Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing latest articles
Browse all 4746 Browse latest View live

Still infected?

June 30, 2015, 9:10 am
$
0
0
Hi Guys

A few weeks ago I returned home from a hospital stay to find my pc was playing up and I'm sure it had become infected.
The first sign of this was a centre-screen message box advising me that "ave.guard.exe has encountered a problem and needs to close..", or words to that effect.
The message was almost impossible to dismiss and though I managed to get rid of it eventually it soon reappeared and I felt sure something was wrong.
Other symptoms were searches re-directed, programmes closing or suddenly failing to respond and malware tools failing to scan or download.The machine was noisy and slow and plagued with what I'm sure were fake update reminders.
In adddition to XP I also have Linux Mint loaded on the same PC and, despite the alleged Linux invulnerability, it too seemed to be affected. Reading online suggested that this might indicate a rootkit so I tried to download Kaspersky's TDSSKiller but without success, I feel sure the virus was preventing it.
But I did manage to download the program from a clean pc to a stick and it seemed to run ok the first time, although it was very quick. Results showed no sign of infection but the symptoms continued and I wonder if the virus could have faked the scan. Repeated attempts to scan again all failed.
I didn't use my pc much after that for a few weeks but I did run some other clean-up programs including AdwCleaner and Comodo; there were no 'positives' but I'm not convinced.
As I type this my machine seems to be symptom-free and running fine but I can't yet trust it with sensitive information such as bank details.

Needless to say I should be very grateful for any help. Thanks in advance.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 2039 Mb
Graphics Card: Intel(R) 82865G Graphics Controller, 96 Mb
Hard Drives: C: Total - 24998 MB, Free - 6153 MB; D: Total - 61752 MB, Free - 51136 MB;
Motherboard: Hewlett-Packard, 085Ch
Antivirus: Avira Antivirus, Updated: Yes, On-Demand Scanner: Enabled
Search

about:blank infection HELP!!!

July 9, 2015, 10:17 am
$
0
0
It has taken me over an hour to create this post. Including two restarts and the TSG download


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X2 220 Processor, AMD64 Family 16 Model 6 Stepping 3
Processor Count: 2
RAM: 1791 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430, 256 Mb
Hard Drives: C: Total - 462502 MB, Free - 257597 MB; H: Total - 2861575 MB, Free - 74371 MB; I: Total - 953867 MB, Free - 50636 MB;
Motherboard: eMachines, EL1352G
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled




My physical memory is always at 90% or higher, every program I run is always "not responding".. I have malwarebytes and hijack this installed, I have run both but the problem persists. Any help would be appreciated. I have tried to follow removal instructions online and have had no luck, either due to finances or the instructions not matching my situation.

Randomly opening browser windows

July 20, 2015, 2:42 am
$
0
0
Hi and thanks in advance for any help,

My computer keeps randomly opening new IE windows, sometimes just one, other times 7 or 8 of them, and periodically something will suddenly blast out of the speakers and I have no idea where it is coming from! I have no programs or apps running at the time, yet I will suddenly hear Barry Scott advertising Cillit Bang! It's beyond weird lol

The IE windows don't open with any advertising or go to a suspicious webpage, it simply opens on Google's search page.

The whole system is very sluggish, especially just after startup and I'm sure something is going on that's not quite right, but all scans come up clean.

TSG SysInfo

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz, x64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 1953 Mb
Graphics Card: Intel(R) HD Graphics, 784 Mb
Hard Drives: C: Total - 476837 MB, Free - 413438 MB;
Motherboard: ASUSTeK Computer INC., V-P8H61E.
Antivirus: avast! Antivirus, Updated and Enabled

Can't access PC.

July 21, 2015, 1:29 am
$
0
0
First off, I've used the forum in the past. It's helped me out a great deal, and I always appreciate Techguy. I recommend all of my friends to this site for computer related issues. You guys perform a wonderful service.

Now. About my issue. For some reason, I can only boot my PC up in safe-mode (which is what I've done now, with networking). I am still using Windows XP (I'm way behind the times, I know) but whenever the PC comes out of the loading screen for XP, if I'm booting it up normally, the screen just goes black! Nothing else happens at all. Just black.

I can boot the PC up in safe-mode normally. I have ran two virus scans, one with Panda and one with my AVG 2011 service. AVG did some special scan for under safe-mode, and it turned nothing up. The Panda scan turned up cookies and a single Trojan (that was apparently hidden in a game trainer I used a long time ago, but they said it would show up as a false positive as it altered game code and the function was thought hostile by the scanner, but I kicked it out anyway when it showed up). Neither did anything to help me get back into my normal account outside of safemode.

I should stress - nothing happens when it comes out of that loading screen. I don't think it's being held ransom, as I can sign in fine on safe-mode and there are no popups or anything demanding anything. I'm not getting any notifications that anything's happening. There's just a flat black screen, with no logos or anything. Just a black screen. I press keys on the keyboard, I hit escape, CTRL-ALT-DELETE, nothing does anything. I have to reboot when it happens. I'm not sure if this is a virus or not, but something is stopping the PC from loading fully and it seems like it could be, so I'm posting this here. I wasn't having any issues until just a few days ago, and I don't even know what happened THEN to cause this. I shut the PC down (using the shut-down button) because of a thunderstorm. Went to go turn it back on, and this is going on.

I would dearly love to avoid reformatting the PC. I've got a lot of pictures and music that I can't get all fully backed up. If it can be avoided, I would really, really be pleased, and like that.

Here is my Sysinfo...

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 3326 Mb
Graphics Card: ATI Radeon HD 2400, 1 Mb
Hard Drives: C: Total - 235280 MB, Free - 17047 MB;
Motherboard: Dell Inc., 0RY007
Antivirus: AVG Internet Security 2011, Updated: Yes, On-Demand Scanner: Enabled

Yeah, this is an ancient, stone-age PC. Very crap. I need a knew one, I know.

And here is my HiJack This log. (Note - I'm in Safe-mode, and some functions are disabled, so how useful this will be, I'm not sure.)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:17:24 AM, on 7/21/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.7.0.147\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.7.0.147\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Anonymous\My Documents\RCA Detective\RCADetective.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Anonymous\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://myed-nc-alt.wachovia.com/dan...erSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BA4917A-ABAF-4AC0-8A33-0A48488D2AA2}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BA4917A-ABAF-4AC0-8A33-0A48488D2AA2}: NameServer = 192.168.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{0BA4917A-ABAF-4AC0-8A33-0A48488D2AA2}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.7.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\Documents and Settings\All Users\Application Data\BitRaider\BRSptSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: Google Update Service (gupdate1c9939fe3346ffc) (gupdate1c9939fe3346ffc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: vToolbarUpdater18.7.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe

--
End of file - 13244 bytes

Hope you guys can help me! (By the way, I do have BitTorrent on this machine. The reason is for game updates and freely released modifications and such, which I am VERY picky about downloading - I don't get anything sketchy or iffy. I am generally extremely careful and I do not torrent copyrighted materials. I use Steam to buy games.)

And again, I want to stress - please, if possible, help me avoid reformatting. There is so much on this PC, logs of chats I've had in the past and communication with friends on Yahoo and AOL that will be gone forever, pictures, music, all of that stuff.

Regardless, thank you all again for the service you perform, for free. You are truly a wonderful lot of folks, and I can't thank you enough for what you all do, and as volunteers! Kudos, and thank you!

Finally - please bare with me. If I cannot check the thread often, it's because I have to power the PC down after using it. I will try to check the thread as often as possible, and that will likely be in the evening.

RAM on my PC running extremely high

July 23, 2015, 4:04 am
$
0
0
When I boot my PC the Ram is running at 45%+ once I open my Browser it rises to 75 -80% and then quickly reaches 98% over an hour or two meaning I have to reboot and start again.

My browser can be slow and I often see that it is hanging to read or transfer data from "google-analytics.com" or "double.click.net"

I have run Malwarebytes and found nothing amiss. I have run Temporary File Cleaner and removed a fair amount of old gunk.

Here is some further info

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz, x86 Family 6 Model 15 Stepping 2
Processor Count: 2
RAM: 1013 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 128 Mb
Hard Drives: C: Total - 235280 MB, Free - 96854 MB;
Motherboard: Dell Inc., 0CU409

Log file:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:57:42, on 23/07/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 39.0 (x86 en-GB)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Anvisoft\Cloud System Booster\CSBSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\brian\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute

CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft

Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo

Print\EPTBL.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute

CS3/contributeieplugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo

Print\EPTBL.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CloudSystemBooster] "C:\Program Files\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" /hide

/autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe

-update pepperplugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe

-update pepperplugin (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program

Files\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsu...?1237578540875
O17 - HKLM\System\CS6\Services\Tcpip\..\{0A58BF97-68EF-40E5-BDB1-94675BDF8B2A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS7\Services\Tcpip\..\{0A58BF97-68EF-40E5-BDB1-94675BDF8B2A}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft

Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program

Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue

CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Anvi Cloud System Booster Speed Service (AnviCsbSvc) - Anvisoft - C:/Program Files/Anvisoft/Cloud System

Booster/CSBSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet

Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet

Security\cmdvirth.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

(file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

(file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD

DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee

Security Scan\3.11.149\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance

Service\maintenanceservice.exe
O23 - Service: Nielsen Update (NielsenUpdate) - Unknown owner - C:\Program

Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10771 bytes
Antivirus: COMODO Antivirus, Updated: Yes, On-Demand Scanner: Enabled

I have tried to download FRST64 but I get an error message saying it is not a valid win 32 application.

So I shall leave myself in your capable hands and hopefully you won't tell me that my PC belongs in a museum

eFix Results-Bad PC Security Level + Virus

July 24, 2015, 11:24 pm
$
0
0
OK next step
Please download Farbar Recovery Scan Tool and save it to your Desktop or downloads folder .

Note: You need to download and run the 64 bit version
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Browser hijacked by Snap Do and search safeguard

July 26, 2015, 6:24 am
$
0
0
FRST ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Tu Wei at 2015-07-26 21:13:39
Running from C:\Users\Tu Wei\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1496139827-2270205386-719297574-500 - Administrator - Disabled)
Guest (S-1-5-21-1496139827-2270205386-719297574-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1496139827-2270205386-719297574-1005 - Limited - Enabled)
Tu Wei (S-1-5-21-1496139827-2270205386-719297574-1001 - Administrator - Enabled) => C:\Users\Tu Wei

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
360随身WiFi (HKLM-x32\...\360AP) (Version: 2.0.0.1057 - 360互联网安全中心)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AliIM Plugins for Browser (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple 應用程式支援 (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
AuthenTec TrueSuite (HKLM\...\{1E1771A5-9BDA-4F91-ACEA-9798BCF8CFDD}) (Version: 5.2.0.675 - AuthenTec, Inc.)
AuthenTec WinBio FingerPrint Software (HKLM\...\{403EB04F-20E8-4C55-B989-4040340B3040}) (Version: 3.2.1.1030 - AuthenTec, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/無線 WiFi 軟體 (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KKMAN (HKLM-x32\...\KKMAN) (Version: 3.2 - 願境網訊股份有限公司(KKBOX Co., Ltd))
K-Lite Codec Pack 8.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
LINE (HKLM-x32\...\LINE) (Version: 4.1.1.423 - LINE Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.0.35625 - Grinding Gear Games)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.15.13232 - Sony Computer Entertainment Inc.)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PYV_x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.16.0 - ParetoLogic, Inc.) <==== ATTENTION!
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.5.1335 - Sling Media)
SlingPlayer (x32 Version: 1.5.1335 - Sling Media) Hidden
SmartCard Reader Driver Installation (HKLM-x32\...\InstallShield_{C6D91586-9F98-4CFD-9BC3-FC0800911005}) (Version: 1.2.4.16 - 您的公司名稱)
SmartCard Reader Driver Installation (x32 Version: 1.2.4.16 - 您的公司名稱) Hidden
Snap.Do Engine (HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\{b597cadb-3cba-4cb4-876a-28ff6992798a}) (Version: 11.140.1.20709 - ReSoft Ltd.) <==== ATTENTION
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TimeLineRemove 0.9 (HKLM-x32\...\TimeLineRemove_is1) (Version: 0.9 - TimeLineRemove)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.00.14200 - Sony Corporation)
VAIO - PlayStation®3 隨附的遠端鍵盤 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - TrackID™ 隨附的 BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - 遠端鍵盤 (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.2.0.10131 - Sony Corporation)
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.2.16060 - Sony Corporation)
VAIO CPU 風扇診斷 (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.3.0.12280 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.1.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.14.1.07010 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.1.06040 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO 手冊 (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VAIO 資料還原工具 (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC Streamer 5.04 (HKLM-x32\...\VLC Streamer_is1) (Version: - )
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.0.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
台北富邦銀行帳單瀏覽程式 (HKLM-x32\...\{F6FD0A21-EF80-4941-BC62-50A5A9E24746}) (Version: 4.20.0000 - 台北富邦銀行)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{00249E9F-88FF-45d5-82DB-A1BEE06E123C}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tu Wei\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1496139827-2270205386-719297574-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

24-07-2015 21:27:43 Checkpoint by HitmanPro
26-07-2015 16:27:09 RegCure Pro Backup
26-07-2015 16:59:14 JRT Pre-Junkware Removal
26-07-2015 17:24:24 JRT Pre-Junkware Removal
26-07-2015 20:23:19 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02525070-0BC8-406A-BC6D-480EFA1BB45F} - System32\Tasks\snf => C:\ProgramData\ExtTag\e4fbamcd.exe [2015-07-25] ()
Task: {0DC3BD4C-AE58-4BDF-B4E6-B80AD588FCA9} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {111DDEDD-4970-4381-B8F4-1621BC77E517} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1268376A-7C91-431D-AF10-9233B824F665} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24] (Adobe Systems Incorporated)
Task: {145B3C92-DFB7-4286-B444-F06A21EE7CB3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {1C619F56-F947-4626-96C6-BD803140C4E7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {250B5D1A-A896-45C0-A98B-8D9051F85B3D} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {26BB5B05-08E1-4D43-92E5-E33AE9FFECA4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {274B3047-6BA8-489B-815E-DEF9BD14524B} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {357A088D-89B0-4F38-B1BF-BEC43BF818B5} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3687E660-9E1C-49F8-8AED-A2476912D22F} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {3F5512D5-55F4-423D-BA9D-23F46AF19A9C} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {488D88D1-3748-4487-8B7D-92313B93C683} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {4AA9D819-F9A1-40BB-9B48-D98553478C0C} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {53F45BC4-07E8-474B-B72A-1EB4BBEE05E9} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5D09369C-BA55-4F08-AF2A-0E41C7691801} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {6B60ADC8-5F31-4ED2-B786-7EC50FE9D1AD} - System32\Tasks\360safe\360APMainProg => C:\Program Files (x86)\360\360AP\360AP.exe [2015-06-29] (360.cn)
Task: {6D0FB745-A368-484D-A06F-1A8200123F52} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {774EBACF-607A-4EC7-8820-38A1D57EA2AA} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8D40F372-75C2-421C-8800-6B64116DF42D} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {912828AD-75A4-439E-91F9-86D7DC9EC980} - System32\Tasks\SpyHunter4Startup => C:\Users\TUWEI~1\AppData\Local\Temp\RarSFX0\SpyHunter4.exe <==== ATTENTION
Task: {91B546FE-C12D-4D4A-8670-CAAB059137E9} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {93B7A442-5CF1-46F6-8B46-7A3F5E0E6AA4} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {93CB68A7-5AF1-4969-A117-6D9B641C1CA7} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9A4D531B-A6C3-40A8-9B27-4DE5C3B1544F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {A354C2D9-D020-4728-B01A-6266789768F5} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {A5A99BE4-E30D-4369-A019-08A2B9DF6075} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {A7EFC49A-54F6-4802-B182-1243A5F525A6} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {A90BD654-1F16-40ED-9E7F-B02C5A084E1D} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {A9271D0C-8025-4E7D-A1EC-CC13A3F09F33} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {B5E43993-DF8C-4662-870E-836C7A85D2A7} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {C325F7BE-94E6-4381-8B6E-867E94867BD2} - System32\Tasks\snp => C:\ProgramData\ExtTag\e4fbamcd.exe [2015-07-25] ()
Task: {CC38F8C6-9980-4644-AA28-C5355A1BB4A1} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {CFA25D8D-DC43-40B9-BC64-151640FC1C49} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D223D8F6-4B18-478A-857A-322383D72D13} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D8102CF1-5AE7-4D90-8E77-9F31F6CBB172} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {DDC28C18-EDBC-4853-B2B4-EF0B1EE05EAA} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {E2928140-BFC1-48F5-8A27-3ADE7C5BAA0E} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-03-29] (Sony Corporation)
Task: {E9CC9F4A-B95C-439D-B764-A75684689E79} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {EDACABCE-BA07-4C0F-8BDE-2BB15A1CEB21} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {F08F5641-CF43-4E3F-8BCB-C17713EF6776} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {F5530F5D-86AA-4FAE-B868-81E20C26FADC} - \ProPCCleaner_Start No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001Core.job => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1496139827-2270205386-719297574-1001UA.job => C:\Users\Tu Wei\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-05-15 04:05 - 2013-06-21 18:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-20 04:57 - 2012-02-20 04:57 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2012-02-20 04:57 - 2012-02-20 04:57 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2013-01-04 16:49 - 2012-11-30 18:18 - 00258224 _____ () C:\Users\Tu Wei\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-05 10:04 - 2012-04-04 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-15 03:41 - 2015-07-26 03:06 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-01-20 20:17 - 2014-01-20 20:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-26 19:45 - 2015-07-26 19:45 - 00043008 _____ () c:\users\tuwei~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm0a_bk.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00750080 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00047616 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00865280 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00200704 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00010240 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00726016 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-05 05:45 - 2015-03-19 15:15 - 00010240 _____ () C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-05-15 04:36 - 2012-04-06 14:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2015-07-25 21:55 - 2015-07-25 21:55 - 01162752 _____ () C:\ProgramData\ExtTag\du1nyzex.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-28 05:06 - 2014-11-28 05:06 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\50ac882adf9224ba 736ae207768122c4\IsdiInterop.ni.dll
2012-05-15 03:58 - 2012-05-02 20:53 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-05-15 04:07 - 2012-03-23 16:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\ebill.ba.org.tw -> hxxps://ebill.ba.org.tw
IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\fisc.com.tw -> hxxps://fisc.com.tw
IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\gov.tw -> hxxps://pfiles.tax.nat.gov.tw
IE trusted site: HKU\S-1-5-21-1496139827-2270205386-719297574-1001\...\paytax.nat.gov.tw -> hxxps://paytax.nat.gov.tw


