Jump to content

Malware on my computer or browser

krome

By krome
in Resolved Malware Removal Logs

 Share

Recommended Posts

krome

krome

Posted
Posted

Hello,

 

Having a typical malware issue on a computer i'm working on. Pop-up messages and programs known to be malware are on as well. Here are the FRBR scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by UPS (administrator) on ADMINISTRATOR (31-07-2015 10:41:57)
Running from C:\Users\UPS\Downloads
Loaded Profiles: UPS (Available Profiles: UPS)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(United Parcel Service, Inc.) C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
() C:\ProgramData\BwOqMYgt\aLqLxXDoka.exe
() C:\Program Files\WebBar\2.0.5675.22923\wb.exe
() C:\Users\UPS\AppData\Local\Temp\isdkW637awCZ\ISightHost.exe
(Boost Shopping) C:\Program Files (x86)\Boost\Boost.exe
() C:\ProgramData\Ofamvnuxsede\1.0.4.1\eifomtro.exe
() C:\ProgramData\Ofamvnuxsede\1.0.4.1\eifomtro.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637720 2014-09-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NA1Messenger] => C:\PROGRAM FILES (X86)\UPS\WSTD\UPSNA1Msgr.exe [30880 2015-06-30] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4074826810-2263066827-430345764-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-07-30] (Lavasoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2015-07-30]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2015-07-30]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (UPS)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4074826810-2263066827-430345764-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4074826810-2263066827-430345764-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {FED67A7E-BD5E-403B-9914-623F005ED648} URL =
SearchScopes: HKU\S-1-5-21-4074826810-2263066827-430345764-1000 -> DefaultScope {FED67A7E-BD5E-403B-9914-623F005ED648} URL =
SearchScopes: HKU\S-1-5-21-4074826810-2263066827-430345764-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-30] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-30] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-30] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-30] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-30] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-30] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-30] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-30] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-30] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-30] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{88463CFD-0F3A-4B71-AF4C-BC470DBCD2CE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\UPS\AppData\Roaming\Mozilla\Firefox\Profiles\nnqxdxfz.default
FF DefaultSearchEngine: Search Provided by Yahoo
FF SelectedSearchEngine: Bing
FF Homepage: https://www.malwarebytes.org/restorebrowser/_suma_15_31&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BtDzztA0F0E0A0B0D0A0F0EzyyCyDyEtN0D0Tzu0StCtAtDyCtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCzztA0B0EyC0DtGyD0F0BzytG0FtA0F0EtGyE0BtD0FtGtAtBzy0ByEtByEyEyC0DtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyBzytDyDtBtBtGzy0D0E0BtGyEzztBzytG0A0DzyyEtG0BtC0AzzyByC0Dzz0B0F0Fzz2QtN0A0LzuyE%26cr%3D1361562281%26a%3Dwncy_suma_15_31%26os%3DWindows%2B7%2BProfessional
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-07-30] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSSQL$UPSWSDBSERVER; c:\PROGRAM FILES (X86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [13312 2015-07-30] () [File not signed]
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2020240 2015-01-23] (SoftThinks SAS)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [165112 2015-07-30] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-05-26] (Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2638808 2014-10-15] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
U0 pxchw; C:\Windows\System32\drivers\dyraa.sys [79064 2015-07-31] (Malwarebytes Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 10:41 - 2015-07-31 10:42 - 00014785 _____ C:\Users\UPS\Downloads\FRST.txt
2015-07-31 10:41 - 2015-07-31 10:41 - 00000000 ____D C:\FRST
2015-07-31 10:40 - 2015-07-31 10:40 - 02168832 _____ (Farbar) C:\Users\UPS\Downloads\FRST64.exe
2015-07-31 10:38 - 2015-07-31 10:40 - 00000000 ____D C:\Users\UPS\AppData\Local\CouponAlert
