 09:50:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (02/17/2015 09:50:22 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

Error: (02/17/2015 09:43:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (02/17/2015 09:43:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Microsoft Office Sessions:

=========================

Error: (01/13/2015 00:57:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3781 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/08/2013 09:16:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5589 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/30/2013 08:15:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1351 seconds with 540 seconds of active time. This session ended with a crash.

Error: (02/17/2013 03:37:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/17/2013 03:33:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/17/2013 03:32:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2840 seconds with 300 seconds of active time. This session ended with a crash.

Error: (02/19/2011 06:10:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8305 seconds with 180 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2012-12-15 03:32:07.367

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\McAfee\Temp\qxzA278\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-15 03:32:07.361

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\McAfee\Temp\qxzA278\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-15 03:32:07.358

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\McAfee\Temp\qxzA278\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-08-29 13:06:09.136

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-08-29 13:06:09.136

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-08-29 13:06:09.120

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T7700 @ 2.40GHz

Percentage of memory in use: 59%

Total physical RAM: 3582.04 MB

Available physical RAM: 1434.84 MB

Total Pagefile: 7162.36 MB

Available Pagefile: 4553.71 MB

Total Virtual: 2047.88 MB

Available Virtual: 1893.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:250 GB) (Free:31.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Data) (Fixed) (Total:213.7 GB) (Free:27.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000080)

Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)

Partition 2: (Active) - (Size=250 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=215.7 GB) - (Type=OF Extended)

==================== End Of Log ============================

Any help would be much appreciated. Thanks!

Gerrard.

TwinHeadedEagle · February 18, 2015

Hello,

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

Before we start please read and note the following:

We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Download

Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Gerrard · February 18, 2015

Hi TwinHeadedEagle - Thanks for your help.

I've run the anti-rootkit and nothing was found. The output is attached, as is the output from the second run of Farbar.

Thanks.

Gerrard.

Addition.txt

FRST.txt

mbar-log-2015-02-18 (18-28-02).txt

system-log.txt

TwinHeadedEagle · February 18, 2015

Logs appear clean to me. Let's see more information about BSOD.

Please download WhoCrashed
Install and run the program.
Click on Analyze and wait until it finish.
Right click into empty windows space, Select All and then Copy
Paste here whole content.

Gerrard · February 18, 2015

Hi TiwnHeadedEagle - Here's the output from WhoCrashed:

Welcome to WhoCrashed (HOME EDITION) v 5.03

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. It will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...

Home Edition Notice

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which allows you to perform more thorough and detailed analysis. It also offers a range of additional features such as remote analysis on remote directories and remote computers on the network.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.

System Information (local)

computer name: GERRARD-PC
windows version: Windows 7 , 6.1, build: 7600
windows dir: C:\Windows
Hardware: Inspiron 1520 , Dell Inc., 0KY768
CPU: GenuineIntel Intel® Core2 Duo CPU T7700 @ 2.40GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 3756044288 total

Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Tue 17/02/2015 23:41:19 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021815-28704-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF88FD0090, 0xFFFFFFFF88FD00A0, 0x802000B)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 17/02/2015 00:42:10 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021715-25989-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8C34CBE0, 0xFFFFFFFF8C34CBF0, 0x8020009)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 17/02/2015 00:14:31 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021715-25662-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8696D7E0, 0xFFFFFFFF8696D7F0, 0x8020009)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 10/02/2015 21:33:47 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021115-22354-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8C248D38, 0xFFFFFFFF8C248D48, 0x8020019)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 10/02/2015 02:13:22 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021015-22183-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8BB2DD48, 0xFFFFFFFF8BB2DD58, 0x8020030)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 10/02/2015 02:04:57 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021015-24273-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF87A64078, 0xFFFFFFFF87A64088, 0x8020009)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Wed 04/02/2015 02:30:39 GMT your computer crashed
crash dump file: C:\Windows\Minidump\020415-22370-01.dmp
This was probably caused by the following module: rapportcerberus32_80120.sys (RapportCerberus32_80120+0x4333B)
Bugcheck code: 0xF4 (0x3, 0xFFFFFFFF8B4A7920, 0xFFFFFFFF8B4A7A8C, 0xFFFFFFFF83A332A0)
Error: CRITICAL_OBJECT_TERMINATION
file path: C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys
product: Rapport
company: IBM Corp.
description: RapportCerberus
Bug check description: This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: rapportcerberus32_80120.sys (RapportCerberus, IBM Corp.).
Google query: IBM Corp. CRITICAL_OBJECT_TERMINATION

Conclusion

7 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

rapportcerberus32_80120.sys (RapportCerberus, IBM Corp.)
mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Thanks,

Gerrard.

TwinHeadedEagle · February 18, 2015

Hm, it seems that MalwareBytes is producing these errors. Let's try to reinstall it:

Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool.
It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

Install the progam and select update.
Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Gerrard · February 18, 2015

Hi,

Before I initially opened this topic on the 'Malwarebytes Anti-Malware Help forum' (see first post above), I had read the standard advice and carried out the Clean / Re-Install procedure in full. However doesn't seem to have helped as I'm still getting BSODs.