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1496139827-2270205386-719297574-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tu Wei\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Checker => 2
MSCONFIG\Services: ExtTag => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: QRX61 => 2
MSCONFIG\startupfolder: C:^Users^Tu Wei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BePCSC => C:\Program Files (x86)\EmvSmartCardReader\BePCSC.exe
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: SmartMon => C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Tu Wei\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AE244612-7FAD-46F4-9B52-89E1682D8AD5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7378281C-7D74-417C-BB16-02F79B6A3FFC}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{A952712E-9872-41B1-8DA2-D6E150264DF6}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{B7A77258-85ED-4456-8233-C73E290CA70B}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{AE2FC8C2-2F76-4922-98CA-A608EA598551}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{39DC1EC0-1AB7-40EA-A526-B6F340C5481A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{166B27E9-FE12-45F3-A6B2-C898DDCE86DB}] => (Allow) LPort=2869
FirewallRules: [{5D10F408-4801-4AD4-88DB-D72F921676BC}] => (Allow) LPort=1900
FirewallRules: [{3D441816-2914-4774-91B9-AB77945D781A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B03C9B78-7FA5-4C64-935A-DAD9803CE795}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{409B49AA-B33D-4742-B446-384410D9BF61}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{78C001B1-9A2A-411D-87C6-3DA5642A6B55}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{52E8C440-9E0A-412C-A226-C3CA8A55C525}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D53B6B71-331A-4D06-9B21-93AF389F80AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{073BEF57-156B-4DFA-B48F-3F8DFA54BF8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3BE983EE-20B4-4A88-98EF-8BCCA4E089AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7BED94C9-7ADF-4C0C-BF90-91B6093EF0E6}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{71CF614C-5C50-4BEC-9365-51CF1EF8D084}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D3542106-D67E-481A-AB54-8DE466C42615}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{7E374658-1D42-4AA1-B93F-2F5A4D324A2E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{49985A43-C9C2-4B52-B1A1-39B0F70F9B5A}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{FDCEA323-F417-4ACF-9212-47FB882D8E5C}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{92DF1C38-E118-4B02-BFC1-A81E0B184D94}] => (Allow) LPort=8370
FirewallRules: [{E4B9A098-518B-423B-9755-CBAACD1D566A}] => (Allow) LPort=8370
FirewallRules: [{EC017DA0-71AC-4856-A4D6-5F59769C3CA3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3865C0E0-244B-4FCF-9BFF-DFC6D74A2D31}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{17414DE5-B236-4B70-8297-823B2A65AF44}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BDEE85AB-9DB4-481A-8B35-53E1F350B7F3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5B1B8E2F-8433-4DFB-A871-316A9A6BCAEC}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{E5A0A1CB-7B30-4BF4-96BE-97DFEC105820}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E3169FD8-04D9-42D9-89AD-B7F21C35365F}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{9D9E46AC-ADFE-45C6-8F56-7BBCB810B267}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{94CD6032-0B1A-4ACA-A89D-D39D636D8EA3}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{3D96DB1B-933B-44D8-AD32-BA92B14E5E16}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{6724EA81-4A3E-4C29-BF29-1BBDDF0AEE1C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{49E8B858-DF27-436B-955B-0EBCD7147CD2}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [UDP Query User{3C279B9A-A362-4076-A989-5560A9D95998}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [{E0D0002E-CE3D-4065-AFC3-98186ACEF72F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{90B7E957-612A-4DC8-999E-6CAA1B68251B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{6FB17F79-1315-47FA-A777-85A11DB97C6D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{86ABA188-56C6-4149-9C47-C9DD93D3C31C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [TCP Query User{F857765D-D2EF-4620-955F-C4D806C4C63B}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [UDP Query User{82C63B30-7251-4B79-9986-85A5CFB8D3E1}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{C5F6EC85-0AF6-4F71-9249-7AB5D45F0DEF}] => (Block) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{637820FC-15B7-44D8-A6BC-8E909919A4DB}] => (Block) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{5F01FDB6-FF27-44E6-BBF8-A33AE9DA1EB9}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D38DCB1B-31AC-4E25-97F1-AD53C896BE60}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{69DD2755-7089-4A4D-8F17-4AE362FE90BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{88F785D8-53C0-4F92-BC9F-03C84CF13F3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D9441D5-8561-4C0C-A427-0B6CD5E3FAE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{130C83F4-E8F1-416F-9E2B-2ED17BA768E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7D17C4EA-BF9D-4AEF-8408-4DB253C1F2A8}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FDC6BC51-E6E2-4F70-9C5A-FD15DE0390E9}] => (Allow) C:\Users\Tu Wei\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{21834655-B01D-4B8A-A302-13A0D445538E}C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0843596C-5BD6-48E0-BF72-079FB0A0C610}C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tu wei\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{6E0753B1-9DCA-42E2-B4D2-D6FFB127FE3C}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{0D7CE84C-D0F2-41B9-A083-3E05058F6405}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{D780F481-68F2-4A6B-BB30-376C2E239FD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F4AE5C1B-F035-4EF4-B47F-196A1E5CC7E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{ABA16DEF-DEE3-4473-9B7A-B3282657B647}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0B779F9B-C02B-4561-97E3-EDEA73274694}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7E67F87-34CD-4381-894B-465B1D0E1A70}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8C8F715E-9754-4C3A-B50D-65E7F8D65574}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D394F52-7C07-4DF4-ADF1-00A0191166CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AB05BCD4-29C2-4A1E-98BD-61B35D0F44F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{ED512462-9B6A-4BF4-8A54-7F62587843FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{97CC90C3-F05C-4863-ADBE-F1FA035E7948}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E6F8BD03-5D4F-4387-86AD-3E9986CD01F6}] => (Allow) C:\Program Files (x86)\360\360AP\360AP.exe
FirewallRules: [{2F37AEA6-A54C-46F6-AA28-54DDDB7B2C12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe
FirewallRules: [{D11AC70D-F4A2-4EC2-8C72-96BAB211799C}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{A67EAF4D-9F64-438B-B1F9-E3C0772913B4}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{59DF33B2-8300-4984-AE62-E53B41116845}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{606C539B-3F09-41E3-89FD-9E746233F371}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{60C9761C-A75E-4221-8470-08E1ADF52EF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FDE7DB9E-0296-41FC-8AE0-09502490F607}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7284F8C0-F51C-4C72-939E-32E39E9CA4DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD36E824-B27A-4882-B2E5-B74B4E26EF83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B7647F30-7DA3-40D1-B62C-3CF7FA493215}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{594EDAAD-6B73-467E-BE34-AEAF45C1A1A6}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{3FF85416-3FA7-40B8-9225-56869F0E4933}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{F019368A-5CE1-482E-B161-AA3C30B0BC47}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ABD0E00F-38DA-44F8-8C7E-8AD6F3686035}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{AC3BEBD4-FEEA-486B-ACBF-7CB2ED4F4955}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{265CDC5E-A303-4F7B-A89B-3B9BF20F1377}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{3105A704-4D51-4FEE-8BB7-363698EBC4FD}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{4E67724B-B512-43FD-A4BC-91C8D7BD362D}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{552D1100-81F2-4077-9420-AED16C9C78B3}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E96A0905-67DD-4978-9B7A-0F2571D5BE05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADD8E301-7FCC-4F2C-B4FE-30A781A070D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B8DC0399-6158-46F3-9FA9-46DBE3E55839}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A122B09F-5E3D-490B-94C6-DE03E6275FD0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AFEDFF77-7220-4267-A653-D6B81DB5275E}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{B6D10CD6-6F06-44CF-9D2E-81B0362237E4}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{D9A13B16-8FA8-4F72-A17D-4B29E91B375C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{7ADC86B6-DF49-4999-A941-4BC89CFE9D58}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{4CE9B774-9D61-48B4-BDC9-CA57F058316B}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{F325BC39-02D1-4A59-AB19-E55C67FED3F6}] => (Allow) C:\Program Files (x86)\360\360AP\LiveUpdate360.exe
FirewallRules: [{3EB4F434-C504-4C1E-A187-173AE1BE86C6}] => (Allow) LPort=50000
FirewallRules: [{5213F027-EE95-4DAF-A1D2-2C63B032F5DE}] => (Allow) LPort=50001
FirewallRules: [{49AFDA16-897A-444E-A579-12A4D76CB770}] => (Allow) LPort=6001
FirewallRules: [{E8A2469B-713C-4B83-814F-6402CBCBBC6A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A41336E2-FC76-4766-B186-34FED1DC5101}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5B22BE10-AA7E-48B6-8733-6806E0BC9CE7}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
FirewallRules: [{E112403C-52BF-4BA8-B1A6-7CCAF10B5125}] => (Allow) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\mDNSResponder.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe] => Enabled:iPhone PC Suite.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2015 07:45:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 07:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fe7ebfad21
Faulting process id: 0x4b0
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3

Error: (07/26/2015 07:43:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threadi ng.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading. DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 06:26:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 06:24:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threadi ng.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading. DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 05:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 05:11:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.55.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14fc

Start Time: 01d0c782b0f1059b

Termination Time: 3

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 4b6a8db7-3376-11e5-be4d-30f9edead3a2

Error: (07/26/2015 05:08:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 04:33:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/26/2015 04:33:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/26/2015 09:12:23 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 08:45:25 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 08:15:25 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 08:00:14 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:56:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:55:21 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:41:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:38:50 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:31:49 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/26/2015 06:25:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll


Microsoft Office:
=========================
Error: (07/26/2015 07:45:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 07:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c0000005000007fe7ebfad2 14b001d0c78e37dba95aC:\Program Files\Sony\VAIO Care\VCAgent.exeunknown84d91942-338b-11e5-bc6c-30f9edead3a2

Error: (07/26/2015 07:43:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threadi ng.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading. DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 06:26:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 06:24:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threadi ng.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading. DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (07/26/2015 05:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 05:11:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe2.3.55.014fc01d0c782b0f1059b3C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe4b6a8db7-3376-11e5-be4d-30f9edead3a2

Error: (07/26/2015 05:08:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2015 04:33:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/26/2015 04:33:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4400


CodeIntegrity Error:
===================================
Date: 2015-05-10 23:52:49.299
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:52:49.249
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:52:48.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:52:48.735
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:39:47.336
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:39:47.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:38:06.704
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:38:06.657
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:32:44.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-10 23:32:44.205
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\MHIKEY11x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 8091.28 MB
Available physical RAM: 5019.15 MB
Total Virtual: 16180.76 MB
Available Virtual: 12554.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:580.06 GB) (Free:178.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: FAE8A523)

Partition: GPT Partition Type.

==================== End of log ============================

slow internet and weird computer

July 26, 2015, 9:34 am
$
0
0
HI ! I have come to this forum today to ask for some help or guidance. My internet has been slow in the past but I believe this may just be my service and not my computer. Someone who could help me verify any spyware or malware etc intrusions would be very much apreciated ( or anything that could slow the net down ) . My computer screen also seems to have ... "zoomed" in on everything. My mouse is much bigger and things on screen appear sort of blurred and oversized. I dont know where this may come from. Thank you so much for the help I may receive !
Search

Sluggish laptop with delayed boot up time

July 26, 2015, 5:19 pm
$
0
0
Good evening,

A computer error occurred this evening at 7pm, my laptop had gone into idle mode and would not boot up when I touch the mouse pad, the screen remained 'off', CTRL+ALT+Delete brought back my screen with an error message saying that that were was low memory.

The only programs that were running was Chrome, Skype and two Microsoft Word documents, this is usually never a problem.

I turned off my computer, thinking perhaps it was too hot. After 15 minutes I turned it back on, however the Windows logo remained on screen for about 1-2 minutes, longer than usual. Afterwards, WinSAT started to run before my desktop was loaded.

Sometime earlier today around 1pm today, I had stepped away and returned to my screen looking bloated as though I had gone into safe mode, but I had not, my screen resumed its usual look once I moved my cursor.

I ran a full scan of AVG and it came out clean, I am, however, a bit concerned over this odd behavior.

Thank you for your time.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 3992 Mb
Graphics Card: Intel(R) HD Graphics 3000, 1804 Mb
Hard Drives: C: Total - 455238 MB, Free - 173855 MB; D: Total - 21396 MB, Free - 2308 MB; F: Total - 99 MB, Free - 81 MB;
Motherboard: Hewlett-Packard, 1841
Antivirus: Norton Internet Security, Disabled

Blekko nuisance

July 27, 2015, 9:18 am
$
0
0
I'm using IE Ver 11 with Google and continuously have "blekko" interrupting me. I have gone through the threads on this site concerning blekko and used suggestions to remove the nuisance. I've used ADware cleaner, Malware cleaner, I've been through the registry, scanned all files looking for any reference to blekko and can not find evidence of it existence anywhere. It pops up on Explorer as a new tab continuously.

I normally use Opera for most browsing and it's not plagued at all with blekko. My use of IE is only for quick searches and blekko makes it a pain to use.

Pokki? It won't go away...

July 27, 2015, 11:09 pm
$
0
0
Hello, ccdand. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)


First, I'd like to have a look at your system. Please, do the following:

FRST Scan
  1. Download Farbar Recovery Scan Tool and save it to your Desktop.
  2. Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  3. Make sure that Addition.txt is checked and press the Scan button.
  4. It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  5. Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content

Slow Computer... MalwareBytes can't scan.

July 28, 2015, 4:23 am
$
0
0
My five + year old laptop is slow enough as it is. I needed a WAV to MP3 converter, downloaded & installed one off of an unknown website, and along come alot of other baggage attached. Some strange "Geek" online chat with computer "experts" with the program notifying me of malware, etc. I should have known better.

Anyway, MalwareBytes can't scan (JPG attached), it stays at a very early scan state at 19+ hours where as just a week before it would completely scan within an hour. Also my laptop slows to a crawl at times, stops for minutes at times. Please help.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Basic, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) Processor 2650e, x64 Family 15 Model 127 Stepping 2
Processor Count: 1
RAM: 2813 Mb
Graphics Card: ATI Radeon X1200, 256 Mb
Hard Drives: C: Total - 71191 MB, Free - 5242 MB; D: Total - 71188 MB, Free - 5314 MB;
Motherboard: Acer, Nile
Antivirus: Microsoft Security Essentials, Updated and Enabled

Attached Images
File Type: jpg Malwarebytes 19hours.jpg (53.9 KB)

Help Removing FindingDiscount and others

July 29, 2015, 11:07 am
$
0
0
Searched the forum, downloaded AdwCleaner, need further help.