2015-07-31 10:38 - 2015-07-31 10:38 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\dyraa.sys
2015-07-31 10:37 - 2015-07-31 10:37 - 00085646 _____ C:\Users\UPS\Desktop\mbam.txt
2015-07-31 10:37 - 2015-07-31 10:37 - 00002207 _____ C:\Users\Public\Desktop\DWG TrueView 2016 - English.lnk
2015-07-31 10:37 - 2015-07-31 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-07-31 10:36 - 2015-07-31 10:36 - 00000000 ____D C:\Users\UPS\AppData\Local\Autodesk
2015-07-31 10:36 - 2015-07-31 10:36 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2015-07-31 10:36 - 2015-07-31 10:36 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-07-31 10:36 - 2015-07-31 10:36 - 00000000 ____D C:\Program Files\Autodesk
2015-07-31 10:35 - 2015-07-31 10:35 - 00000668 _____ C:\Windows\DirectX.log
2015-07-31 10:35 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-07-31 10:35 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-07-31 10:35 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-07-31 10:35 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-07-31 10:35 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-07-31 10:35 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-07-31 10:35 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-07-31 10:35 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-07-31 10:35 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-07-31 10:35 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-07-31 10:35 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-07-31 10:35 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-07-31 10:35 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-07-31 10:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-07-31 10:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-07-31 10:34 - 2015-07-31 10:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-31 10:30 - 2015-07-31 10:37 - 00000000 ____D C:\Users\UPS\AppData\Roaming\Autodesk
2015-07-31 10:30 - 2015-07-31 10:36 - 00000000 ____D C:\ProgramData\Autodesk
2015-07-31 10:28 - 2015-07-31 10:29 - 00000000 ____D C:\Autodesk
2015-07-31 10:25 - 2015-07-31 10:25 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-31 10:25 - 2015-07-31 10:25 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-31 10:25 - 2015-07-31 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-31 10:25 - 2015-07-31 10:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-31 10:25 - 2015-07-31 10:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-31 10:25 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-31 10:25 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-31 10:25 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-31 10:24 - 2015-07-31 10:24 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\UPS\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-31 10:23 - 2015-07-31 10:25 - 492486704 _____ (Autodesk, Inc.) C:\Users\UPS\Downloads\SetupDWGTrueView2016_ENU_64bit.sfx.exe
2015-07-31 08:17 - 2015-07-31 10:38 - 00000000 ____D C:\ProgramData\Browser
2015-07-30 13:27 - 2015-07-30 13:27 - 00000000 ____D C:\Windows\LD620D
2015-07-30 13:27 - 2012-08-23 00:52 - 00202240 _____ (Oki Data Corporation) C:\Windows\system32\OKINLM64.dll
2015-07-30 13:24 - 2015-07-30 13:24 - 00000042 _____ C:\Users\UPS\AppData\Roaming\WB.CFG
2015-07-30 13:15 - 2015-07-30 13:15 - 00000000 ____D C:\ProgramData\OPLW
2015-07-30 13:13 - 2007-03-14 12:59 - 00039936 _____ (Oki Data Corporation) C:\Windows\system32\OPEXTUAC.DLL
2015-07-30 13:13 - 2006-12-07 07:34 - 00049664 _____ (Oki Data Corporation) C:\Windows\system32\OPUSBEXT.DLL
2015-07-30 13:13 - 2006-11-29 08:47 - 00029184 _____ (Oki Data Corporation) C:\Windows\system32\OKLMON64.DLL
2015-07-30 12:36 - 2015-07-30 12:36 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-07-30 12:36 - 2015-07-30 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-07-30 12:36 - 2015-07-30 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-07-30 12:36 - 2015-07-30 12:36 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-07-30 12:35 - 2015-07-30 12:35 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2015-07-30 12:35 - 2015-07-30 12:35 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2015-07-30 12:35 - 2015-07-30 12:35 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-07-30 12:33 - 2015-07-30 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-07-30 12:32 - 2015-07-30 12:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-30 12:32 - 2015-07-30 12:35 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-30 12:32 - 2015-07-30 12:32 - 00000000 __RHD C:\MSOCache