This was done only on Feb 11th. Do you need me to repeat the procedure?

Thanks,

Gerrard.

TwinHeadedEagle · February 18, 2015

Yes, I would like you to try this again.

Gerrard · February 19, 2015

Hi,

I've rerun the mbam-clean and re-installed as requested. Just after I activated it with my license key I launched Chrome to post an update here and as it was launching I got a BSOD again, BAD_POOL_HEADER.

Here's the Whocrashed output:

Welcome to WhoCrashed (HOME EDITION) v 5.03

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. It will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...

Home Edition Notice

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which allows you to perform more thorough and detailed analysis. It also offers a range of additional features such as remote analysis on remote directories and remote computers on the network.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.

System Information (local)

computer name: GERRARD-PC
windows version: Windows 7 , 6.1, build: 7600
windows dir: C:\Windows
Hardware: Inspiron 1520 , Dell Inc., 0KY768
CPU: GenuineIntel Intel® Core2 Duo CPU T7700 @ 2.40GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 3756044288 total

Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Thu 19/02/2015 00:24:04 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021915-30482-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8BACE630, 0xFFFFFFFF8BACE640, 0x8020008)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 17/02/2015 23:41:19 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021815-28704-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF88FD0090, 0xFFFFFFFF88FD00A0, 0x802000B)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 17/02/2015 00:42:10 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021715-25989-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8C34CBE0, 0xFFFFFFFF8C34CBF0, 0x8020009)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 17/02/2015 00:14:31 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021715-25662-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8696D7E0, 0xFFFFFFFF8696D7F0, 0x8020009)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 10/02/2015 21:33:47 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021115-22354-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8C248D38, 0xFFFFFFFF8C248D48, 0x8020019)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 10/02/2015 02:13:22 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021015-22183-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8BB2DD48, 0xFFFFFFFF8BB2DD58, 0x8020030)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Tue 10/02/2015 02:04:57 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021015-24273-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF87A64078, 0xFFFFFFFF87A64088, 0x8020009)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

On Wed 04/02/2015 02:30:39 GMT your computer crashed
crash dump file: C:\Windows\Minidump\020415-22370-01.dmp
This was probably caused by the following module: rapportcerberus32_80120.sys (RapportCerberus32_80120+0x4333B)
Bugcheck code: 0xF4 (0x3, 0xFFFFFFFF8B4A7920, 0xFFFFFFFF8B4A7A8C, 0xFFFFFFFF83A332A0)
Error: CRITICAL_OBJECT_TERMINATION
file path: C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys
product: Rapport
company: IBM Corp.
description: RapportCerberus
Bug check description: This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: rapportcerberus32_80120.sys (RapportCerberus, IBM Corp.).
Google query: IBM Corp. CRITICAL_OBJECT_TERMINATION

Conclusion

8 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

rapportcerberus32_80120.sys (RapportCerberus, IBM Corp.)
mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Thanks,

Gerrard.

Gerrard · February 19, 2015

Hi - I was just opening an Excel spreadsheet when I got another BSOD - BAD_POOL_HEADER

Here's the WhoCrashed output (just for this event):

Welcome to WhoCrashed (HOME EDITION) v 5.03

System Information (local)

computer name: GERRARD-PC
windows version: Windows 7 , 6.1, build: 7600
windows dir: C:\Windows
Hardware: Inspiron 1520 , Dell Inc., 0KY768
CPU: GenuineIntel Intel® Core2 Duo CPU T7700 @ 2.40GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 3756044288 total

Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Thu 19/02/2015 01:42:09 GMT your computer crashed
crash dump file: C:\Windows\Minidump\021915-23727-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF86AB7B20, 0xFFFFFFFF86AB7B30, 0x8020009)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

AdvancedSetup · February 19, 2015

Hello there. I've been asked to step in and assist here. Let's actually do some basic clean up and see how it goes.

First click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" then type in the following.

CHKDSK C: /R

It will prompt that it cannot lock the drive and ask if you want to run after a restart. Press the Y key and then the Enter key. Then restart the computer and let it run. It can take from 10 minutes to many hours to run depending on the speed of your computer and how many files you have on it.

Then post back the results of the disk check.

On Windows 7 the disk check log is in the Event Logs under Application with a heading source of Wininit

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

Gerrard · February 19, 2015

Hi - Thanks for getting involved. Here's the output from CHKDSK:

Checking file system on C:

The type of the file system is NTFS.

A disk check has been scheduled.

Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...

271360 file records processed. File verification completed.

1902 large file records processed. 0 bad file records processed. 0 EA records processed. 76 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...

327862 index entries processed. Index verification completed.

0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...

271360 file SDs/SIDs processed. Cleaning up 41 unused index entries from index $SII of file 0x9.

Cleaning up 41 unused index entries from index $SDH of file 0x9.