# AdwCleaner v4.208 - Logfile created 29/07/2015 at 10:53:29
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Cyndy - CYNDY-PC
# Running from : C:\Users\Cyndy\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : cherimoya
[#] Service Deleted : CouponPrinterService
[#] Service Deleted : csrcc
[#] Service Deleted : FindingDiscount
Service Deleted : netfilter64
[#] Service Deleted : RuntimeManager
[#] Service Deleted : shopperz Updater
[#] Service Deleted : SMUpd
[#] Service Deleted : SMUpdd
[#] Service Deleted : SPBIUpd
[#] Service Deleted : SPBIUpdd
[#] Service Deleted : YahooAUService
[#] Service Deleted : PastaLUpdd
[#] Service Deleted : pastaleadsupd
[#] Service Deleted : CoupoonService64
[#] Service Deleted : UpdateDustTool
[#] Service Deleted : WajaInternetEnhancer Service
[#] Service Deleted : UpdateCheck
Service Deleted : {42f8f729-2fa8-44bb-b01a-28c57a8162c7}w64
[#] Service Deleted : innfd_1_10_0_14
[#] Service Deleted : 9617fb41
[#] Service Deleted : d54b8bbd-6b74-4d90-b801-8120aa8b2438

***** [ Files / Folders ] *****

Folder Deleted : C:\rei
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Windows Discount
Folder Deleted : C:\ProgramData\PastaLeadsAgent
Folder Deleted : C:\ProgramData\EpsanDrive
Folder Deleted : C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
Folder Deleted : C:\ProgramData\b45ef27800006f13
Folder Deleted : C:\ProgramData\e471b7ae00001e6d
Folder Deleted : C:\ProgramData\{3a2b1ef5-011f-776c-3a2b-b1ef50117bd4}
Folder Deleted : C:\ProgramData\{ee86c8fb-0448-38cf-ee86-6c8fb04423ec}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaInternetEnhancer
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Coupons
[!] Folder Deleted : C:\Program Files (x86)\Windows Discount
[!] Folder Deleted : C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager
Folder Deleted : C:\Program Files (x86)\ControlThis Parental Control
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FlashGamesRockstar
Folder Deleted : C:\Users\Cyndy\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Cyndy\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Cyndy\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Cyndy\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\Cyndy\AppData\Local\Max_Computer_Cleaner
Folder Deleted : C:\Users\Cyndy\AppData\Local\7F42D543-1433706564-E311-8FF3-201A06E3283E
Folder Deleted : C:\Users\Cyndy\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Cyndy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Cyndy\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Cyndy\AppData\Roaming\catalina – print savings
Folder Deleted : C:\Users\Cyndy\AppData\Roaming\One System Care
Folder Deleted : C:\Users\Cyndy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
File Deleted : C:\END
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Windows\System32\drivers\{42f8f729-2fa8-44bb-b01a-28c57a8162c7}w64.sys
File Deleted : C:\Windows\System32\drivers\cherimoya.sys
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Windows\System32\drivers\SPPD.sys
File Deleted : C:\Users\Cyndy\AppData\Roaming\64ZRoxId0nBK
File Deleted : C:\Users\Cyndy\AppData\Roaming\Mp1sl604xO8Zpf6
File Deleted : C:\Users\Cyndy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
File Deleted : C:\Users\Cyndy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.cassiopesa.com_0.localstorage
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : AmiUpdXp
Task Deleted : ConsumerInputUpdateTaskMachineCore
Task Deleted : ConsumerInputUpdateTaskMachineUA
Task Deleted : Crossbrowse
Task Deleted : Inst_Rep
Task Deleted : ShopperPro
Task Deleted : ShopperProJSUpd
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : Smp
Task Deleted : SPDriver
Task Deleted : Super Optimizer Schedule
Task Deleted : UpdaterEX
Task Deleted : YTDownloader
Task Deleted : YTDownloaderUpd
Task Deleted : MaxComputerCleaner_Start
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : Tny_cassiopesa
Task Deleted : One System CareStartUp
Task Deleted : One System CarePeriod
Task Deleted : One System Care Run Delay
Task Deleted : One System Care Monitor
Task Deleted : avabvbavad
Task Deleted : SMWUpd
Task Deleted : 64ZRoxId0nBK
Task Deleted : Mp1sl604xO8Zpf6
Task Deleted : 88c45a93-107a-47dd-8a8b-10edd5c1567a-1-6
Task Deleted : 88c45a93-107a-47dd-8a8b-10edd5c1567a-1-7
Task Deleted : 88c45a93-107a-47dd-8a8b-10edd5c1567a-10_user
Task Deleted : 88c45a93-107a-47dd-8a8b-10edd5c1567a-3
Task Deleted : 88c45a93-107a-47dd-8a8b-10edd5c1567a-5
Task Deleted : 88c45a93-107a-47dd-8a8b-10edd5c1567a-5_user
Task Deleted : 88c45a93-107a-47dd-8a8b-10edd5c1567a-6
Task Deleted : 88c45a93-107a-47dd-8a8b-10edd5c1567a-7
Task Deleted : DFOZSNJILP
Task Deleted : SMW_UpdateTask_Time_323836373732383831322d2d5b50342a4155456c5a236c
Task Deleted : SPBIW_UpdateTask_Time_323836373732383831322d2d5b50342a4155456c5a236c

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Cyndy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Deleted : HKLM\SOFTWARE\716a3287-b8c1-aa69-d599-725ae85fe3c0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9617fb41}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKCU\Software\ArenaHD
Key Deleted : HKCU\Software\esties
Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Deleted : HKCU\Software\WajaInternetEnhancer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\PastaLeadsAgent
Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\TBID
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\shopperz
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\FlashBeat
Key Deleted : HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\coupoon
Key Deleted : HKLM\SOFTWARE\PastaLeadsAgent
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\HighDefAction
Key Deleted : HKLM\SOFTWARE\ArenaHD
Key Deleted : HKLM\SOFTWARE\WajaInternetEnhancer
Key Deleted : HKU\.DEFAULT\Software\Goobzo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AC6566B-131F-4987-82DF-932CED9FCA23}
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\TBID
Key Deleted : [x64] HKLM\SOFTWARE\shopperz
Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
Key Deleted : [x64] HKLM\SOFTWARE\coupoon
Key Deleted : [x64] HKLM\SOFTWARE\PastaLeadsAgent
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\programdata\flashbeat\flashbeat32.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB58 57A57A0687786597A857BFFFFFF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\astromenda.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cassiopesa.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\petango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\viewpointforum.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.petango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.viewpointforum.com
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:47574
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:47574
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.134


*************************

AdwCleaner[R0].txt - [19569 bytes] - [29/07/2015 10:52:38]
AdwCleaner[S0].txt - [18087 bytes] - [29/07/2015 10:53:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18147 bytes] ##########

I need a FIXLIST.TXT - Can anyone help please?

July 30, 2015, 6:07 am
$
0
0
no worries, just be patient as the malware section is easily the busiest forum we have.

Dll error

July 30, 2015, 12:18 pm
$
0
0
Hello, I'm updating my child's laptop and when I click on Google Chrome to go online I get this message:

There was a problem starting C:\Program Files(x86)\MusicToolbar\Datamngr\apcrtldr.dll

Access Denied


Here is the information you requested.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4056 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1804 Mb
Hard Drives: C: Total - 292459 MB, Free - 205421 MB;
Motherboard: Dell Inc., 0G848F
Antivirus: Norton Security Suite, Updated and Enabled

Thank you, BBsMama
Search

desktop hard freezes in firefox 39.0

July 30, 2015, 12:35 pm
$
0
0
Hello
Ive tried all of the different malware removal tools and other anti virus tools
that I could learn about on the other threads posted here. Can't seem to get
this thing resolved. It's been 6-7 days of trying repairs, thinking it's been fixed and then
having the computer hard freeze in firefox. Any thoughts? I'm posting
because I am out of DIY ideas on this.
Thanks.

Black Screen after logging in windows 8.1. Please Help

July 31, 2015, 5:54 am
$
0
0
Here are my laptop specs..

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Single Language, 64 bit
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 3956 Mb
Graphics Card: Intel(R) HD Graphics 4000, 2042 Mb
Hard Drives: C: Total - 214447 MB, Free - 62065 MB; D: Total - 25599 MB, Free - 5529 MB; F: Total - 213671 MB, Free - 83642 MB;
Motherboard: LENOVO, Lenovo
Antivirus: Windows Defender, Disabled


off late, whenever I restart my computer, and log in, a black screen with a cursor appears. I have to go to the task manager, end some random processes and log out and then log in again to get the desktop back. I tried to restore my PC to a previous date, it failed and said antivirus stopped it. I disabled the windows defender and tried again, still no luck. please help. thanks

Internet browser ads viruses

July 31, 2015, 6:39 am
$
0
0
Hey everyone.

I'm currently at my friends house trying to fix his chrome ads problem. This is about the 10th time doing so. (The ones that underline everything)

Every time I get rid of them, they keep coming back a week later. The last one I just got rid of was called "earnsales"

Previously he had ads by shoppi.
I've done virus scans etc. I've used SuperAntiSpyware.

I'm guessing it's a virus. Not sure what to do now

Any guidance will be very appreciated.

Thanks

Are these virus

July 31, 2015, 12:35 pm
$
0
0
Help me...

I my C:\ProgramData ; I have a lot of files with wierd names.

Examples:
{0ef4709d-acb6-fa23-0ef4-4709dacbc276}

{e14e33a0-e1dc-a7c8-e14e-e33a0e1dce83}

{91751797-6ef4-b0a2-9175-517976ef5e5d}

The first one contains these files: File types:
2352ff4c2f1cb87e NextCoup
501959229011021111c.dat DAT File
501959229011021111c.exe Application
eeaf591908c85faa NextCoup


They all contain the same file types and the names are always very similar.
What are these?
P.S: i am on a razer blade pro with latest windows 8 update

Good Online Virus Detection and Removal Progarm

August 1, 2015, 10:47 am
$
0
0
Hi referee07,
If you have run ESET and Malwarebytes and both showed up clean, the prospect that you actually have a virus is extremely low.
You may however, be experiencing a number of other things that could be the cause.
If you want extra help to find out, please proceed:

Note at the top of this forum page:
Everyone MUST read this BEFORE posting for help in this forum
Please follow the instructions there : http://forums.techguy.org/virus-othe...e-posting.html
Post the required log from TSG SysInfo, and it will assist your helper.
You have already decribed your problem.

-----------------------------------------------------------
Download and Run the Correct Farbar Scan Tool for your System
  • 64-bit: Download FRST64 and save to your Desktop.
    or
    32-bit: Download FRST and save to your Desktop.
  • Double click Frst.exe or Frst64.exe to launch it.
  • Frst will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST
Feel free to use separate replies if it's more convenient.

So, if you wish to continue, we will be looking for the Sysinfo report, and the two logs from FRST.
askey127

bsod when gaming and wupdate problems

August 1, 2015, 1:49 pm
$
0
0
Thanks Stef,

I updated to 10 yesterday from W7 Pro, is very good and easy to use...

Kevin..

Pop Up ads

August 1, 2015, 3:20 pm
$
0
0
I have pasted both in here....