2015-07-30 12:32 - 2015-07-30 12:32 - 00000000 ____D C:\Users\UPS\AppData\Local\Microsoft Help
2015-07-30 12:32 - 2015-07-30 12:32 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-07-30 12:27 - 2015-07-30 12:28 - 00000000 ____D C:\Users\UPS\Downloads\DVD_Office_Professional_2010_64Bit
2015-07-30 12:27 - 2015-07-30 12:27 - 00000000 ____D C:\Users\UPS\AppData\Roaming\WinRAR
2015-07-30 12:26 - 2015-07-30 12:26 - 00000000 ____D C:\Users\UPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-30 12:26 - 2015-07-30 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-30 12:26 - 2015-07-30 12:26 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-07-30 12:25 - 2015-07-31 10:38 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2015-07-30 12:25 - 2015-07-30 12:25 - 00001964 _____ C:\Users\UPS\Desktop\Chromium.lnk
2015-07-30 12:24 - 2015-07-31 10:24 - 00000262 _____ C:\Windows\Tasks\UpdateTask.job
2015-07-30 12:24 - 2015-07-30 13:24 - 00000000 ____D C:\Users\UPS\AppData\Local\{CFF9F9A5-EB51-951D-86C9-B0F5A2A14C6D}
2015-07-30 12:24 - 2015-07-30 12:25 - 00000000 ____D C:\Users\UPS\AppData\Local\Chromium
2015-07-30 12:24 - 2015-07-30 12:24 - 00003208 _____ C:\Windows\System32\Tasks\UpdateTask
2015-07-30 12:24 - 2015-07-30 12:24 - 00000000 ____D C:\ProgramData\Unchecky
2015-07-30 12:24 - 2015-07-30 12:24 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-07-30 12:24 - 2015-07-30 12:23 - 01756320 _____ C:\Users\UPS\Downloads\WinRAR_Setup [1].exe
2015-07-30 12:00 - 2015-07-30 12:15 - 850198528 _____ C:\Users\UPS\Downloads\DVD_Office_Professional_2010_64Bit.iso
2015-07-30 11:00 - 2015-07-31 08:17 - 00003450 _____ C:\Windows\System32\Tasks\Ofamvnuxsede
2015-07-30 10:59 - 2015-07-31 10:38 - 00000000 ____D C:\ProgramData\Ofamvnuxsede
2015-07-30 10:58 - 2015-07-30 10:58 - 00000000 ____D C:\Users\UPS\AppData\Local\Adobe
2015-07-30 10:55 - 2015-07-31 10:38 - 00000000 ____D C:\Users\UPS\AppData\Local\WebBar
2015-07-30 10:55 - 2015-07-31 10:38 - 00000000 ____D C:\Program Files\WebBar
2015-07-30 10:55 - 2015-07-31 10:38 - 00000000 ____D C:\Program Files (x86)\Boost
2015-07-30 10:55 - 2015-07-30 10:55 - 00000000 ____D C:\Users\UPS\AppData\Local\CrashDumps
2015-07-30 10:55 - 2015-07-30 10:55 - 00000000 ____D C:\Users\UPS\AppData\Local\Boost
2015-07-30 10:54 - 2015-07-31 10:38 - 00000000 ____D C:\ProgramData\BwOqMYgt
2015-07-30 10:54 - 2015-07-30 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-30 10:54 - 2015-07-30 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-30 10:54 - 2015-07-30 12:24 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-30 10:54 - 2015-07-30 10:54 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-30 10:54 - 2015-07-30 10:54 - 00000000 ____D C:\Users\UPS\AppData\Roaming\Mozilla
2015-07-30 10:54 - 2015-07-30 10:54 - 00000000 ____D C:\Users\UPS\AppData\Local\Mozilla
2015-07-30 10:54 - 2015-07-30 10:54 - 00000000 ____D C:\Users\UPS\AppData\Local\Lavasoft
2015-07-30 10:54 - 2015-07-30 10:54 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-30 10:54 - 2015-07-30 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-30 10:53 - 2015-07-30 10:53 - 00422400 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-07-30 10:53 - 2015-07-30 10:53 - 00342016 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-07-30 10:53 - 2015-07-30 10:53 - 00002768 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-30 10:53 - 2015-07-30 10:53 - 00002768 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-07-30 10:53 - 2015-07-30 10:53 - 00000000 ____D C:\Users\UPS\AppData\Roaming\Lavasoft
2015-07-30 10:53 - 2015-07-30 10:53 - 00000000 ____D C:\ProgramData\Lavasoft
2015-07-30 10:53 - 2015-07-30 10:53 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-07-30 10:52 - 2015-07-30 10:52 - 00000000 ____D C:\Users\UPS\AppData\Roaming\Macromedia
2015-07-30 10:29 - 2015-07-30 10:29 - 00002048 _____ C:\Users\Public\Desktop\UPS WorldShip.lnk
2015-07-30 10:28 - 2015-07-30 10:29 - 00001813 _____ C:\Windows\ODBC.INI
2015-07-30 10:28 - 2015-07-30 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
2015-07-30 10:26 - 2015-07-30 12:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-07-30 10:26 - 2015-07-30 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UPS