Cleaning up 41 unused security descriptors.

Security descriptor verification completed.

28252 data files processed. CHKDSK is verifying Usn Journal...

34991584 USN bytes processed. Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

271344 files processed. File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

10582675 free clusters processed. Free space verification is complete.

CHKDSK discovered free space marked as allocated in the

master file table (MFT) bitmap.

Windows has made corrections to the file system.

262148669 KB total disk space.

219292604 KB in 234178 files.

142828 KB in 28253 indexes.

0 KB in bad sectors.

382537 KB in use by the system.

65536 KB occupied by the log file.

42330700 KB available on disk.

4096 bytes in each allocation unit.

65537167 total allocation units on disk.

10582675 allocation units available on disk.

Internal Info:

00 24 04 00 31 fe 03 00 9d 41 07 00 00 00 00 00 .$..1....A......

a6 55 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 .U..L...........

38 91 3d 00 50 01 3c 00 60 1e 3c 00 00 00 3c 00 8.=.P.<.`.<...<.

Windows has finished checking your disk.

Please wait while your computer restarts.

Thanks,

Gerrard.

Gerrard · February 20, 2015

Hi - Another BSOD (BAD_POOL_HEADER). Happened whilst I was away from my PC.

WhoCrashed output:

On Fri 20/02/2015 02:21:24 GMT your computer crashed
crash dump file: C:\Windows\Minidump\022015-21309-01.dmp
This was probably caused by the following module: mwac.sys (mwac+0x5503)
Bugcheck code: 0x19 (0x20, 0xFFFFFFFF8C7B41C0, 0xFFFFFFFF8C7B41D0, 0x802000A)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER

Thanks,

Gerrard.

AdvancedSetup · February 20, 2015

Please zip and upload the following dump file.

C:\Windows\Minidump\022015-21309-01.dmp

You can click on the "More Reply Options" button and then you'll see the buttons to attach the file.

Then let me have you run the following.

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Gerrard · February 22, 2015

Hi - Attached is the dump file you requested.

I'll run ComboFix and post the results here.

Thanks.

022015-21309-01.zip

Gerrard · February 22, 2015

Hi - And attached is the ComboFix log.

Thanks,

Gerrard.

ComboFix Log.txt

AdvancedSetup · February 22, 2015

Can you temporarily uninstall McAffe (make sure you have a link for your registration and the installer to reinstall) and temporarily install Microsoft Security Essentials so that you have an antivirus while we continue to look at this.

http://windows.microsoft.com/en-us/windows/security-essentials-download

Once that's done then restart the computer one more time and run the following.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Gerrard · February 23, 2015

Hi - McAfee uninstalled and MS Security Essentials installed.

Did you mean to start at Step 4?

I've attached the logs as there's several.

Thanks,

Gerrard.

AdvancedSetup · February 24, 2015

Let me have you run the following please.

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Gerrard · February 24, 2015

Hi,

Attached is the ComboFix log.

Thanks,

Gerrard.

ComboFix Log.txt

AdvancedSetup · February 24, 2015

Please read the following article cocerning the use of MSCONFIG. Then run MSCONFIG and set it back to NORMAL and restart the computer.
Msconfig Is Not A Startup Manager

Next,

Please download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

Next,

Please let me know what issues you're currently still having or seeing.

Gerrard · February 26, 2015

Hi - Sorry, I'm away on business but will reply Friday evening NZ time. Thanks.

AdvancedSetup · February 26, 2015

Okay, thanks for the update

Gerrard · February 28, 2015

Hi,

OK, I've run MSCONFIG and restored the entries. I've also installed Autoruns for Windows to disable things I only occasionally need.

Output from SecurityCheck:

Results of screen317's Security Check version 0.99.97

Windows 7 x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

JavaFX 2.1.1

Java 7 Update 55

Java version 32-bit out of Date!

Java 64-bit 8 Update 31

Adobe Reader XI

Google Chrome (40.0.2214.111)

Google Chrome (40.0.2214.115)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

As regards how it's running - The system seems to be running fine with no problems and I've not had a BSOD since 20th Feb.

Thanks,

Gerrard.

AdvancedSetup · February 28, 2015

Well the logs show you have old known compromised Java. I would highly recommend that you uninstall ALL Java and if possible do without Java. If you're sure you need it then keep it up to date at all times.

The log also shows that you do not have Service Pack 1 installed on the OS and thus also missing a lot of other security updates. I would highly recommend you run Windows Update from the Control Panel under System and Security and get Service Pack 1 (it will take a long time to install so give yourself time to run it, no matter what you do and no matter how long its taking to update do not power off the computer as that could break it and prevent it from starting again). Create a new System Restore point before doing the updates. Then keep going back and checking for new or updated critical updates and apply all of them.

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

Download Delfix from here and save it to your desktop. (you may already have this)

Ensure Remove disinfection tools is checked.
Click the Run button.
Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Possible Malware - BSODs Caused By BAD_POOL_HEADER

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information