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by Robin (administrator) on ROBIN-PC (01-08-2015 23:12:23)
Running from C:\Users\Robin\Downloads
Loaded Profiles: Robin (Available Profiles: Robin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files\Rainmeter\Rainmeter.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4188762614-2608134952-2438736338-1000\...\Run: [Google Update] => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-4188762614-2608134952-2438736338-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-31] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2011-12-02]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kodaline - Coming Up for Air.lnk [2015-02-06]
ShortcutTarget: Kodaline - Coming Up for Air.lnk -> C:\ProgramData\{d5c3f2a6-1677-5858-d5c3-3f2a6167ca98}\Kodaline - Coming Up for Air.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4188762614-2608134952-2438736338-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A0560837-1B23-4C36-BFCD-7513EE08AE6C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{EA3CF029-8ECB-4858-A91F-E7AE97121BC0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F23AB6DB-DC92-4D80-901F-E5682046F104}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\92zksi9s.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4188762614-2608134952-2438736338-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4188762614-2608134952-2438736338-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4188762614-2608134952-2438736338-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Robin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-01-30] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-17]
CHR Extension: (Google Cast) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-12]
CHR Extension: (Adblock Plus) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-17]
CHR Extension: (Google Search) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-17]
CHR Extension: (AdBlock) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-12]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2015-04-12]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nmjgmjnoefnigplannmkidnlnfadjpna] - C:\ProgramData\Codecv\nmjgmjnoefnigplannmkidnlnfadjpna.crx [Not Found]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [983104 2010-11-03] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-05] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 23:12 - 2015-08-01 23:13 - 00016961 _____ C:\Users\Robin\Downloads\FRST.txt
2015-08-01 23:11 - 2015-08-01 23:11 - 02168832 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2015-08-01 23:09 - 2015-08-01 23:09 - 01673216 _____ (Farbar) C:\Users\Robin\Downloads\FRST (1).exe
2015-08-01 23:07 - 2015-08-01 23:08 - 01673216 _____ (Farbar) C:\Users\Robin\Downloads\FRST.exe
2015-08-01 21:27 - 2015-08-01 21:28 - 02248704 _____ C:\Users\Robin\Downloads\AdwCleaner (2).exe
2015-08-01 21:24 - 2015-08-01 21:24 - 02248704 _____ C:\Users\Robin\Downloads\AdwCleaner (1).exe
2015-08-01 21:20 - 2015-08-01 21:33 - 00000024 _____ C:\Users\Robin\AppData\Roaming\appdataFr25.bin
2015-08-01 21:13 - 2015-08-01 21:13 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Robin\Downloads\JRT.exe
2015-08-01 21:11 - 2015-08-01 21:11 - 02248704 _____ C:\Users\Robin\Downloads\AdwCleaner.exe
2015-07-30 22:11 - 2015-07-30 22:11 - 00003408 ____N C:\bootsqm.dat
2015-07-30 14:04 - 2015-07-30 14:04 - 00000000 _____ C:\autoexec.bat
2015-07-30 14:03 - 2015-07-30 14:03 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Downloads\SpyHunter-Installer.exe
2015-07-30 13:40 - 2015-07-30 13:40 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-30 13:40 - 2015-07-30 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-30 13:40 - 2015-07-30 13:40 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-30 13:39 - 2015-07-30 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-07-28 17:09 - 2015-07-25 19:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 17:09 - 2015-07-25 19:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 17:09 - 2015-07-25 19:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 17:09 - 2015-07-25 19:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 17:09 - 2015-07-25 19:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 17:09 - 2015-07-25 19:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 17:09 - 2015-07-25 19:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 17:09 - 2015-07-25 18:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-21 20:29 - 2015-07-15 04:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 20:29 - 2015-07-15 04:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 20:29 - 2015-07-15 04:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 20:29 - 2015-07-15 04:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 20:29 - 2015-07-15 03:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 20:29 - 2015-07-15 03:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 20:29 - 2015-07-15 03:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 20:29 - 2015-07-15 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 20:29 - 2015-07-15 02:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 20:29 - 2015-07-15 02:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-19 10:42 - 2015-07-19 20:37 - 00000000 ____D C:\Users\Robin\Desktop\Artwork
2015-07-19 10:29 - 2015-07-19 10:29 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-19 10:29 - 2015-07-19 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-19 10:27 - 2015-07-19 10:29 - 00000000 ____D C:\Program Files\iTunes
2015-07-19 10:27 - 2015-07-19 10:27 - 00000000 ____D C:\Program Files\iPod
2015-07-19 10:27 - 2015-07-19 10:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-19 10:21 - 2015-07-19 10:22 - 155875632 _____ (Apple Inc.) C:\Users\Robin\Downloads\iTunes6464Setup (1).exe
2015-07-16 21:31 - 2015-07-16 21:32 - 00035455 _____ C:\Users\Robin\Downloads\Passenger List - DFDS.XLSX
2015-07-15 19:24 - 2015-07-15 19:24 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-15 18:40 - 2015-07-09 18:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 18:40 - 2015-07-09 18:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 18:40 - 2015-07-09 18:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 18:40 - 2015-07-09 18:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 18:40 - 2015-07-09 18:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 18:40 - 2015-07-09 18:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 18:40 - 2015-07-09 18:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 18:40 - 2015-07-09 18:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 18:40 - 2015-07-09 18:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 18:40 - 2015-07-09 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 18:40 - 2015-07-09 18:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 18:40 - 2015-07-09 18:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 18:40 - 2015-07-09 18:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 18:40 - 2015-07-09 18:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 18:40 - 2015-07-09 18:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 18:40 - 2015-07-09 18:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 18:40 - 2015-06-25 09:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 18:40 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 18:40 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 18:39 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 18:39 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 18:39 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 18:39 - 2015-07-02 22:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 18:39 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 18:39 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 18:39 - 2015-07-02 21:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 18:39 - 2015-07-02 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 18:39 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 18:39 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 18:39 - 2015-07-02 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 18:39 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 18:39 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 18:39 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 18:39 - 2015-07-01 21:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 18:39 - 2015-07-01 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 18:39 - 2015-07-01 21:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 18:39 - 2015-07-01 21:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 18:39 - 2015-07-01 21:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 18:39 - 2015-07-01 21:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 18:39 - 2015-07-01 21:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 18:39 - 2015-07-01 21:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 18:39 - 2015-07-01 21:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 18:39 - 2015-07-01 20:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 18:39 - 2015-07-01 20:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 18:39 - 2015-07-01 20:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 18:39 - 2015-06-27 03:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 18:39 - 2015-06-27 03:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 18:39 - 2015-06-27 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 18:39 - 2015-06-27 02:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 18:39 - 2015-06-25 19:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 18:39 - 2015-06-25 18:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 18:39 - 2015-06-20 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 18:39 - 2015-06-20 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 18:39 - 2015-06-20 20:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 18:39 - 2015-06-20 20:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 18:39 - 2015-06-20 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 18:39 - 2015-06-20 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 18:39 - 2015-06-20 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 18:39 - 2015-06-20 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 18:39 - 2015-06-20 20:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 18:39 - 2015-06-20 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 18:39 - 2015-06-20 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 18:39 - 2015-06-20 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 18:39 - 2015-06-20 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 18:39 - 2015-06-20 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 18:39 - 2015-06-20 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 18:39 - 2015-06-20 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 18:39 - 2015-06-20 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 18:39 - 2015-06-20 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 18:39 - 2015-06-20 19:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 18:39 - 2015-06-20 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 18:39 - 2015-06-20 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 18:39 - 2015-06-20 19:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 18:39 - 2015-06-20 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 18:39 - 2015-06-19 19:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 18:39 - 2015-06-19 19:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 18:39 - 2015-06-19 19:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 18:39 - 2015-06-19 19:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 18:39 - 2015-06-19 19:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 18:39 - 2015-06-19 19:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 18:39 - 2015-06-19 19:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 18:39 - 2015-06-19 19:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 18:39 - 2015-06-19 19:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 18:39 - 2015-06-19 19:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 18:39 - 2015-06-19 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 18:39 - 2015-06-19 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 18:39 - 2015-06-19 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 18:39 - 2015-06-19 18:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 18:39 - 2015-06-19 18:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 18:39 - 2015-06-19 18:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 18:39 - 2015-06-19 18:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 18:39 - 2015-06-19 18:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 18:39 - 2015-06-19 18:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 18:39 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 18:39 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 18:39 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 18:39 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 18:39 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 18:39 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 18:39 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 18:39 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 18:39 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 18:39 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 18:38 - 2015-07-01 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 18:38 - 2015-07-01 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 18:38 - 2015-07-01 21:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 18:38 - 2015-07-01 21:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 18:38 - 2015-07-01 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 18:38 - 2015-07-01 21:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 18:38 - 2015-07-01 21:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 18:38 - 2015-07-01 21:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 18:38 - 2015-07-01 21:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 18:38 - 2015-07-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 18:38 - 2015-07-01 21:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 18:38 - 2015-07-01 21:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 18:38 - 2015-07-01 21:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 18:38 - 2015-07-01 21:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 18:38 - 2015-07-01 21:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 18:38 - 2015-07-01 21:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 18:38 - 2015-07-01 21:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 18:38 - 2015-07-01 21:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 18:38 - 2015-07-01 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 18:38 - 2015-07-01 21:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 18:38 - 2015-07-01 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 18:38 - 2015-07-01 21:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 18:38 - 2015-07-01 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 18:38 - 2015-07-01 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 18:38 - 2015-07-01 21:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 18:38 - 2015-07-01 21:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 18:38 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 18:38 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 18:38 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 18:38 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 18:38 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 18:38 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 18:38 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 18:38 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 18:38 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 18:38 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 18:38 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 18:38 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-08 20:01 - 2015-07-08 20:01 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-07-02 19:38 - 2015-07-02 19:58 - 00000000 ____D C:\Users\Robin\Downloads\Edward Sharpe & The Magnetic Zeros Album Discography [2009-2013] [FLAC 24.96] [VINYL]
2015-07-02 19:36 - 2015-07-02 19:38 - 00000000 ____D C:\Users\Robin\Downloads\Edward Sharpe And The Magnetic Zeros-Here (2012) 320Kbit(mp3) DMT
2015-07-02 19:32 - 2015-07-02 19:35 - 00000000 ____D C:\Users\Robin\Downloads\Edward Sharpe And The Magnetic Zeros - Edward Sharpe And The Magnetic Zeros (Deluxe Edition) 2013 320kbps CBR MP3 [VX] [P2PDL]
2015-07-02 19:32 - 2015-07-02 19:32 - 00014365 _____ C:\Users\Robin\Downloads\MONOVA.ORG Edward Sharpe And The Magnetic Zeros - Edward Sharpe And The Magnetic Zeros (Deluxe Edition) 2013 320kbps CBR .torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-01 23:12 - 2013-07-15 18:30 - 00000000 ____D C:\FRST
2015-08-01 22:48 - 2011-12-02 14:19 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188762614-2608134952-2438736338-1000UA.job
2015-08-01 22:24 - 2012-04-30 10:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-01 22:04 - 2015-06-04 22:04 - 00000354 _____ C:\Windows\Tasks\PathGeneration.job
2015-08-01 21:41 - 2011-06-02 11:25 - 01396657 _____ C:\Windows\WindowsUpdate.log
2015-08-01 21:34 - 2009-07-14 05:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-01 21:34 - 2009-07-14 05:45 - 00028576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-01 21:31 - 2009-07-14 06:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-01 21:26 - 2013-08-07 00:40 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-08-01 21:26 - 2013-06-03 15:33 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-01 21:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-01 21:26 - 2009-07-14 05:51 - 00248707 _____ C:\Windows\setupact.log
2015-08-01 21:25 - 2015-06-21 20:29 - 00000000 ____D C:\AdwCleaner
2015-08-01 20:49 - 2013-10-06 22:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-31 17:48 - 2011-12-02 14:19 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188762614-2608134952-2438736338-1000Core.job
2015-07-30 15:08 - 2010-11-21 04:47 - 01101690 _____ C:\Windows\PFRO.log
2015-07-30 13:53 - 2015-04-17 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 13:39 - 2012-02-05 21:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-28 17:42 - 2014-04-30 17:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 22:01 - 2015-04-04 20:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-22 17:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-07-22 15:23 - 2009-07-14 05:45 - 00415208 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 16:22 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-19 22:26 - 2012-02-05 21:26 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Apple Computer
2015-07-16 23:54 - 2012-06-08 23:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-16 23:54 - 2012-06-08 23:53 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-07-16 23:50 - 2014-12-24 13:13 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-16 17:43 - 2011-12-02 14:19 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4188762614-2608134952-2438736338-1000UA
2015-07-16 17:43 - 2011-12-02 14:19 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4188762614-2608134952-2438736338-1000Core
2015-07-16 16:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 16:43 - 2014-12-10 17:28 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 23:18 - 2011-12-05 19:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 23:12 - 2013-08-18 00:26 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 19:24 - 2012-04-30 10:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 19:24 - 2012-04-30 10:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 19:24 - 2012-04-30 10:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 12:34 - 2014-09-02 22:12 - 00188416 ___SH C:\Users\Robin\Desktop\Thumbs.db
2015-07-13 19:55 - 2015-04-04 20:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-13 12:57 - 2012-02-05 21:26 - 00000000 ____D C:\Users\Robin\AppData\Local\Apple Computer
2015-07-10 23:13 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
2015-07-08 20:01 - 2011-06-02 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-05 11:08 - 2010-11-21 04:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2011-12-05 18:22 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 19:57 - 2014-07-09 11:13 - 00000000 ____D C:\Users\Robin\AppData\Roaming\uTorrent

==================== Files in the root of some directories =======

2015-08-01 21:20 - 2015-08-01 21:33 - 0000024 _____ () C:\Users\Robin\AppData\Roaming\appdataFr25.bin
2011-12-02 21:16 - 2013-10-17 20:01 - 0002926 _____ () C:\Users\Robin\AppData\Roaming\Rim.Desktop.Exception.log
2011-12-02 21:15 - 2014-04-12 13:26 - 0003125 _____ () C:\Users\Robin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-12-02 21:16 - 2013-10-17 20:01 - 0003003 _____ () C:\Users\Robin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2011-12-02 21:18 - 2013-10-06 12:04 - 0112128 _____ () C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-05 18:45 - 2011-12-05 18:46 - 0001567 _____ () C:\Users\Robin\AppData\Local\PDLSetup.20111205.174558.txt
2015-04-17 11:08 - 2015-04-17 11:16 - 0011730 _____ () C:\Users\Robin\AppData\Local\Temp-log.txt
2015-06-04 22:54 - 2015-06-04 22:54 - 0000000 _____ () C:\Users\Robin\AppData\Local\Temp.dat
2011-12-02 15:51 - 2011-12-02 15:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Robin\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Robin\AppData\Local\Temp\ose00000.exe
C:\Users\Robin\AppData\Local\Temp\Quarantine.exe
C:\Users\Robin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-18 12:19

==================== End of log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Robin (2015-08-01 23:14:12)
Running from C:\Users\Robin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4188762614-2608134952-2438736338-500 - Administrator - Disabled)
Guest (S-1-5-21-4188762614-2608134952-2438736338-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4188762614-2608134952-2438736338-1002 - Limited - Enabled)
Robin (S-1-5-21-4188762614-2608134952-2438736338-1000 - Administrator - Enabled) => C:\Users\Robin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«The Sims 3 Deluxe Edition» (build 4.1.1) (HKLM-x32\...\«The Sims 3 Deluxe Edition»_is1) (Version: - R.G. Catalyst)
µTorrent (HKU\S-1-5-21-4188762614-2608134952-2438736338-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
ChromecastApp (HKU\S-1-5-21-4188762614-2608134952-2438736338-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microformats for Google Chrome (HKLM-x32\...\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}) (Version: - "") <==== ATTENTION
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 10.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 en-GB)) (Version: 10.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2 r2384 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sky Go Desktop (HKU\S-1-5-21-4188762614-2608134952-2438736338-1000\...\580382228.go.sky.com) (Version: - go.sky.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.26.89 - Electronic Arts)
The Sims™ 3 В сумерках (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 Все возрасты (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Городская жизнь Каталог (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 Карьера (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
The Sims™ 3 Мир приключений (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)
The Sims™ 3 Отдых на природе Каталог (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
The Sims™ 3 Питомцы (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Скоростной режим Каталог (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.8.1 - Electronic Arts)
The Sims™ 3 Современная роскошь Каталог (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
Unity Web Player (HKU\S-1-5-21-4188762614-2608134952-2438736338-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unrar Extract and Recover 4.0 (HKLM-x32\...\{EB8A9AE9-9305-4658-B6D8-5DF2142007E2}_is1) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (HKLM-x32\...\WinRAR 4.01) (Version: - )
WinRAR 4.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.4 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4188762614-2608134952-2438736338-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

19-07-2015 10:26:21 Installed iTunes
19-07-2015 17:12:19 Windows Update
22-07-2015 00:09:50 Windows Update
27-07-2015 22:09:00 Windows Update
28-07-2015 17:40:57 Windows Update
30-07-2015 15:04:20 Revo Uninstaller's restore point - SpyHunter 4
01-08-2015 21:16:04 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0367F41F-CDC1-4105-B116-8AA7BE8250BC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {2A0FB66C-3DED-4D9A-81F8-BCEACA3F5E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4188762614-2608134952-2438736338-1000UA => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {5EA4ABB4-A53F-4B99-996A-5D31614B72B8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ADDB3D59-EC06-42D1-A330-5A73DD6012C6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B352B82F-47D8-4731-BDCC-96559975472A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {BA6AFFB1-4B5E-41C0-9985-C3FE7B53ED73} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {C4E5FC2D-708E-4A96-9FB4-6B82F532E531} - System32\Tasks\PathGeneration => c:\programdata\{756015df-dadb-8ecd-7560-015dfdad577f}\7746722258598971498b.exe <==== ATTENTION
Task: {D846EA12-659F-4014-A7CE-CD71771899E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {DBDFA496-EF42-4C7B-9811-95ADAAA7BAB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4188762614-2608134952-2438736338-1000Core => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188762614-2608134952-2438736338-1000Core.job => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188762614-2608134952-2438736338-1000UA.job => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PathGeneration.job => c:\programdata\{756015df-dadb-8ecd-7560-015dfdad577f}\7746722258598971498b.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-22 14:29 - 2015-03-22 14:29 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-03-22 14:29 - 2015-03-22 14:29 - 00775872 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-03-22 14:28 - 2015-03-22 14:28 - 00022016 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.dll
2014-10-16 22:48 - 2014-10-16 22:48 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f 688fd0784df6d7fb\IsdiInterop.ni.dll
2011-06-02 11:31 - 2010-11-06 05:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-25 21:57 - 2015-05-22 21:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 21:57 - 2015-05-22 21:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-07-15 18:19 - 2015-07-13 10:14 - 16307888 _____ () C:\Users\Robin\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4188762614-2608134952-2438736338-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper .jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RoxWatchTray => "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8A79F521-6EE9-4E61-8375-26D67FA5CA91}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{CE208332-18F4-437A-B420-9245091429F0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{86347479-EA8D-40D6-BFA5-02688775D6C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{54A924DD-243A-4959-8C29-E51386BEF570}] => (Allow) LPort=2869
FirewallRules: [{9FD0DA75-DD97-4CCA-BF3D-F8F3D9584FD7}] => (Allow) LPort=1900
FirewallRules: [{D22A7DD9-DDC0-4A22-B580-ADA4E50FEC58}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2031BB6D-35B9-4BD0-AD7B-F13182131B2B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{18CB0AD2-07A5-4E0D-9E51-0B0A3DECFE67}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{AD7A0632-253A-48C6-A4DC-0FE7880E50CB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{AFBDB176-3DC6-4EC4-A601-0C22E31CB6C7}C:\users\robin\appdata\local\temp\keygen.exe] => (Allow) C:\users\robin\appdata\local\temp\keygen.exe
FirewallRules: [UDP Query User{D885CF02-8219-4FF4-AC2F-DB6A5FC8022C}C:\users\robin\appdata\local\temp\keygen.exe] => (Allow) C:\users\robin\appdata\local\temp\keygen.exe
FirewallRules: [{0F14A6C4-8284-4BA7-A2C0-6DA8457B299A}] => (Block) C:\users\robin\appdata\local\temp\keygen.exe
FirewallRules: [{6218DB30-C05E-4070-835E-E532D7B02949}] => (Block) C:\users\robin\appdata\local\temp\keygen.exe
FirewallRules: [TCP Query User{8889D389-87FF-4709-8216-F44643487AA2}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{864AB18A-508E-489A-A949-3B6D8D710FAD}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [{AC0ADBD5-8383-47C9-85F5-37EC25E23F1B}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [{D4C4A7D4-4E5E-4076-BA5A-C9EA474279B5}] => (Allow) C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9DDD638-7921-4EA8-B9B7-773029E99A6A}] => (Allow) C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8DC621D6-BC9A-4C89-B044-94B201E82B30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B94FFD1D-0273-4514-8E48-32225C2B4A9D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6FB9451D-7846-40C1-9BE3-C573A64FF655}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{30D3F345-EBB0-42B5-A0F3-A74C05DDE7D0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14B2CB2D-B7E3-4CAA-A52D-17B7BDC70A91}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{850B0FCA-339F-4518-9034-51B9FCC74133}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{E050A785-4A98-4C81-B88F-71F241223A48}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{BB302C37-A81A-4478-8984-A8673D930BD2}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{8653E6EB-1B5B-46E0-A078-C14B2EC3C357}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{BBEA4B9B-54F5-40DB-AF1B-57320DE81B05}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{7F10E8DA-B9B5-4E4D-AD37-DAF0052287E8}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{9477446B-60D0-46AD-8630-26A316C88C1B}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{8FFCF443-994D-4565-940B-43C2BC5D85C7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{EC4F042F-3BF3-42D4-ADE4-B3979CA91894}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2A4C9C77-39EA-479C-B488-EEB8D85804D6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{29905F4C-A929-4E82-A215-F4731EB76B67}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{D0394991-A855-4815-B6C7-B72468E999A8}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{B0186F57-40A3-4259-970F-4AD536ABF736}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{32F3DC3E-096B-469B-AEDD-D37941FA6CC5}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1039FAC0-DA8A-4DDF-BCD4-785E14047B8E}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [TCP Query User{6394E772-B222-4415-956D-F4239D13CADA}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{8B4949E4-B7FD-4F93-B5E4-80F22AF54574}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{0B3D0EB5-0AD8-4CED-9877-9B762EE1E4BE}C:\users\robin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\robin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{3925E5A9-64CC-4A11-9891-0261F3826EC9}C:\users\robin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\robin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{1D5A7466-316F-4DCE-8C8C-0FDBDCA2B9DF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C6E1B189-1B8C-4D1C-A874-0E113702C407}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B097FF86-01C2-440F-832B-9CAFF4026F90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DEF49B00-6CA5-472F-A2D5-A0487E7241EA}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2015 09:26:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 09:20:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 09:05:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 08:50:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2015 03:51:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 10:15:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 10:12:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:23:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 03:15:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 03:11:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/01/2015 10:34:55 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/01/2015 09:46:36 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/01/2015 09:41:34 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/01/2015 09:36:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (08/01/2015 09:36:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/01/2015 09:35:59 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/01/2015 09:28:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/01/2015 09:27:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/01/2015 09:25:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/01/2015 09:25:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll


Microsoft Office:
=========================
Error: (08/01/2015 09:26:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 09:20:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 09:05:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 08:50:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2015 03:51:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 10:15:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 10:12:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 08:23:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 03:15:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 03:11:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 4003.18 MB
Available physical RAM: 2371.5 MB
Total Virtual: 8004.57 MB
Available Virtual: 5718.24 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:303.46 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6C036A0C)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End of log ============================
Search

Chrome "Unable to connect to proxy server"

August 2, 2015, 3:45 am
$
0
0
That is showing every sign of a pirated operating system and office with illegal activation hacks clearly showing in the logs
We do not assist with pirated sytems
Topic closed

Keyboard Issues

August 2, 2015, 12:43 pm
$
0
0
So -- I'm not even sure this is a malware related issue, but I suppose it could be. Every once in awhile when I am typing, either in Word or on the web, without any reason at all, letters will start typing in all caps. And I'm not hitting the caps lock button.