2015-07-30 10:26 - 2015-07-30 10:26 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-30 10:26 - 2015-07-30 10:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-30 10:26 - 2015-07-30 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-07-30 10:25 - 2015-07-30 10:31 - 00000313 ____N C:\Windows\wstdUPSWSHIP.INI
2015-07-30 10:25 - 2015-07-30 10:25 - 00000000 ____D C:\Program Files (x86)\UPS
2015-07-30 10:22 - 2015-07-30 13:57 - 00110160 _____ C:\Users\UPS\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-30 10:22 - 2015-07-30 10:29 - 00000000 ____D C:\Users\Public\UPS
2015-07-30 10:22 - 2015-07-30 10:25 - 00000000 ____D C:\ProgramData\UPS
2015-07-30 10:22 - 2015-07-30 10:22 - 00000508 _____ C:\Windows\SysWOW64\upsws_odbcconf.log
2015-07-30 10:22 - 2015-07-30 10:22 - 00000043 _____ C:\Windows\ADinstall.ini
2015-07-30 10:19 - 2015-07-30 10:19 - 00000000 __SHD C:\Users\UPS\AppData\Local\EmieUserList
2015-07-30 10:19 - 2015-07-30 10:19 - 00000000 __SHD C:\Users\UPS\AppData\Local\EmieSiteList
2015-07-30 10:19 - 2015-07-30 10:19 - 00000000 __SHD C:\Users\UPS\AppData\Local\EmieBrowserModeList
2015-07-30 10:17 - 2015-07-30 10:17 - 00000000 ____D C:\Program Files\Dell
2015-07-30 10:15 - 2015-07-30 10:15 - 00000000 ____D C:\Users\UPS\AppData\Local\softthinks
2015-07-30 10:15 - 2015-07-30 10:15 - 00000000 ____D C:\ProgramData\softthinks
2015-07-30 10:15 - 2015-01-26 16:48 - 00000107 ____H C:\DBAR_Ver.txt
2015-07-30 10:12 - 2015-07-30 10:12 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2015-07-30 10:10 - 2015-07-30 10:58 - 00000000 ____D C:\Users\UPS\AppData\Roaming\Adobe
2015-07-30 10:10 - 2015-07-30 10:10 - 00001975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
2015-07-30 10:10 - 2015-07-30 10:10 - 00001415 _____ C:\Users\UPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-30 10:10 - 2015-07-30 10:10 - 00000000 ____D C:\Users\UPS\AppData\Local\VirtualStore
2015-07-30 10:09 - 2015-07-30 10:10 - 00000000 ____D C:\Users\UPS
2015-07-30 10:09 - 2015-07-30 10:09 - 00000020 ___SH C:\Users\UPS\ntuser.ini
2015-07-30 10:09 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\UPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-30 10:09 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\UPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 10:34 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-31 10:30 - 2015-05-26 14:03 - 00460596 _____ C:\Windows\WindowsUpdate.log
2015-07-31 10:30 - 2015-05-26 12:17 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-31 10:27 - 2009-07-13 23:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-31 10:27 - 2009-07-13 23:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-31 10:12 - 2015-05-26 12:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-31 08:17 - 2015-05-26 12:25 - 00011722 _____ C:\Windows\SysWOW64\Gms.log
2015-07-30 13:27 - 2015-05-26 12:18 - 00000000 ____D C:\Temp
2015-07-30 13:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2015-07-30 12:52 - 2009-07-13 23:51 - 00030418 _____ C:\Windows\setupact.log
2015-07-30 12:36 - 2010-11-21 02:17 - 00000000 ____D C:\Windows\ShellNew
2015-07-30 12:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-07-30 12:33 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-30 12:33 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2015-07-30 12:32 - 2015-05-26 12:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-07-30 10:36 - 2011-02-24 15:45 - 00790630 _____ C:\Windows\system32\perfh00C.dat
2015-07-30 10:36 - 2011-02-24 15:45 - 00166196 _____ C:\Windows\system32\perfc00C.dat
2015-07-30 10:36 - 2009-07-14 00:13 - 01795654 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-30 10:32 - 2011-02-10 09:25 - 00000000 ____D C:\dell
2015-07-30 10:32 - 2010-11-20 22:47 - 00163172 _____ C:\Windows\PFRO.log
2015-07-30 10:32 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-30 10:32 - 2009-07-13 23:45 - 00269128 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-30 10:29 - 2015-05-26 12:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-30 10:28 - 2011-02-10 09:33 - 01697188 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-30 10:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2015-07-30 10:12 - 2015-05-26 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-30 10:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-07-30 10:05 - 2011-02-10 09:25 - 00000000 ____D C:\Windows\panther

==================== Files in the root of some directories =======

2015-07-30 13:24 - 2015-07-30 13:24 - 0000042 _____ () C:\Users\UPS\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\UPS\AppData\Local\Temp\AcDeltree.exe
C:\Users\UPS\AppData\Local\Temp\cw.exe
C:\Users\UPS\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-30 11:16

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by UPS (2015-07-31 10:42:23)
Running from C:\Users\UPS\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4074826810-2263066827-430345764-500 - Administrator - Disabled)
Guest (S-1-5-21-4074826810-2263066827-430345764-501 - Limited - Disabled)
UPS (S-1-5-21-4074826810-2263066827-430345764-1000 - Administrator - Enabled) => C:\Users\UPS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AlignmentUtility (x32 Version: 18.00.0000 - UPS) Hidden
Autodesk DWG TrueView 2016 - English (HKLM\...\DWG TrueView 2016 - English) (Version: 20.1.49.0 - Autodesk)
CCC (x32 Version: 18.00.0000 - United Parcel Service, Inc.) Hidden
Chromium (HKU\S-1-5-21-4074826810-2263066827-430345764-1000\...\Chromium) (Version: 46.0.2461.0 - Chromium)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{90B2EE35-59D0-4A1F-B125-9F678D46A955}) (Version: 2.1.125.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
DWG TrueView 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
FormsComponent (x32 Version: 18.00.0000 - UPS) Hidden
FOSS (x32 Version: 18.00.0000 - UPS) Hidden
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 18.00.0000 - UPS)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSIChecker (x32 Version: 18.00.0000 - UPS) Hidden
NA1Messenger (x32 Version: 18.00.0000 - Your Company Name) Hidden
NRF (x32 Version: 18.00.0000 - UPS) Hidden
OKI LD620D Windows Driver V4.6.77 (HKLM\...\OKI_DATA_CORP_LD620D) (Version:  - )
PolicyManager (x32 Version: 18.00.0000 - UPS) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 18.00.0000 - UPS) Hidden
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
SupportUtility (x32 Version: 18.00.0000 - UPS) Hidden
System (x32 Version: 18.00.0000 - UPS) Hidden
Unchecky v0.3.8 (HKLM-x32\...\Unchecky) (Version: 0.3.8 - RaMMicHaeL)
UnifiedPrinting (x32 Version: 18.00.0000 - UPS) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 18.0 - UPS)
UPSDB (x32 Version: 18.00.0000 - UPS) Hidden
UPSICC (x32 Version: 18.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 18.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Web Companion (HKLM-x32\...\{5ec35ccc-5fa3-4cb3-a51b-5611887435c2}) (Version: 2.0.1025.2130 - Lavasoft)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 18.00.0000 - UPS)
WinRAR 5.21 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
WorldShip (x32 Version: 18.00.0000 - UPS) Hidden
WSShared (x32 Version: 18.00.0000 - UPS) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-07-2015 10:29:49 Installed WebHelp
30-07-2015 10:30:34 Installed WebHelp
30-07-2015 12:32:20 Installed Microsoft Office Professional Plus 2010
30-07-2015 17:34:18 Language Pack Removal
31-07-2015 10:21:31 Windows Update
31-07-2015 10:34:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
31-07-2015 10:35:11 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
31-07-2015 10:35:27 Installed DirectX