When the system is in this state, the shift button no longer capitalizes or lowercases letters. Shift just doesn't work. The only way I know of to get a lowercase letter is by pressing CAPS LOCK. But when caps lock is pressed, letters will all be lowercase. When I press caps lock again, it is in all uppercase. This is annoying because when it is in this state, I can't make any sentences with both capital and lowercase letters.


I figured out that if I open a command prompt, and press the shift button and various letters in there, it will take me out of this state.

I just have no idea what is causing this. Nothing comes up on a virus scan -- FYI I am running Webroot virus scanner and Windows XP.

A little bit more background... Not sure this is in any way relevant to my problem here, but here it is. Earlier, my Chrome browser had an annoying thing called "Binkiland" on there for a long time. So I recently went through a bunch of websites, one told me to go through my the windows registry to delete all references to binkyland, which I did. Binkyland is no more.

The other recent change was I uninstalled Norton (subscription ran out) and installed Webroot. Hard to believe that installing Webroot would have caused this issue. Here's what the sysinfo utility says:


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz, x86 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 2046 Mb
Graphics Card: ATI Radeon HD 5700 Series, 1024 Mb
Hard Drives: C: Total - 49999 MB, Free - 7413 MB; D: Total - 665395 MB, Free - 53408 MB; F: Total - 1430796 MB, Free - 58493 MB; H: Total - 953866 MB, Free - 219697 MB;
Motherboard: ASUSTeK Computer INC., P5N32-E SLI
Antivirus: Webroot SecureAnywhere, Updated: Yes, On-Demand Scanner: Enabled

malware removal from samsung galaxy alpha

August 2, 2015, 12:47 pm
$
0
0
Hi Guys, I own a Samsung Galaxy Alpha android phone and when browsing the internet on Sat using the Samsung browser I inadvertently picked up a virus. Its a ransom note demanding $300 to unlock my browser. The website says thegradations.com/2/1. I don't seem to be able to remove it using anti-malware scans. I have also tried to find the guilty app by going to settings in safe mode, but with no success. Everything works normally if I use another browser. Some advice and help would be much appreciated. I have never used a forum before, so please excuse any errors. I am open to improving my skills. Thanks, lvpmitch

Microsoft Updates Stuck Since 7/15, Computer Runs Slowly

August 2, 2015, 1:58 pm
$
0
0
Been a long time since I needed help here, but haven't had too much problems with my computers. Recently, though, my computer has been running slowly and Microsoft updates since July 15th are not downloading or installing, so I'm suspecting either malware or failing equipment. Here with TSG SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 2932 Mb
Graphics Card: Intel(R) HD Graphics, 1242 Mb
Hard Drives: C: Total - 290142 MB, Free - 204045 MB;
Motherboard: Dell Inc., 08VFX1
Antivirus: Microsoft Security Essentials, Updated and Enabled

Thanks for any help!

Edited to add: Malwarebytes updates normally, found nothing.

network virus

August 2, 2015, 3:16 pm
$
0
0
I think you may have wanted me to reply here instead of a new thread. srry

BING Hijacking & Computer Freezes

August 2, 2015, 3:35 pm
$
0
0
Hi:

I have 2 current problems. My computer has been freezing up for some time. Recently, the fan has started running much faster than normal and certain programs have become unmanageable, especially gmail. Text lags behind typing so much it's almost impossible to write an email. Just typing this message, for example, is tough.

Yesterday, things got much worse and I saw that several new programs had installed themselves on the computer. I researched them all and determined that they were malware so I uninstalled all of them immediately. However, simultaneously Bing took over both Firefox and IE. I've tried to get rid of it but nothing seems to work. In Firefox, I have the Morning Coffee add-on installed. This opens 4 different sites as my "home pages." Bing tried to take over the homepage function as well as search engine but I reinstalled the original 4 sites. Now, if I open a 5th tab, instead of being Google it's Bing.

Bing never shows up in the Control Panel list of installed programs so I downloaded Revo Uninstaller but it doesn't show there either.

This is driving me absolutely bananas. Any help most appreciated.

Jane


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8067 Mb
Graphics Card: AMD Radeon HD 7730M, -2048 Mb
Hard Drives: C: Total - 715301 MB, Free - 557052 MB;
Motherboard: Dell Inc., 0HDRR5
Antivirus: Microsoft Security Essentials, Updated and Enabled

Annoying redirection

August 3, 2015, 9:11 am
$
0
0
Hey guys,

I randomly have started to get redirection on my search on google chrome through yahoo search and anytime I search on google , I get annoying "It's Result Hub ads" on my screen. I've installed super antispyware remover and anti malwarebytes as well and none of which have helped solve my problem. I'm really stuck on what to do from here and hope I can get some help. I also reinstalled google chrome which did no good :(. In addition, I've also reset my settings in google chrome and removed all extensions which has still not fixed my problem. Any help is appreciated! Thanks

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro, 64 bit
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8050 Mb
Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
Hard Drives: C: Total - 228582 MB, Free - 133955 MB; E: Total - 476936 MB, Free - 314136 MB;
Motherboard: LENOVO, Lenovo
Antivirus: Windows Defender, Disabled
Search

Windows 7 Laptop Hijacked - Help please!

August 4, 2015, 12:16 pm
$
0
0
Thanks for the help everyone but I couldn't get any response from my machine without defaulting it. I chose to factory default it (alt-f10 on startup for anyone who's interested) and chose not to save any info on the drive so there was no chance of any nasties still lurking there. I have my work and any other data stored on a cloud drive so there wasn't anything that I was going to overwrite that can't be retrieved. I know that my problem hasn't really been solved but at least I now have a machine that is fast(ish). We will have to see for how long......

Malware

August 4, 2015, 4:17 pm
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics, AMD64 Family 22 Model 48 Stepping 1
Processor Count: 4
RAM: 7103 Mb
Graphics Card: AMD Radeon (TM) R7 M260, -2048 Mb
Hard Drives: C: Total - 690422 MB, Free - 617511 MB; D: Total - 23076 MB, Free - 2310 MB;
Motherboard: Hewlett-Packard, 2269
Antivirus: Norton Internet Security, Updated and Enabled

Internet not working after removal of malware using AdwCleaner

August 6, 2015, 12:23 pm
$
0
0
The logs show clear signs of an activation hack for windows/office
we do not assist with pirated windows/office so this topic is now closed

Trojan.Agent/Gen-FakeAV

August 6, 2015, 1:42 pm
$
0
0
I have ran my super anti Spyware and it picks up the Trojan.Agent/Gen-Fake AV but won't remove it or quarantine it either . My virus protection (Avast) does not pick it up. I have tried adware cleaner and nothing is helping. PLEASE someone help.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro, 64 bit
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 12240 Mb
Graphics Card: NVIDIA GeForce GTX 660M, -2048 Mb
Hard Drives: C: Total - 285710 MB, Free - 209104 MB; D: Total - 407733 MB, Free - 407050 MB; E: Total - 357700 MB, Free - 357116 MB; F: Total - 357701 MB, Free - 357117 MB;
Motherboard: ASUSTeK COMPUTER INC., G75VW
Antivirus: Windows Defender, Disabled

dregol

August 7, 2015, 12:56 am
$
0
0
Hello, harvey321. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)


As we will need to run some tools on the infected computer, we will have to get them there first.

You're saying that you cannot access the Internet from it. Do you by any chance have an USB Drive? We could use it to move tools between your computers.

Think I have a Virus

August 7, 2015, 3:07 pm
$
0
0
Do you have access to another non-infected computer? If so, please download FRST64 on that computer

link: For 64 bit Systems

copy it onto a USB drive, and then copy it from the USB drive onto the DESKTOP of your infected computer.

Once you have plugged the USB into your infected computer, DO NOT plug it into any other computer until we can protect that computer. It can easily transmit the virus.

If that does not work, let's try the following:

Boot to Safe Mode – Windows 8/8.1
  • go to the Control Panel -->System and Security --> Administrative Tools. Here you will find the System Configuration shortcut. Click or tap on it.
  • Go to the Boot tab and, in the Boot options section check the box that says "Safe boot". You will also see four options: Minimal, Alternate Shell, Active Directory, and Network. For this procedure, please click on “Network”
  • Then, click or tap OK.
  • You are informed that you need to restart your computer. Click Restart.
  • The computer will restart in safe mode


FRST Scan

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.


Let me know if one of these methods works (and please post the logs.)

ShowMyPC scam

August 7, 2015, 4:55 pm
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 16345 Mb
Graphics Card: NVIDIA GeForce GT 620, 1024 Mb
Hard Drives: C: Total - 944100 MB, Free - 208953 MB;
Motherboard: Dell Inc., 0NW73C
Antivirus: Norton 360, Updated and Enabled

I was contacted by someone who said they were from Dell, but weren't as I found out later. I installed showmypc because they said my computer was downloading malicious software. They controlled my PC until I hung up the phone and reset my pc. I contacted Dell who said it wasn't them, so I disconnected from the internet while I went for dinner. When I got back, I rolled back my windows 10 install to the 8.1 I have now, hoping to get rid of whatever they did. I don't see the teamviewer and the showmypc file but how do I make sure? Thank you in advance
Search

Faulty Internet and slow startup, DNS Server Changed error

August 8, 2015, 9:34 pm
$
0
0
In opening chrome today I've had errors in which my internet icon flickers on and off. It is connected to the internet but it's slower than usual and sometimes it just disconnects and reconnects on its own.

The disk cleanup has done the best results but my internet still shows the "DNS Network changed" error at times. It used to disconnect so badly that it would say I had no internet connection at all. I'm not sure if its malware or a virus or if my USB internet adapter is finally giving itself out and I have to buy a new one. But if it isn't a virus and it's just my usb adapter then let me know.

Edit: As of today, August 9th, my internet has returned (but slow) but my startup is still laggy. I also forgot to mention that my internet connection was working fine on my father's and brother's laptop, and I was the only one with connectivity issues, which is why I was unsure what was causing the problem.


System Info
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 5943 Mb
Graphics Card: Intel(R) HD Graphics, -1348 Mb
Hard Drives: C: Total - 705244 MB, Free - 602851 MB;
Motherboard: Dell Inc., 0C2KJT
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:21:51 PM, on 8/8/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
CHROME: 44.0.2403.130

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Alexis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alexis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alexis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alexis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Alexis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alexis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tumblr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alexis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29R212K205RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Boot Delay Start Service (mcbootdelaystartsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 13638 bytes

interruption

August 9, 2015, 10:57 pm
$
0
0
sounds like malware to me
moved to malware cleaning