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-07-30 12:55 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13E4BBCC-2033-4D1C-81CB-108F5E940C1F} - \One System Care Run Delay No Task File <==== ATTENTION
Task: {16F94009-4823-482F-BB13-757F9AE58347} - System32\Tasks\UpdateTask => C:\Users\UPS\AppData\Local\{CFF9F~1\UNINST~1.EXE [2015-07-30] ()
Task: {3807B9C6-2F83-43BD-AA57-4CAB38B64B88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {426C00A7-4D9A-40B9-A00F-A87A82B3ECD2} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {5703E90D-EE41-4565-A1BE-42B5865A452E} - \One System Care Monitor No Task File <==== ATTENTION
Task: {918DFB53-F325-41EC-98BB-78D40DC1FE14} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {E23CCF3D-117D-4E64-8209-F26154CE1EF9} - \WebBarLaunchTask No Task File <==== ATTENTION
Task: {F87A39F8-345E-44A0-A05C-32ABC41FE292} - \WebBarUpdateTask No Task File <==== ATTENTION
Task: {FE3F28F5-57C1-49B0-A6DE-BA8FE61D89EE} - System32\Tasks\Ofamvnuxsede => C:\ProgramData\Ofamvnuxsede\1.0.4.1\eifomtro.exe [2015-07-30] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\UPS\AppData\Local\{CFF9F~1\UNINST~1.EXE

==================== Loaded Modules (Whitelisted) ==============

2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-07-30 10:53 - 2015-07-30 10:53 - 00013312 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-07-30 10:53 - 2015-07-30 10:53 - 00005632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-07-30 10:53 - 2015-07-30 10:53 - 00028160 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-07-30 10:54 - 2015-07-30 10:54 - 02732016 _____ () C:\ProgramData\BwOqMYgt\aLqLxXDoka.exe
2015-07-30 10:55 - 2015-07-16 13:44 - 00226072 _____ () C:\Program Files\WebBar\2.0.5675.22923\wb.exe
2015-07-30 10:55 - 2015-05-12 15:20 - 00307200 _____ () C:\Program Files\WebBar\2.0.5675.22923\log4net.dll
2015-07-30 10:55 - 2015-05-12 15:20 - 00808960 _____ () C:\Program Files\WebBar\2.0.5675.22923\ISightSDK_x64.dll
2015-07-30 10:55 - 2015-05-22 16:02 - 00425472 _____ () C:\Program Files\WebBar\2.0.5675.22923\Newtonsoft.Json.dll
2015-07-30 10:55 - 2015-06-30 15:44 - 00387408 _____ () C:\Program Files\WebBar\2.0.5675.22923\System.Threading.dll
2015-07-30 10:55 - 2015-07-30 10:55 - 00003072 _____ () C:\Users\UPS\AppData\Local\Temp\isdkW637awCZ\ISightHost.exe
2015-07-30 10:55 - 2015-05-12 15:20 - 00808960 _____ () C:\Users\UPS\AppData\Local\Temp\isdkW637awCZ\ISightSDK.DLL
2015-07-30 10:59 - 2015-07-30 10:59 - 00157696 _____ () C:\ProgramData\Ofamvnuxsede\1.0.4.1\eifomtro.exe
2015-06-19 11:41 - 2015-06-19 11:41 - 01250848 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-30 10:53 - 2015-07-30 10:53 - 00072192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-07-30 10:53 - 2015-07-30 10:53 - 00178176 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-07-30 10:53 - 2015-07-30 10:53 - 00040448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-07-30 10:53 - 2015-07-30 10:53 - 00117248 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-07-30 10:53 - 2015-07-30 10:53 - 00032768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-07-30 10:59 - 2015-07-30 10:59 - 00650725 _____ () C:\ProgramData\Ofamvnuxsede\1.0.4.1\sqlite3.dll
2015-07-30 10:54 - 2015-01-23 05:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3873
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3916
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:4014