Step 1
Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

Suspected malware

August 10, 2015, 9:42 am
$
0
0
Okay Cody, here are the files
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-08-2015
Ran by Administrador (administrator) on USUARIO-061D4ED (10-08-2015 11:35:20)
Running from C:\Documents and Settings\Administrador\Mis documentos\Downloads
Loaded Profiles: Administrador (Available Profiles: Administrador)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Español (alfabetización internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
(brother Industries Ltd) C:\WINDOWS\system32\brsvc01a.exe
(brother Industries Ltd) C:\WINDOWS\system32\brss01a.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Apple Inc.) C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Archivos de programa\Bonjour\mDNSResponder.exe
(Comodo) C:\Archivos de programa\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Yahoo! Inc.) C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Apple Inc.) C:\Archivos de programa\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Archivos de programa\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Archivos de programa\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Archivos de programa\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE
() C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\Viber.exe
(BitTorrent Inc.) C:\DOCUME~1\ADMINI~1\DATOSD~1\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Archivos de programa\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Archivos de programa\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Archivos de programa\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-07] (AVAST Software)
HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\Run: [Skype] => C:\Archivos de programa\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\Run: [L08EXLRD_34474125] => C:\Archivos de programa\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-23] (Microsoft Corporation)
HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\Run: [Viber] => C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\Viber.exe [776400 2015-02-25] ()
HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\Run: [BitTorrent] => C:\Documents and Settings\Administrador\Datos de programa\BitTorrent\BitTorrent.exe [1998952 2015-08-04] (BitTorrent Inc.)
Startup: C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\Supervisar alertas de tinta - HP Deskjet 1510 series.lnk [2015-07-30]
ShortcutTarget: Supervisar alertas de tinta - HP Deskjet 1510 series.lnk -> C:\Archivos de programa\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Archivos de programa\AVAST Software\Avast\ashShell.dll [2015-08-07] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2007-02-11] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Archivos de programa\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Archivos de programa\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Archivos de programa\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Archivos de programa\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Archivos de programa\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Archivos de programa\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
GroupPolicyScripts: Group Policy detected <======= ATTENTION
CHR HKU\S-1-5-21-1343024091-1425521274-725345543-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-1343024091-1425521274-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/
HKU\S-1-5-21-1343024091-1425521274-725345543-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.msn.com/
HKU\S-1-5-21-1343024091-1425521274-725345543-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/
HKU\S-1-5-21-1343024091-1425521274-725345543-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {04B09FAA-7168-4221-A49D-B55E5F7CE70A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {3CCD0BDC-3256-4361-94EE-DB53D6C0D2D8} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {8038A243-3327-4075-BEC6-ADA5D19F7CC3} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {8659B4B3-9404-48D7-9EB8-7F806A0B4187} URL = http://video.yahoo.com/search/?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {8D4D6C01-1587-464C-9E02-49FAEA92558D} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKLM -> {DABF3F79-F5F7-4420-9D83-B29B83AC6535} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> {0093B600-CD2E-4309-836A-7AA5C307738B} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> {04B09FAA-7168-4221-A49D-B55E5F7CE70A} URL =
SearchScopes: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> {07F36C07-FF2F-4531-BE55-F26D1A235EA0} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> {1D0D52FD-C895-4676-982C-359D1F7DD1C1} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> {5073B6F2-AAA8-4100-9AC9-E28CA6EFCBDB} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> {B4B3DE88-662E-45C0-906F-0560D0412A35} URL = http://video.yahoo.com/search/?p={searchTerms}&fr=yie7c
SearchScopes: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> {CA5F7CB1-1981-48EC-BB1E-85778EA008C0} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Archivos de programa\Java\jre1.8.0_25\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll [2015-08-07] (AVAST Software)
BHO: Windows Live Aplicación auxiliar de inicio de sesión -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Archivos de programa\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-10-12] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Archivos de programa\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1343024091-1425521274-725345543-500 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplug...?1270785264281
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://alynurincolombia.spaces.live....d/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2007-08-28] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2007-08-28] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2007-08-28] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2007-08-28] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2007-08-28] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll [2006-10-26] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2007-08-28] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2007-08-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll [2010-04-16] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Archivos de programa\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 181.48.0.231
Tcpip\..\Interfaces\{AF3BBFFC-A8DF-4F1A-94AF-72DD00BDC9FF}: [DhcpNameServer] 190.157.8.33 181.48.0.231
Tcpip\..\Interfaces\{F52352A1-530D-4161-915E-59956314A755}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\piwwtno3.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.com.co
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Archivos de programa\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Archivos de programa\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Archivos de programa\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Archivos de programa\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Archivos de programa\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Archivos de programa\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-12] (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Archivos de programa\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-02-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Archivos de programa\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-02-02] (RealNetworks, Inc.)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\Administrador\Datos de programa\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Archivos de programa\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Archivos de programa\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Archivos de programa\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1343024091-1425521274-725345543-500: @acestream.net/acestreamplugin,version=2.2.5-next -> C:\Documents and Settings\Administrador\Datos de programa\ACEStream\player\npace_plugin.dll [2014-06-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1343024091-1425521274-725345543-500: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Administrador\Datos de programa\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-1343024091-1425521274-725345543-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\nppl3260.dll [2010-02-02] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\npqtplugin.dll [2014-11-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\npqtplugin2.dll [2014-11-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\npqtplugin3.dll [2014-11-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\npqtplugin4.dll [2014-11-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\npqtplugin5.dll [2014-11-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Archivos de programa\mozilla firefox\plugins\nprpjplug.dll [2010-02-02] (RealNetworks, Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\piwwtno3.default\searchplugins\bingp.xml [2015-01-20]
FF SearchPlugin: C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\piwwtno3.default\searchplugins\live-search.xml [2009-05-19]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\piwwtno3.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [2013-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Archivos de programa\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Archivos de programa\AVAST Software\Avast\WebRep\FF [2015-08-07]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF ExtraCheck: C:\Archivos de programa\mozilla firefox\defaults\pref\itms.js [2015-07-09]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-18]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-18]
CHR Extension: (Heap Note) - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\hkpiejadkdojdbfgfocaoahhbepnlpph [2013-06-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Archivos de programa\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-07]
CHR HKLM\...\Chrome\Extension: [okkbcpjgdooahcefofhjdpacngfecaaa] - C:\Archivos de programa\Lyrics_Fan\126.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device; C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744 2015-01-19] (Apple Inc.)
S3 AresChatServer; C:\Archivos de programa\Ares\chatServer.exe [263168 2007-03-19] (Ares Development Group) [File not signed]
R2 avast! Antivirus; C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-07] (AVAST Software)
R2 Bonjour Service; C:\Archivos de programa\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
R2 DragonUpdater; C:\Archivos de programa\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
S3 fsssvc; C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe [704872 2010-04-28] (Microsoft Corporation)
S2 gupdate; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
S3 gupdatem; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
S2 gusvc; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [194104 2011-10-12] (Google)
R3 iPod Service; C:\Archivos de programa\iPod\bin\iPodService.exe [540968 2015-02-13] (Apple Inc.)
S2 MBAMService; C:\Archivos de programa\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MozillaMaintenance; C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe [148136 2015-07-09] (Mozilla Foundation)
S3 odserv; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [443776 2007-08-24] (Microsoft Corporation)
S3 ose; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
R2 SeaPort; C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [226656 2009-01-14] (Microsoft Corp.)
S2 SkypeUpdate; C:\Archivos de programa\Skype\Updater\Updater.exe [327296 2015-06-25] (Skype Technologies)
S3 TuneUp.Defrag; C:\WINDOWS\System32\TuneUpDefragService.exe [355584 2014-07-25] (TuneUp Software GmbH)
S3 WMPNetworkSvc; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [916480 2006-11-03] (Microsoft Corporation)
R2 YahooAUService; C:\Archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392 2008-11-09] (Yahoo! Inc.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-07] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-07] (AVAST Software)
S3 BrScnUsb; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [15263 2003-12-19] (Brother Industries Ltd.) [File not signed]
S3 BrSerIf; C:\WINDOWS\System32\Drivers\BrSerIf.sys [51712 2004-06-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [11648 2004-01-10] (Brother Industries Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 thdudf; C:\WINDOWS\System32\DRIVERS\thdudf.sys [66944 2006-11-11] (TOSHIBA Corporation) [File not signed]
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1617408 2009-11-25] (VIA Technologies, Inc.)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 AsrCDDrv; \??\C:\WINDOWS\system32\Drivers\AsrCDDrv.sys [X]
S3 MREMP50; \??\C:\ARCHIV~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\ARCHIV~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\ARCHIV~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\ARCHIV~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\ARCHIV~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\ARCHIV~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 11:34 - 2015-08-10 11:35 - 00000000 ____D C:\FRST
2015-08-09 15:28 - 2015-08-10 11:09 - 00000238 _____ C:\WINDOWS\Tasks\Notificación de inicio de sesión de fin de servicio de Microsoft Windows XP.job
2015-08-09 15:28 - 2015-08-09 20:51 - 00000232 _____ C:\WINDOWS\Tasks\Notificación mensual de fin de servicio de Microsoft Windows XP.job
2015-08-08 21:17 - 2015-08-08 21:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$
2015-08-08 21:17 - 2015-08-08 21:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
2015-08-08 21:16 - 2015-08-08 21:17 - 00001321 _____ C:\WINDOWS\updspapi.log
2015-08-08 21:16 - 2015-08-08 21:16 - 00005750 _____ C:\WINDOWS\KB2934207.log
2015-08-08 21:16 - 2015-08-08 21:16 - 00004813 _____ C:\WINDOWS\KB2904266.log
2015-08-08 21:16 - 2015-08-08 21:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2934207$
2015-08-08 21:16 - 2015-08-08 21:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$
2015-08-08 21:16 - 2015-08-08 21:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$
2015-08-08 21:16 - 2015-08-08 21:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2015-08-08 21:16 - 2015-08-08 21:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2015-08-08 21:02 - 2015-08-08 21:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2015-08-08 21:02 - 2015-08-08 21:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2015-08-08 20:47 - 2015-08-08 20:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2015-08-08 20:46 - 2015-08-08 20:47 - 00004332 _____ C:\WINDOWS\KB2914368.log
2015-08-08 20:03 - 2015-08-08 21:17 - 00010730 _____ C:\WINDOWS\KB2922229.log
2015-08-08 20:03 - 2015-08-08 21:17 - 00010543 _____ C:\WINDOWS\KB2916036.log
2015-08-08 20:03 - 2014-02-26 18:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-08-08 20:03 - 2014-02-26 18:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-08-08 19:58 - 2015-08-08 21:16 - 00009999 _____ C:\WINDOWS\KB2898715.log
2015-08-08 19:58 - 2015-08-08 21:16 - 00009591 _____ C:\WINDOWS\KB2930275.log
2015-08-08 19:58 - 2015-08-08 21:16 - 00008676 _____ C:\WINDOWS\KB2929961.log
2015-08-08 19:54 - 2015-08-08 21:02 - 00008399 _____ C:\WINDOWS\KB2893294.log
2015-08-08 19:53 - 2015-08-08 21:02 - 00007810 _____ C:\WINDOWS\KB2892075.log
2015-08-08 18:45 - 2015-08-08 18:45 - 00004444 _____ C:\WINDOWS\system32\pid.PNF
2015-08-08 11:07 - 2015-08-08 11:07 - 00010282 _____ C:\WINDOWS\DPINST.LOG
2015-08-07 22:57 - 2015-08-07 22:59 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 22:57 - 2015-08-07 22:57 - 00000826 _____ C:\Documents and Settings\All Users\Escritorio\Malwarebytes Anti-Malware.lnk
2015-08-07 22:57 - 2015-08-07 22:57 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Malwarebytes Anti-Malware
2015-08-07 22:56 - 2015-08-07 22:57 - 00000000 ____D C:\Archivos de programa\Malwarebytes Anti-Malware
2015-08-07 22:56 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-07 22:56 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-07 22:45 - 2015-08-07 22:45 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\AVAST Software
2015-08-07 22:42 - 2015-08-08 21:17 - 00072716 _____ C:\WINDOWS\iis6.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00068011 _____ C:\WINDOWS\FaxSetup.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00032516 _____ C:\WINDOWS\ocgen.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00031037 _____ C:\WINDOWS\tsoc.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00022649 _____ C:\WINDOWS\comsetup.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00021100 _____ C:\WINDOWS\msmqinst.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00013663 _____ C:\WINDOWS\ntdtcsetup.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00011913 _____ C:\WINDOWS\netfxocm.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00004675 _____ C:\WINDOWS\MedCtrOC.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00003762 _____ C:\WINDOWS\ocmsn.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00003421 _____ C:\WINDOWS\tabletoc.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00003399 _____ C:\WINDOWS\msgsocm.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00001355 _____ C:\WINDOWS\imsins.log
2015-08-07 22:42 - 2015-08-08 21:17 - 00001355 _____ C:\WINDOWS\imsins.BAK
2015-08-07 22:42 - 2015-08-07 22:42 - 00001752 _____ C:\Documents and Settings\All Users\Escritorio\Avast Free Antivirus.lnk
2015-08-07 22:42 - 2015-08-07 22:42 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\AVAST Software
2015-08-07 22:41 - 2015-08-10 11:15 - 00000392 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-07 22:41 - 2015-08-10 11:05 - 00025546 _____ C:\WINDOWS\setupapi.log
2015-08-07 22:41 - 2015-08-07 22:42 - 00013202 _____ C:\WINDOWS\Wdf01009Inst.log
2015-08-07 22:41 - 2015-08-07 22:41 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-07 22:41 - 2015-08-07 22:41 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-07 22:41 - 2015-08-07 22:41 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-07 22:41 - 2015-08-07 22:41 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-07 22:41 - 2015-08-07 22:41 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-07 22:41 - 2015-08-07 22:41 - 00000000 _____ C:\WINDOWS\setupact.log
2015-08-07 22:41 - 2015-08-07 22:40 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-07 22:41 - 2015-08-07 22:40 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-07 22:41 - 2015-08-07 22:40 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-07 22:41 - 2015-08-07 22:40 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-07 22:41 - 2015-08-07 22:40 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-07 22:41 - 2015-08-07 22:40 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-07 22:40 - 2015-08-07 22:40 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-07 22:27 - 2015-08-07 22:27 - 00000000 ____D C:\Archivos de programa\AVAST Software
2015-08-07 16:36 - 2015-08-07 16:36 - 00000000 ____D C:\Archivos de programa\Seagate
2015-08-07 16:33 - 2015-08-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Accessories
2015-08-07 15:41 - 2015-08-07 15:41 - 00000232 _____ C:\Documents and Settings\Administrador\Mis documentos\CheckDiskGUI.txt
2015-08-06 08:39 - 2015-08-06 08:39 - 00002006 _____ C:\Documents and Settings\Administrador\Escritorio\HP Deskjet 1510 series (2).lnk
2015-08-06 08:37 - 2015-08-08 01:11 - 00000000 ____D C:\Documents and Settings\Administrador\Escritorio\Accesos directos de escritorio no usados
2015-08-06 08:09 - 2015-08-06 08:09 - 00000000 ____D C:\Documents and Settings\Administrador\Mis documentos\BitTorrent Edition Music Collection - April 2011
2015-08-05 15:08 - 2015-08-05 15:08 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\HashCalc
2015-08-05 15:08 - 2015-08-05 15:08 - 00000000 ____D C:\Archivos de programa\HashCalc
2015-08-04 16:46 - 2015-08-04 16:46 - 00000791 _____ C:\Documents and Settings\All Users\Escritorio\InfraRecorder.lnk
2015-08-04 16:46 - 2015-08-04 16:46 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\InfraRecorder
2015-08-04 16:46 - 2015-08-04 16:46 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\InfraRecorder
2015-08-04 16:46 - 2015-08-04 16:46 - 00000000 ____D C:\Archivos de programa\InfraRecorder
2015-08-04 16:23 - 2015-08-04 16:23 - 00000000 ____D C:\Documents and Settings\Administrador\Mis documentos\Ashampoo Burning Studio 14
2015-08-04 15:10 - 2015-08-06 13:52 - 00000000 ____D C:\Documents and Settings\Administrador\Mis documentos\Payments
2015-08-04 12:15 - 2015-08-04 12:15 - 00002717 _____ C:\Documents and Settings\Administrador\Menú Inicio\BitTorrent.lnk
2015-08-04 12:12 - 2015-08-10 11:34 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\BitTorrent
2015-08-02 17:36 - 2015-08-10 11:11 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\ViberPC
2015-08-02 17:36 - 2015-08-02 17:36 - 00000989 _____ C:\Documents and Settings\Administrador\Menú Inicio\Programas\Viber.lnk
2015-08-02 17:36 - 2015-08-02 17:36 - 00000983 _____ C:\Documents and Settings\Administrador\Escritorio\Viber.lnk
2015-08-02 17:35 - 2015-08-10 11:10 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber
2015-07-31 20:37 - 2015-08-10 11:07 - 00000526 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-07-31 20:37 - 2015-07-31 20:37 - 00000000 ___RD C:\Documents and Settings\Administrador\Mis documentos\HP Photo Creations
2015-07-31 20:29 - 2015-07-31 20:37 - 00002045 _____ C:\Documents and Settings\Administrador\Escritorio\HP Photo Creations.lnk
2015-07-31 20:29 - 2015-07-31 20:29 - 00000000 ____D C:\Documents and Settings\Administrador\Menú Inicio\Programas\HP
2015-07-31 20:28 - 2015-07-31 20:37 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\HP Photo Creations
2015-07-31 20:28 - 2015-07-31 20:28 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\Visan
2015-07-30 17:33 - 2015-07-30 17:33 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Visan
2015-07-30 17:33 - 2015-07-30 17:33 - 00000000 ____D C:\Archivos de programa\Hewlett-Packard
2015-07-30 17:32 - 2015-08-09 17:32 - 00000470 _____ C:\WINDOWS\Tasks\At3.job
2015-07-30 17:32 - 2015-08-08 20:40 - 00000470 _____ C:\WINDOWS\Tasks\At2.job
2015-07-30 17:32 - 2015-08-08 14:00 - 00000470 _____ C:\WINDOWS\Tasks\At4.job
2015-07-30 17:32 - 2015-08-07 10:10 - 00000470 _____ C:\WINDOWS\Tasks\At1.job
2015-07-30 17:32 - 2015-07-31 20:29 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\HP
2015-07-30 17:32 - 2012-12-15 19:47 - 02525368 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrv_DJ1510.dll
2015-07-30 17:32 - 2012-12-15 19:47 - 00417464 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia1_DJ1510.dll
2015-07-30 17:31 - 2012-12-15 19:47 - 00536760 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsc111.dll
2015-07-30 17:31 - 2012-12-15 19:47 - 00271032 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsc111LM.dll
2015-07-30 17:31 - 2012-12-15 19:47 - 00222904 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkcoic111.dll
2015-07-30 17:31 - 2012-12-15 17:45 - 02220216 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkinsc111.exe
2015-07-30 17:29 - 2015-07-30 17:29 - 00000057 _____ C:\Documents and Settings\All Users\Datos de programa\Ament.ini
2015-07-30 17:25 - 2015-07-30 17:25 - 00000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio\Programas\Herramientas administrativas
2015-07-24 14:30 - 2015-08-08 23:14 - 00000918 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-24 09:40 - 2015-07-30 12:37 - 00002347 _____ C:\Documents and Settings\All Users\Menú Inicio\Programas\Adobe Reader X.lnk
2015-07-24 09:39 - 2015-07-30 12:35 - 00000000 ____D C:\Archivos de programa\Archivos comunes\Adobe
2015-07-19 01:22 - 2015-07-24 14:30 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-19 01:22 - 2015-07-24 14:30 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 11:31 - 2013-01-10 00:08 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\Skype
2015-08-10 11:20 - 2008-10-07 20:48 - 00000471 _____ C:\WINDOWS\wiadebug.log
2015-08-10 11:18 - 2008-11-17 22:09 - 00000298 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-08-10 11:11 - 2008-10-08 02:52 - 01436989 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-10 11:10 - 2009-11-01 17:31 - 00001038 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-10 11:09 - 2009-11-01 17:31 - 00001034 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-10 11:09 - 2008-10-08 03:19 - 00000548 _____ C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
2015-08-10 11:09 - 2008-10-08 02:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-10 11:09 - 2008-10-07 20:48 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-08-10 11:09 - 2001-08-24 05:00 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-10 11:08 - 2008-10-08 02:57 - 00032608 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-10 11:08 - 2008-10-08 02:57 - 00000192 ___SH C:\Documents and Settings\Administrador\ntuser.ini
2015-08-09 22:24 - 2008-10-07 20:46 - 00000000 ____D C:\Archivos de programa
2015-08-09 22:24 - 2008-10-07 20:45 - 00000000 ___RD C:\Documents and Settings\All Users\Menú Inicio\Programas
2015-08-09 22:24 - 2008-10-07 20:45 - 00000000 ____D C:\Documents and Settings\All Users\Escritorio
2015-08-09 21:46 - 2015-01-20 09:05 - 00000454 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2015-08-09 21:46 - 2015-01-20 09:05 - 00000454 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2015-08-09 15:34 - 2008-10-08 03:37 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-08-09 15:33 - 2015-01-20 09:05 - 00000454 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2015-08-09 15:18 - 2008-10-07 20:45 - 00317952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-08 23:41 - 2014-06-14 18:51 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\.ACEStream
2015-08-08 21:16 - 2013-12-03 22:31 - 00013068 _____ C:\WINDOWS\system32\TZLog.log
2015-08-08 21:14 - 2014-12-03 21:42 - 00478656 _____ C:\WINDOWS\system32\perfh0c0.dat
2015-08-08 21:14 - 2014-12-03 21:42 - 00075654 _____ C:\WINDOWS\system32\perfc0c0.dat
2015-08-08 21:14 - 2008-10-07 20:46 - 01350710 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-08 21:06 - 2014-10-31 13:37 - 00002307 _____ C:\Documents and Settings\All Users\Escritorio\Skype.lnk
2015-08-08 18:54 - 2008-10-08 02:57 - 00000000 __SHD C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet
2015-08-08 18:32 - 2008-10-08 02:57 - 00000000 ___RD C:\Documents and Settings\Administrador\Mis documentos
2015-08-08 18:22 - 2008-10-08 15:47 - 00002507 _____ C:\Documents and Settings\Administrador\Escritorio\Microsoft Office Word 2007.lnk
2015-08-08 16:10 - 2008-10-08 02:57 - 00000000 ___HD C:\Documents and Settings\Administrador\Configuración local\Datos de programa
2015-08-08 12:47 - 2009-01-29 17:51 - 00000972 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2015-08-07 23:32 - 2008-10-07 20:45 - 00000000 ___HD C:\Documents and Settings\All Users\Datos de programa
2015-08-07 22:45 - 2008-10-08 02:57 - 00000000 ___HD C:\Documents and Settings\Administrador\Datos de programa
2015-08-07 22:42 - 2011-12-18 08:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-08-07 22:30 - 2009-01-31 23:42 - 00000000 ____D C:\Archivos de programa\SUPERAntiSpyware
2015-08-07 22:30 - 2008-10-07 20:45 - 00000000 ___RD C:\Documents and Settings\All Users\Menú Inicio
2015-08-07 22:27 - 2008-10-08 02:57 - 00000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio\Programas
2015-08-07 22:25 - 2008-10-07 20:45 - 00000000 ___RD C:\Documents and Settings\All Users\Documentos
2015-08-07 22:24 - 2013-05-24 09:15 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\AVAST Software
2015-08-07 19:35 - 2015-03-10 20:59 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Package Cache
2015-08-07 19:19 - 2008-10-08 02:57 - 00000000 ____D C:\Documents and Settings\Administrador
2015-08-07 16:35 - 2008-10-08 02:57 - 00000000 ____D C:\Documents and Settings\Administrador\Escritorio
2015-08-07 15:47 - 2008-10-08 02:57 - 00000000 ___RD C:\Documents and Settings\Administrador\Mis documentos\Mis imágenes
2015-08-06 19:00 - 2009-08-29 22:55 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\HpUpdate
2015-08-06 13:17 - 2013-01-10 00:08 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Skype
2015-08-04 22:30 - 2013-02-23 09:32 - 00973590 _____ C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-S-1-5-21-1343024091-1425521274-725345543-500-0.dat
2015-08-04 22:30 - 2013-02-22 20:12 - 00237590 _____ C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-System.dat
2015-08-04 20:13 - 2010-02-16 21:20 - 00001874 _____ C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
2015-08-04 12:15 - 2008-10-08 02:57 - 00000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio
2015-08-03 22:10 - 2011-07-15 14:16 - 00001984 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-08-03 21:06 - 2008-11-01 13:25 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-03 21:06 - 2008-10-08 03:27 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-08-03 08:33 - 2013-11-11 13:15 - 00000000 ____D C:\Archivos de programa\LG Electronics
2015-08-03 08:32 - 2013-12-26 22:49 - 00000806 _____ C:\Documents and Settings\All Users\Menú Inicio\LG PC Suite.Lnk
2015-08-03 08:32 - 2013-11-21 21:20 - 00000806 _____ C:\Documents and Settings\All Users\Escritorio\LG PC Suite.Lnk
2015-08-03 08:32 - 2013-11-11 13:16 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\LG PC Suite
2015-07-30 19:28 - 2014-11-07 12:52 - 00000000 ____D C:\FreeOCR
2015-07-30 19:21 - 2008-10-08 03:18 - 00000000 ____D C:\Archivos de programa\CyberLink
2015-07-30 19:21 - 2008-10-07 20:46 - 00000000 ____D C:\Archivos de programa\Archivos comunes
2015-07-30 17:58 - 2014-10-05 07:58 - 03399577 _____ C:\lxceunst.csv
2015-07-30 17:57 - 2012-05-23 13:57 - 00477662 _____ C:\lxcescan.log
2015-07-30 17:35 - 2008-10-08 02:57 - 00000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio
2015-07-30 17:29 - 2008-10-09 19:51 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Datos de programa\HP
2015-07-30 17:29 - 2008-10-08 17:04 - 00000000 ____D C:\Archivos de programa\HP
2015-07-30 15:55 - 2009-06-02 14:15 - 00000000 ____D C:\Archivos de programa\Lx_cats
2015-07-30 13:57 - 2008-10-24 16:47 - 00000000 ___RD C:\Documents and Settings\Administrador\Mis documentos\Mis vídeos
2015-07-30 12:27 - 2009-02-27 20:05 - 00057856 _____ C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-30 07:56 - 2008-10-08 03:16 - 00000000 ____D C:\Documents and Settings\All Users\Datos de programa\Adobe
2015-07-29 22:14 - 2014-08-15 14:40 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Adobe
2015-07-29 22:14 - 2009-11-02 20:36 - 00000000 ____D C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Temp
2015-07-29 22:14 - 2008-10-08 18:12 - 00000000 ____D C:\Documents and Settings\Administrador\Datos de programa\Adobe
2015-07-29 22:13 - 2008-10-09 20:24 - 00000000 ____D C:\Documents and Settings\Administrador\Mis documentos\Mis archivos recibidos
2015-07-27 11:18 - 2008-10-08 02:56 - 00000000 __SHD C:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet
2015-07-26 18:05 - 2008-10-08 03:31 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2015-07-26 18:02 - 2008-10-08 02:57 - 00000000 __SHD C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet
2015-07-24 09:39 - 2008-10-08 03:16 - 00000000 ____D C:\Archivos de programa\Adobe
2015-07-19 00:48 - 2009-09-21 21:45 - 00000000 ____D C:\Documents and Settings\Administrador\Mis documentos\Descargas
2015-07-15 10:11 - 2013-05-24 09:22 - 00000000 ____D C:\Documents and Settings\All Users\Menú Inicio\Programas\Google Drive
2015-07-11 14:50 - 2015-07-09 15:43 - 00000000 ____D C:\Archivos de programa\Mozilla Firefox
2015-07-11 14:50 - 2012-06-06 21:45 - 00000000 ____D C:\Archivos de programa\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2010-11-21 19:14 - 2010-11-21 19:14 - 0000036 ____H () C:\Documents and Settings\Administrador\Datos de programa\swk.ini
2009-02-27 20:05 - 2015-07-30 12:27 - 0057856 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-09 19:50 - 2008-10-09 19:50 - 0000142 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\fusioncache.dat