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4074826810-2263066827-430345764-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4074826810-2263066827-430345764-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4074826810-2263066827-430345764-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\UPS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DD4265A6-6147-4FEF-9AE1-5CF6095D26B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2484981F-B33C-461F-B466-64D2FF6EC0E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F47BD969-06D2-49C8-BDAE-A0A2370D8500}] => (Allow) C:\Users\UPS\AppData\Local\Chromium\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2015 10:37:40 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile C:\Program Files\Autodesk\DWG TrueView 2016 - English\acmgd.dll because this image is a 64bit assembly; try using 64bit ngen instead.

Error: (07/31/2015 10:37:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile C:\Program Files\Autodesk\DWG TrueView 2016 - English\accoremgd.dll because this image is a 64bit assembly; try using 64bit ngen instead.

Error: (07/30/2015 12:37:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 12:36:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/30/2015 12:36:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/30/2015 12:22:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1734

Start Time: 01d0caebccaea356

Termination Time: 10

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/30/2015 10:55:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TOASTER.EXE, version: 2.8.0.10, time stamp: 0x548f51e2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xf58
Faulting application start time: 0xTOASTER.EXE0
Faulting application path: TOASTER.EXE1
Faulting module path: TOASTER.EXE2
Report Id: TOASTER.EXE3

Error: (07/30/2015 10:55:21 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOASTER.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Toaster.App.Main()

Error: (07/30/2015 10:55:21 AM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Width and Height must be non-negative.
   at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
   at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (07/30/2015 10:32:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/31/2015 10:42:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024d00e: Windows Update Core.

Error: (07/31/2015 10:22:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024d00e: Windows Update Core.


Microsoft Office:
=========================
Error: (07/31/2015 10:37:40 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile C:\Program Files\Autodesk\DWG TrueView 2016 - English\acmgd.dll because this image is a 64bit assembly; try using 64bit ngen instead.
C:\Program Files\Autodesk\DWG TrueView 2016 - English\acmgd.dll

Error: (07/31/2015 10:37:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile C:\Program Files\Autodesk\DWG TrueView 2016 - English\accoremgd.dll because this image is a 64bit assembly; try using 64bit ngen instead.
C:\Program Files\Autodesk\DWG TrueView 2016 - English\accoremgd.dll

Error: (07/30/2015 12:37:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 12:36:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08"C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

Error: (07/30/2015 12:36:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08"C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

Error: (07/30/2015 12:22:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17631173401d0caebccaea35610C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/30/2015 10:55:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TOASTER.EXE2.8.0.10548f51e2KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42df5801d0cade0f0d8e44C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXEC:\Windows\syswow64\KERNELBASE.dll6297f6b8-36d3-11e5-9b0c-b083feabdafe

Error: (07/30/2015 10:55:21 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TOASTER.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Toaster.App.Main()

Error: (07/30/2015 10:55:21 AM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Width and Height must be non-negative.
   at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
   at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (07/30/2015 10:32:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 46%
Total physical RAM: 8110.53 MB
Available physical RAM: 4326.71 MB
Total Virtual: 16219.25 MB
Available Virtual: 11220.18 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.99 GB) (Free:399.84 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5564B4C5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

==================== End of log ============================

Link to post
Share on other sites
krome

krome

Posted
  • Author
Posted

No they are not my computers..mostly computers at my job.  A coworker of mine just got this computer and I noticed seemingly suspicious browser activity yesterday as I was passing by but I ignored it...had other things to do.  When I was asked to install a program for him that's when I clearly noticed that there was malware on his computer.  I installed MBAM then did a scan and there was over 500 PUP's so I removed them.  Of course we both know that doesn't end the problem so that's what brings me here today.

 

Oh yeah, the reason I ask for help on a different PC is because I'm the only one with an account here so I just do this to save others the time so they won't have to create an account and do things they've never done with programs they've never used and very likely won't understand.

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

This isn't in accordance with MalwareBytes EULA:
 

(b) Free License. If you are using a free version of the Software, then conditioned upon your compliance with the terms and conditions of this Agreement, Malwarebytes grants you a non-exclusive and non-transferable license to Execute (as defined herein) a single copy of the Software solely in executable form on a single computer or virtual machine (a “Computer”), solely for your personal, non-commercial purposes (i.e., not on Computers used in a business).

 

MalwareBytes EULA

Link to post
Share on other sites
krome

krome

Posted
  • Author
Posted

So basically what you're saying is Malwarebytes can't be downloaded from the site on a business computer to get rid of malware?  Or are you saying that I can't download MBAM on others computer's in general?  If that is the case then I just simply didn't know.  I've been dealing with many of your associates at MBAM and no one has ever informed me of that.

Link to post
Share on other sites
krome

krome

Posted
  • Author
Posted

I apologize if I've done anything wrong, but I simply wasn't aware because I didn't read.  Like a lot of people I just went for the download button.  I heard about this website from someone some years ago and went for it on my personal computer.  When I saw how well it worked I signed up to get help with any problems I run into.  The site seems to have changed over the years but I didn't know I couldn't install it at my job.  If it poses a problem then I can simply get rid of it.

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Free licence is only for home and non-commercial usage. When using a Free licence at your job on business computers, you are violating the End User Licence Agreement. You're making a profit via business computers so when using free license MalwareBytes to get rid of a malware issue, think about this company and its employees. 

 

How can I legally use Malwarebytes Anti-Malware in my Business or Corporate environment (including Government, Education, & Non-Profit)?

Link to post
Share on other sites
krome

krome

Posted
  • Author
Posted

I just looked at the homepage and actually read what's there and you're right.  I don't know how I missed all of that, but should be more careful with that and read.  I never thought about that, and again I truly apologize.  I had NO IDEA.  I would never knowingly do this and acknowledge to an MBAM rep that this is for people a my job knowing that they would find out and tell me what you're telling me today.  For proof on this see this topic: https://forums.malwarebytes.org/index.php?/topic/149612-ie-wont-allow-anything-incl-malwarebytes-to-download-saying-it-has-a-virus/

 

The very first thing I said to one of your reps was "A coworker of mine" as well as "I knew something was up when I tried to download firefox and malwarebytes on his computer.  Not blaming that rep because he was very helpful.  He just likely either thought I would download the business version or just didn't think about it.  I'm surprised it doesn't come up in the scan regarding which version (home or business) I'm using.  I just wish that I could've been informed that since this is a business that you need to use the business version and to be directed to a proper link for the business version.  If I was then I would've stayed away from downloading it.  Again, this is not to shift blame in any way.  I missed it completely.  Just wish I was told beforehand.

 

I thought I was doing a good deed by getting rid of their malware, but evidently I wasn't.  I pride myself on being honest so if something like this happens it's clearly a mistake because I don't do things like this.  I will remove it immediately.  Whoever has it here either doesn't know how to use it or doesn't even know it's there because I worked on it.  MBAM was used once on the computers I installed (one or 2 may've been used twice if not mistaken, but that's it.)

Link to post
Share on other sites
krome

krome

Posted
  • Author
Posted

Thank you, by the way, for the link on that.  Just want to say that I appreciate all of you guys hard work and was at one point contemplating learning myself how to get rid of malware as indicated in my post with B-boy style.  Unfortunately I don't have the time to get too involved as I would've liked to.  I know now to read more and be aware of what I'm doing.  Sorry to you and all at Malwarebytes.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.