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some files in TEMP:
====================
C:\Documents and Settings\Administrador\Configuración local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-08-2015
Ran by Administrador (2015-08-10 11:36:19)
Running from C:\Documents and Settings\Administrador\Mis documentos\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1343024091-1425521274-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrador
Asistente de ayuda (S-1-5-21-1343024091-1425521274-725345543-1000 - Limited - Disabled)
ASPNET (S-1-5-21-1343024091-1425521274-725345543-1004 - Limited - Enabled)
Invitado (S-1-5-21-1343024091-1425521274-725345543-501 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1343024091-1425521274-725345543-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
7art Astro Clock © 2008 by 7art-screensavers.com (HKLM\...\7art Astro Clock Screensaver_is1) (Version: 3.1 - 7art-screensavers.com SoftWare Development Studio)
Ace Stream Media 2.2.5-next (HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\AceStream) (Version: 2.2.5-next - Ace Stream Media) <==== ATTENTION
Actualización de seguridad para Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows XP (KB2922229) (HKLM\...\KB2922229) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Actualización para Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Actualización para Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.0.303.433 - ALPS ELECTRIC CO., LTD.)
Apple Application Support (32 bits) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 2.0.9 (HKLM\...\Ares) (Version: 2.0.9-Build#3030 - Ares Development Group)
Ashampoo Burning Studio 14 (HKLM\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 8.09 (HKLM\...\Ashampoo Burning Studio 8_is1) (Version: 8.0.9 - ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Barra de herramientas de Outlook de Windows Live (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Bejeweled Blitz (HKLM\...\Bejeweled Blitz) (Version: - PopCap Games)
BitTorrent (HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\BitTorrent) (Version: 7.9.3.40761 - BitTorrent Inc.)
Bloqueador de ventanas emergentes (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 43.3.3.185 - Comodo)
Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007 (HKLM\...\{90120000-00B2-0C0A-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Compresor WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Detector de suministros de Windows Live Toolbar (Windows Live Toolbar) (Version: 03.01.0073 - Microsoft Corporation) Hidden
Diner Dash 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115375127}) (Version: - Oberon Media)
DWG TrueView 2008 (HKLM\...\DWG TrueView 2008) (Version: 17.1.65.0 - )
DWG TrueView 2008 (Version: 17.1.65.0 - Autodesk) Hidden
Estudio para la mejora del producto HP Deskjet 1510 series (HKLM\...\{05D7F10A-A9BC-418F-911A-44E22A9B00F2}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Extensión de Windows Live Toolbar (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Facebook Plug-In (HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Galería fotográfica de Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HashCalc 2.02 (HKLM\...\HashCalc_is1) (Version: - SlavaSoft Inc.)
HDView for Internet Explorer (HKLM\...\{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}) (Version: 1.0.20 - Microsoft Research)
Herramienta de carga de Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Deskjet 1510 series Ayuda (HKLM\...\{6E20FBAA-BCB2-4429-A9A9-C8EED1254BE4}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet 1510 series Software básico del dispositivo (HKLM\...\{0368A88C-B63A-44D5-ABD0-44EBE0F32777}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Photo Creations (HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\HP Photo Creations) (Version: 1.0.0.18922 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
InfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
InterActual Player (HKLM\...\InterActual Player) (Version: - )
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
LG PC Suite (HKLM\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Menús inteligentes (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Spanish Language Pack (HKLM\...\{83169D43-4660-4347-BC95-E9D6E6BE65CE}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN (HKLM\...\{85AC0FFA-643D-3103-9310-7086ECB0C36C}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN (HKLM\...\{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0C0A-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Student con Encarta Premium 2008 (HKLM\...\{08141881-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 es-ES) (HKLM\...\Mozilla Firefox 39.0 (x86 es-ES)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MP4 Player (HKLM\...\MP4 Player) (Version: - )
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Nero 8 Lite 8.1.1.3 (HKLM\...\Nero8Lite_is1) (Version: 8.1.1.3 - Updatepack.nl)
OneCare Advisor (Windows Live Toolbar) (Version: 03.00.2050 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - esn) (Version: - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PhotoFiltre (HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\PhotoFiltre) (Version: - )
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Print Perfect Greeting Cards Deluxe (HKLM\...\{1A8727D8-90A5-4D4B-981F-7323875E8DD4}) (Version: 9.0.10 - Cosmi Corporation)
Puzzle Express (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}) (Version: - Oberon Media)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.13.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5519 - Realtek Semiconductor Corp.)
Reproductor de Windows Media 11 (HKLM\...\Windows Media Player) (Version: - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
Skype™ 7.7 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities 2008 (HKLM\...\{5888428E-699C-4E71-BF71-94EE06B497DA}) (Version: 7.0.8004 - TuneUp Software)
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Viber (HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\Viber) (Version: 5.0.1.42 - Viber Media Inc)
VideoLAN VLC media player 0.8.6d (HKLM\...\VLC media player) (Version: 0.8.6d - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp AudioPlayer (HKLM\...\{5643BB6D-14ED-4EF4-AB38-4F9CD208674C}) (Version: 5.3.5.1305 - Nullsoft, Inc.)
Windows Essentials Media Codec Pack 4.0 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Live Asistente para el inicio de sesión (HKLM\...\{7593234B-2AEB-4FC9-B02D-C9B30D86084C}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Favorites para Windows Live Toolbar (HKLM\...\{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}) (Version: 03.01.0072 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
XP Codec Pack (HKLM\...\XP Codec Pack) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1343024091-1425521274-725345543-500_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Documents and Settings\Administrador\Datos de programa\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-1343024091-1425521274-725345543-500_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Archivos de programa\DWG TrueView 2008\DWGVIEWRficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1425521274-725345543-500_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1343024091-1425521274-725345543-500_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}\localserver32 -> C:\Archivos de programa\DWG TrueView 2008\DWGVIEWR.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1425521274-725345543-500_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Archivos de programa\DWG TrueView 2008\DWGVIEWR.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-1425521274-725345543-500_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Documents and Settings\Administrador\Datos de programa\HP Photo Creations\RLPNUpload.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-1343024091-1425521274-725345543-500_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Documents and Settings\Administrador\Datos de programa\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-1343024091-1425521274-725345543-500_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Documents and Settings\Administrador\Datos de programa\HP Photo Creations\ContentMan.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-1343024091-1425521274-725345543-500_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Documents and Settings\Administrador\Datos de programa\HP Photo Creations\RocketEngine.dll (Visan inc.)

==================== Restore Points =========================

30-07-2015 18:36:30 Punto de control del sistema
30-07-2015 19:20:41 Configurado PowerDVD
02-08-2015 20:00:52 Punto de control del sistema
03-08-2015 08:34:00 Install LG UNITED Drivers
04-08-2015 13:40:34 Punto de control del sistema
05-08-2015 17:35:57 Punto de control del sistema
07-08-2015 11:45:22 Punto de control del sistema
07-08-2015 16:33:34 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
07-08-2015 16:36:52 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
07-08-2015 22:27:41 avast! antivirus system restore point
07-08-2015 22:42:10 Installed Windows XP Wdf01009.
08-08-2015 11:07:44 Removed PC Connectivity Solution
08-08-2015 20:46:44 Software Distribution Service 3.0
09-08-2015 01:04:52 Software Distribution Service 3.0
09-08-2015 17:48:50 Software Distribution Service 3.0
09-08-2015 21:00:15 Software Distribution Service 3.0
09-08-2015 23:32:36 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-24 05:00 - 2001-08-24 05:00 - 00000792 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Archivos de programa\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Archivos de programa\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Archivos de programa\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Archivos de programa\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Archivos de programa\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => 0x01050100EC03B8E5EEE8274D8F7B72A360228AA646009401000000003C000500200000000 014730F0000000003130400F000882100000000000000000000000000000000000045004300 3A005C004100720063006800690076006F0073002000640065002000700072006F006700720 061006D0061005C0043004F004D004F0044004F005C0043004F004D004F0044004F00200049 006E007400650072006E00650074002000530065006300750072006900740079005C0063006 600700063006F006E00660067002E00650078006500000038002D002D006C00610075006E00 630068005300630068006500640075006C00650020007B00300046004200370037003600370 034002D0037003900300035002D0034004600330034002D0041003300360032002D00430035 0041003900410032003600460038004300460039007D00000000001F0043004F004D004F004 4004F00200053006500630075007200690074007900200053006F006C007500740069006F00 6E007300200049006E0063002E0000000000000008000F13048000000000010030000000DF0 701001400000000000000090005000000000000000000000000000500000001000000000000 0000000000
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Archivos de programa\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Archivos de programa\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Archivos de programa\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Archivos de programa\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Archivos de programa\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Documents and Settings\Administrador\Datos de programa\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job => C:\Archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe
Task: C:\WINDOWS\Tasks\Notificación de inicio de sesión de fin de servicio de Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Notificación mensual de fin de servicio de Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-07 22:40 - 2015-08-07 22:40 - 00102864 _____ () C:\Archivos de programa\AVAST Software\Avast\log.dll
2015-08-07 22:40 - 2015-08-07 22:40 - 00123976 _____ () C:\Archivos de programa\AVAST Software\Avast\JsonRpcServer.dll
2015-08-10 10:45 - 2015-08-10 10:45 - 02960384 _____ () C:\Archivos de programa\AVAST Software\Avast\defs\15081002\algo.dll
2009-06-02 14:15 - 2005-03-16 04:08 - 00032768 _____ () C:\WINDOWS\system32\LXPRMON.DLL
2015-03-11 13:20 - 2011-02-28 17:37 - 00180624 _____ () C:\WINDOWS\system32\Primomonnt.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\libxml2.dll
2015-08-07 22:40 - 2015-08-07 22:40 - 40540672 _____ () C:\Archivos de programa\AVAST Software\Avast\libcef.dll
2004-08-19 15:42 - 2008-04-14 07:48 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2007-05-23 13:01 - 2007-05-23 13:01 - 00269080 _____ () C:\Archivos de programa\Archivos comunes\Microsoft Shared\Reference 2008\ERSREGPR.DLL
2007-05-23 13:01 - 2007-05-23 13:01 - 00228120 _____ () C:\Archivos de programa\Archivos comunes\Microsoft Shared\Reference 2008\MSENCDAT.DLL
2007-05-23 13:01 - 2007-05-23 13:01 - 00178968 _____ () C:\Archivos de programa\Archivos comunes\Microsoft Shared\Reference 2008\ENCCONT.DLL
2007-05-23 13:01 - 2007-05-23 13:01 - 00351000 _____ () C:\Archivos de programa\Archivos comunes\Microsoft Shared\Reference 2008\MSENCXML.DLL
2007-05-23 13:00 - 2007-05-23 13:00 - 00068376 _____ () C:\Archivos de programa\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICTEIT.EBK
2015-08-02 17:35 - 2015-02-25 08:37 - 00776400 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\Viber.exe
2015-08-02 17:36 - 2015-02-25 08:36 - 49469440 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\libViber.dll
2015-08-02 17:36 - 2015-01-09 06:54 - 00769024 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\libGLESv2.dll
2015-08-02 17:36 - 2015-02-25 08:13 - 00104448 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\qfacebook.dll
2015-08-02 17:35 - 2015-02-25 08:13 - 00171008 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\exif.dll
2015-08-02 17:36 - 2014-06-30 02:11 - 00047104 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\libEGL.dll
2015-08-02 17:36 - 2014-08-20 10:13 - 00875008 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\platforms\qwindows.dll
2015-08-02 17:36 - 2014-06-30 02:17 - 00021504 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\imageformats\qgif.dll
2015-08-02 17:36 - 2014-06-30 02:17 - 00020992 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\imageformats\qico.dll
2015-08-02 17:36 - 2014-06-30 02:17 - 00204800 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\imageformats\qjpeg.dll
2015-08-02 17:36 - 2014-06-30 02:20 - 00218112 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\imageformats\qmng.dll
2015-08-02 17:36 - 2014-06-30 02:18 - 00015872 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\imageformats\qsvg.dll
2015-08-02 17:36 - 2014-06-30 02:20 - 00015360 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\imageformats\qtga.dll
2015-08-02 17:36 - 2014-06-30 02:21 - 00307712 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\imageformats\qtiff.dll
2015-08-02 17:36 - 2014-06-30 02:20 - 00014848 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\imageformats\qwbmp.dll
2015-08-02 17:36 - 2014-06-30 02:17 - 00635392 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\sqldrivers\qsqlite.dll
2015-08-02 17:36 - 2014-06-30 02:18 - 00026624 _____ () C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Viber\5.0.1.42\iconengines\qsvgicon.dll
2015-08-04 20:13 - 2015-07-31 01:19 - 16308040 _____ () C:\Archivos de programa\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer .dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Datos de programa\TEMP:0971B5CA
AlternateDataStreams: C:\Documents and Settings\All Users\Datos de programa\TEMP:C46995DA
AlternateDataStreams: C:\Documents and Settings\All Users\Datos de programa\TEMP:DCAF903C

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1343024091-1425521274-725345543-500\...\microsoft.com -> hxxps://oas.support.microsoft.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1343024091-1425521274-725345543-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 190.157.8.33 - 181.48.0.231
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de HP Photosmart Premier.lnk => C:\WINDOWS\pss\Inicio rápido de HP Photosmart Premier.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Start GeekBuddy.lnk => C:\WINDOWS\pss\Start GeekBuddy.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Status Monitor.lnk => C:\WINDOWS\pss\Status Monitor.lnkCommon Startup
MSCONFIG\startupreg: AceStream => C:\Documents and Settings\Administrador\Datos de programa\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Archivos de programa\Archivos comunes\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ares => "C:\Archivos de programa\Ares\Ares.exe" -h
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Archivos de programa\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: COMODO Internet Security => C:\Archivos de programa\COMODO\COMODO Internet Security\cistray.exe
MSCONFIG\startupreg: ControlCenter2.0 => C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe /autorun
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: EzPrint => "C:\Archivos de programa\Lexmark 4300 Series\ezprint.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Archivos de programa\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: HDAudDeck => C:\Archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe 1
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: IndexSearch => C:\Archivos de programa\ScanSoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Archivos de programa\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: L08EXLRD_1088125 => "C:\Archivos de programa\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE" -m
MSCONFIG\startupreg: L08EXLRD_6187593 => "C:\Archivos de programa\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE" -m
MSCONFIG\startupreg: L08EXLRD_951531 => "C:\Archivos de programa\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE" -m
MSCONFIG\startupreg: lxcemon.exe => "C:\Archivos de programa\Lexmark 4300 Series\lxcemon.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\ARCHIV~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSMSGS => "C:\Archivos de programa\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: msnmsgr => "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PaperPort PTD => C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Archivos de programa\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Archivos de programa\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: PlusService => C:\Archivos de programa\Yuna Software\Messenger Plus!\PlusService.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RemoteControl8 => "C:\Archivos de programa\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SetDefPrt => C:\Archivos de programa\Brother\Brmfl04a\BrStDvPt.exe
MSCONFIG\startupreg: Sonic PDF Print Dispatcher => D:\PROGRAMS\Sonic PDF\3.0\itSONPrnDisp.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Archivos de programa\Archivos comunes\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: TelefonicaTelecom_McciTrayApp => "C:\Archivos de programa\TelefonicaTelecom\McciTrayApp.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Archivos de programa\Archivos comunes\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: UpdateFlow.TelefonicaTelecom => C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE file://C:\Archivos de programa\TelefonicaTelecom\OfflineUpdate\redirector.htm

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe] => Enabled:CyberLink PowerDVD 8.0
DomainProfile\AuthorizedApplications: [C:\Archivos de programa\MSN Messenger\livecall.exe] => Enabled:Windows Live Messenger 8.1 (Phone)
DomainProfile\AuthorizedApplications: [C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\CyberLink\PowerDVD8\PowerDVD8.exe] => Enabled:CyberLink PowerDVD 8.0
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Ares\Ares.exe] => Enabled:Ares p2p for windows
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\MSN Messenger\livecall.exe] => Enabled:Windows Live Messenger 8.1 (Phone)
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe] => Enabled:Media Player Classic - Home Cinema
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\StreamTorrent 1.0\StreamTorrent.exe] => Enabled:StreamTorrent Media Player
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\iCall\iCall.exe] => Enabled:iCall
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\FrostWire 5\FrostWire.exe] => Enabled:FrostWire
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Free Online TV\vlc\vlc.exe] => Enabled:VLC media player
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Bonjour\mDNSResponder.exe] => Enabled:Servicio Bonjour
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Ejecutar un archivo DLL como una aplicación
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrador\Datos de programa\ACEStream\engine\ace_engine.exe] => Enabled:AceStream
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Advanced Driver Updater\adu.exe] => Enabled:AdvancedDriverUpdater
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrador\Datos de programa\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Archivos de programa\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\HP\HP Deskjet 1510 series\Bin\USBSetup.exe] => :LocalSubNet:Enabled:Configuración del dispositivo HP (HP Deskjet 1510 series)
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:Comunicador de red HP COM (HP Deskjet 1510 series)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrador\Datos de programa\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent (Administrador)
StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Faulty Device Manager Devices =============

Name: Concentrador USB genérico
Description: Concentrador USB genérico
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Concentrador USB genérico)
Service: usbhub
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2015 03:39:20 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Transactions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (08/09/2015 03:39:20 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06

Error: (08/09/2015 03:39:19 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06

Error: (08/09/2015 03:39:19 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06

Error: (08/09/2015 03:39:19 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06

Error: (08/09/2015 03:39:19 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Runtime.Remoting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (08/09/2015 03:39:18 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Runtime.Remoting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (08/09/2015 03:39:18 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (08/09/2015 03:39:18 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (08/09/2015 03:39:17 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Windows.Input.Manipulations, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06


System errors:
=============
Error: (08/10/2015 11:17:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio avast! Antivirus.

Error: (08/10/2015 10:58:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Intervalo de espera (30000 ms.) para la respuesta de transacción del servicio avast! Antivirus.

Error: (08/08/2015 01:06:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El controlador de inicialización siguiente no se cargó correctamente:
IntelIde

Error: (08/08/2015 01:06:00 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (07/30/2015 02:37:59 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk6\D

Error: (07/30/2015 02:37:58 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk6\D

Error: (07/30/2015 02:37:57 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk6\D

Error: (07/30/2015 02:37:47 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk6\D

Error: (07/30/2015 02:37:46 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk6\D

Error: (07/30/2015 02:37:45 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk6\D


Microsoft Office:
=========================
Error: (02/14/2010 07:41:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 3062.23 MB
Available physical RAM: 1580.11 MB
Total Virtual: 5406.57 MB
Available Virtual: 4018.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.16 GB) (Free:5.66 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:109.88 GB) (Free:89.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: B334B7C0)
Partition 1: (Active) - (Size=39.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=109.9 GB) - (Type=OF Extended)

==================== End of log ============================

Radio Adverts Randomly Come On

August 10, 2015, 2:23 pm
$
0
0
Hello! I am somewhat experienced in removal but this one has me lost and annoyed. Randomly about once a day, while the internet browser is open, we get a loud person talking to us through the computer (no pop ups, just sound) and it's actually from 98.1 The Wolf, it's the morning person. I would personally like to punch this person :)

Nonetheless, I have used Malwarebytes, MB Anti-rootkit, TDSS Killer and ADW Cleaner. Nothing comes up, it said it got rid of something with ADW Cleaner but I don't quite understand that program or to find the log. I've also done some other logs and have looked through them but I have not a clue where it could be hiding...this is one persistent little bugger. So I ask for your assistance!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz, Intel64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 6013 Mb
Graphics Card: NVIDIA GeForce 9500 GT, 512 Mb
Hard Drives: C: Total - 244095 MB, Free - 197616 MB;
Motherboard: Dell Inc., 0GM819
Antivirus: avast! Antivirus, Updated and Enabled

update.exe failure

August 11, 2015, 1:14 pm
$
0
0
This is driving me zanny!! I am using Windows 7 on a Dell desktop computer about 4 years old. Every working fine except I keep getting a pop-up on my computer saying update.exe 0x752de5a8 failed. I haven't a clue what update.exe 0x752de5a8 is - other than Google saying it is NOT Windows related and that it could be a virus. I am using Avira Antivirus Pro and it does not detect anything. Further reading indicated it could be a hidden file in the C:\Program Files\Common files - which I could not find. I have been trying to kill this popup for last 2 weeks - but it is very persistent. Any help would be VERY MUCH appreciated!!!

computer still affected after complete HD wipe

August 11, 2015, 7:02 pm
$
0
0
My Asus model cm6870 gets heavy use from the family. At some time I believe it had acquired a virus. The computer started to run extremely slow. Running programs, opening folders and even task manager would never open and if they did they would become not responsive. I had Norton 360 and Hitman which would find some malware and supposedly removed it yet the problem still persists. Eventually the HD completely crashed and the computer would only boot to the insert boot device and press any key screen. Since i had backed up my files on an external HD I wiped the Asus HD with DBAN and reinstalled Windows 7. The computer seemed to be fine at first but soon went back to the same result. I wiped it again and this time downloaded nothing but updated drivers (from the manufactures website) and still the problem persists. I would run a TSG Sysinfo but the computer is basically unusable at this point. Can a virus affect a computer beyond the hard drive or is the computer simply breaking down?

specs:
asus cm 6870
windows 7 64bit
intel i7 processor
16 mb RAM

Thank you in advance to anyone with any info on this.

HELP! i think i have a RAT installed

August 12, 2015, 4:42 am
$
0
0
Hey there guys, i recently got a new computer from a guy. i know for a fact that he uses RAT tools at home and i am a little worried he might have ratted me. i ran an avast full scan and found a bunch of php shell stuff... i know enough about this stuff to know that someone is having a peek...... so any help in this are would be most appreciated.. and if it helps i know he uses dark-comet.


picture of the scan provided here
upload gambar
Search

Autoclicks on Windows 7

August 12, 2015, 11:14 am
$
0
0
Hi everyone I just have a quick question.

So I have a PC in my living room and I hear like auto mouse clicking sounds, but its not actually clicking anything, but all I hear is clicking sounds. Its not all the time. I am not sure if its a malware or anything. I have tried Malwarebytes and antivirus and even reinstalling windows(BTW its a win 7).

So any suggestions on fixing it?

Slow Running Lap Top

August 12, 2015, 4:24 pm
$
0
0
Can I have my Lap Top Cleaned up and restore like new. I do have problems

Possible Malware

August 12, 2015, 11:34 pm
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4002 Mb
Graphics Card: Intel(R) HD Graphics Family, 1809 Mb
Hard Drives: C: Total - 593551 MB, Free - 525907 MB;
Motherboard: TOSHIBA, PEQAA
Antivirus: Kaspersky Internet Security, Updated and Enable

My laptop is running slower than usual. Out of the blue, I get a pop up, that what I believe to be malware. I might be right in the middle of looking something up on the internet. Or, I might be looking at my email. When all of a sudden the screen changes from where I'm at, to what says rover.ebay.com. I have noticed it pops up more often after I visit Ebay's website. Please advise! Thank you!

google not opening in internet explorer

August 13, 2015, 10:48 am
$
0
0
i m using windows xp . suddenly the internet explorer has stopped opening the google search site. All other ites are opening. Can anyone hel-p. I have used hitman-pro , malwarebytes antimalware pro , ESET online scan ......and avast . still not solved the problem . google not opening i9n ie-8.

Possible vbs/agent infection

August 13, 2015, 2:39 pm
$
0
0
Hi guys and thanks in advance for any help you can give me.
A couple of days ago I noticed something flash up so quickly ran a scan with avg to be told vbs/agent had infected this computer.It seemed to be moved and healed so didn't think too much more of it.Sadly it seems webpages will no longer open,passwords won't be accepted etc so wondered if you had any ideas.I am not able to download TSG sysinfo so will type out what I can find.

System Information

Windows 10 home

System

Processor Intel(R)Core(TM)i3-5010U CPU@ 210GHz
Installed memory (RAM) 8.00GB
System type 64-bit Operating System,x64-based processor

Its a HP Pavillion Laptop using AVG protection
Any ideas?

Google (Moved from Windows 8 forum)

August 13, 2015, 5:08 pm
$
0
0
While trying type in google search this pops up in search box sunbeam mixer bread attachments can not get rid -i clear out start type again same thing -i had to go to yahoo to do a search--crazy i have 2 laptops same problem and message--almost makes me think Google been hacked--any ideas

Possable Malware

August 13, 2015, 6:44 pm
$
0
0
So I think I might have malware. I noticed before I upgraded to win 10 I was using Win 7. Would notice that random keyboard keys would stop working. For example would try to type the number 6 on both the top part of the keyboard and then on number pad. the num lock buton was on and still wouldn't work. A restart fixed it. Then Other random keys would do the same. Took it to a repair shop and they said the drivers and wiring on my notebook where fine. I have tried using Norton, Malware bytes and adw. Nothing shows up, but malware bytes and adw both seem to skip the root kit scan even though its clicked. Tried downloading Farbar and that won't even run. (could be a compatibility issue.) I also noticed that my downloads sometimes act funny. Feels like I'm possibly being redirected or proxyed onto another server (or other form of the internet. lol sounds funny but ive heard of such things.) Had to call Microsoft tech support just to be able to connect to their server to DL the windows 10 iso because the app wouldn't install and the tech couldn't figure out why. I have also had confirmed DDOS attacks which started with my xbox one and are now affecting my computer. Both my gmail and outlook email where hacked into. My Girlfriends gmail just had an attempt to be logged into so I'm thinking its malware, spyware, and or keyloggers. They could have verified the security certificts and renamed the software to avoid it from being removed. I also notice that at times my cpu locks up in win 7 and now in win 10. Don't know what to do. Could use the help.

Hp Pavillion G7
AMD A4-3300M APU
6gb Ram
Windows 10 64bit
Search
Viewing latest articles
Browse all 4746 Browse latest View live
More Pages to Explore .....
Search

Latest Images

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm
Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
First Pictures of the Eclipse ! ! !

First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm