Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rpcss.dll is infected with trojan.zekos.patched


  • This topic is locked This topic is locked
30 replies to this topic

#1 jimcrofts

jimcrofts

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 03 May 2014 - 10:50 PM

Hello, I really need help removing this virus.  About a week ago I noticed unwanted audio ads were playing in the background on our computer (Windows 7 64-bit).  Around that same time Microsoft Security Essentials reported and removed a virus but I didn't catch the name.  The audio ads stopped after that but the computer continued to have problems with svchost comsuming large amounts of memory.  I ran Malwarebytes and it found and quarantined the Trojan.zekos.patched virus in rpcss.dll. 

 

However, after quarantining the virus, my computer would only boot to a black screen and cursor.  I used my windows repair disk to restore back to before the quarantine and the computer now boots, but has the infected rpcss.dll file.  Also, which I am sure is related, windows updates now fail.

 

Can you advise me a way out of this mess?



BC AdBot (Login to Remove)

 


#2 jimcrofts

jimcrofts
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 04 May 2014 - 12:09 AM

Sorry to reply to my own post, but I have significant progress. At the time of my post on a whim I was running Malwarebytes' new beta Anti-rootkit software, which also found the Trojan.zekos.patched virus in rpcss.dll. But amazingly, afterward, the computer rebooted normally and windows updates were then successful as well.

So the computer seems to be working quite well now, but can you provide advice how I might be sure the computer is completely clean?

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 AM

Posted 05 May 2014 - 10:05 AM




Hello jimcrofts

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
.





I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
.





I would also like to get some extra information on one of the files on the computer

Run FRST like you did before and Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 jimcrofts

jimcrofts
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 05 May 2014 - 10:16 AM

Thank you Gringo.  As I am at work right now and the computer is home, I will run and send them later today!



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 AM

Posted 05 May 2014 - 10:56 AM

No problem and I will look for your reply later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 jimcrofts

jimcrofts
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 05 May 2014 - 08:40 PM

Here is the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by KoLet (administrator) on KOLET-PC on 05-05-2014 18:20:39
Running from C:\Users\KoLet\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Greenshot\Greenshot.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe [840072 2014-01-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1740763064-2415086497-2998570533-1001\...\Run: [EPSON Artisan 800(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE [221696 2008-04-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1740763064-2415086497-2998570533-1001\...\Run: [Google Update] => C:\Users\KoLet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-16] (Google Inc.)
HKU\S-1-5-21-1740763064-2415086497-2998570533-1001\...\Run: [Greenshot] => C:\Program Files (x86)\Greenshot\Greenshot.exe [548864 2010-07-12] ()
HKU\S-1-5-21-1740763064-2415086497-2998570533-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
HKU\S-1-5-21-1740763064-2415086497-2998570533-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1740763064-2415086497-2998570533-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1740763064-2415086497-2998570533-1001\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-1740763064-2415086497-2998570533-1001\...\MountPoints2: {68096730-4512-11e1-8508-386077e52639} - K:\LaunchU3.exe -a
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} https://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\KoLet\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\KoLet\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/?source=search_app"
CHR Plugin: (Shockwave Flash) - C:\Users\KoLet\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\KoLet\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\KoLet\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Google Update) - C:\Users\KoLet\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\KoLet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-16]
CHR Extension: (Google Search) - C:\Users\KoLet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-16]
CHR Extension: (Google Wallet) - C:\Users\KoLet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\KoLet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-16]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)

==================== Drivers (Whitelisted) ====================

S3 MEMSWEEP2; C:\Windows\system32\8CCE.tmp [6144 2010-05-26] (Sophos Plc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-05 18:20 - 2014-05-05 18:20 - 00014252 _____ () C:\Users\KoLet\Desktop\FRST.txt
2014-05-05 18:20 - 2014-05-05 18:20 - 00000000 ____D () C:\FRST
2014-05-05 18:19 - 2014-05-05 18:19 - 02063872 _____ (Farbar) C:\Users\KoLet\Desktop\FRST64.exe
2014-05-04 09:09 - 2014-05-04 09:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-03 21:54 - 2014-05-03 21:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 21:54 - 2014-04-29 07:14 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 21:54 - 2014-04-29 05:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 21:54 - 2014-04-29 05:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 21:54 - 2014-04-29 05:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 21:53 - 2014-04-13 19:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-03 21:53 - 2014-04-13 19:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 17:23 - 2014-05-03 17:30 - 00000530 _____ () C:\Windows\DtcInstall.log
2014-05-03 17:22 - 2014-05-04 09:09 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 17:21 - 2014-05-04 09:19 - 00000000 ____D () C:\Users\KoLet\Desktop\mbar
2014-05-03 17:19 - 2014-05-04 09:09 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-03 17:19 - 2014-05-03 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 17:19 - 2014-05-03 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 17:19 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-03 15:52 - 2014-05-03 15:52 - 00000000 ____D () C:\Users\KoLet\Desktop\TCPView
2014-04-28 19:20 - 2014-05-03 11:11 - 00273792 _____ () C:\Users\KoLet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-28 19:03 - 2014-04-28 19:03 - 00001884 _____ () C:\Windows\system32\cc_20140428_190333.reg
2014-04-28 18:58 - 2014-04-28 18:58 - 00007607 _____ () C:\Users\KoLet\AppData\Local\Resmon.ResmonCfg
2014-04-28 18:52 - 2014-04-28 18:52 - 00000085 _____ () C:\Windows\wininit.ini
2014-04-28 18:15 - 2014-04-28 18:15 - 00000000 ____D () C:\Users\KoLet\Documents\ProcAlyzer Dumps
2014-04-23 17:06 - 2014-04-23 17:06 - 00001992 _____ () C:\Users\Public\Desktop\Silhouette Studio.lnk
2014-04-23 17:05 - 2014-04-23 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silhouette Studio
2014-04-21 18:29 - 2014-04-21 18:32 - 00003892 _____ () C:\Windows\System32\Tasks\KoLet1
2014-04-21 18:29 - 2014-04-21 18:29 - 00003722 _____ () C:\Windows\System32\Tasks\KoLet1 Merge
2014-04-20 18:43 - 2014-04-20 18:43 - 00003504 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2014-04-20 18:43 - 2014-04-20 18:43 - 00003492 _____ () C:\Windows\System32\Tasks\KoLet DBAgent 2 0
2014-04-20 18:42 - 2014-04-20 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2014-04-20 18:41 - 2014-04-20 18:41 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-04-20 18:40 - 2014-04-20 18:40 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Seagate
2014-04-20 18:38 - 2014-04-20 18:38 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-04-20 18:37 - 2014-04-20 18:37 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Leadertech
2014-04-20 17:06 - 2014-04-20 17:06 - 00003292 _____ () C:\Windows\System32\Tasks\{1E284E38-00E6-49D8-AAFD-B1EA9A49FE07}
2014-04-20 17:02 - 2014-04-20 17:02 - 00003294 _____ () C:\Windows\System32\Tasks\{07F0C32B-C75F-44F7-8B80-DD4326019A87}
2014-04-19 14:15 - 2014-04-19 14:15 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Oracle
2014-04-19 14:10 - 2014-05-03 21:39 - 00003758 _____ () C:\Windows\PFRO.log
2014-04-19 14:04 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-19 14:03 - 2014-04-19 14:03 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-19 14:03 - 2014-04-19 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-19 14:03 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-19 14:03 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-19 14:03 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-16 09:23 - 2014-05-03 20:55 - 00000075 _____ () C:\Windows\system32\ryohfsa.ffg
2014-04-16 09:14 - 2014-04-16 09:14 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-04-16 09:13 - 2014-04-16 09:13 - 00000064 _____ () C:\Windows\system32\ijxyehi.upj
2014-04-16 09:13 - 2014-04-16 09:13 - 00000000 _____ () C:\Windows\system32\mpgl.cwa
2014-04-16 08:57 - 2014-04-16 08:57 - 00234915 ____S () C:\Windows\system32\afqmozy.jqg
2014-04-12 17:07 - 2014-04-12 17:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-12 17:05 - 2014-04-28 18:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-12 17:03 - 2014-04-12 17:03 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\KoLet\Downloads\spybot-2.2.exe
2014-04-12 16:56 - 2014-04-12 16:56 - 94296584 _____ (Silhouette America) C:\Users\KoLet\Downloads\silhouette-studio_v3.0.293.exe
2014-04-12 16:56 - 2014-04-12 16:56 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Silhouette America
2014-04-12 16:28 - 2014-05-05 07:57 - 00002072 _____ () C:\Windows\setupact.log
2014-04-12 16:28 - 2014-04-12 16:28 - 00765408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 16:28 - 2014-04-12 16:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-11 21:03 - 2014-03-12 23:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 21:03 - 2014-03-12 23:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 21:03 - 2014-03-12 23:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-11 21:03 - 2014-03-12 23:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 21:03 - 2014-03-12 23:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-11 21:03 - 2014-03-12 23:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 21:03 - 2014-03-12 23:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-11 21:03 - 2014-03-12 23:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 21:03 - 2014-03-12 23:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 21:03 - 2014-03-12 23:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 21:03 - 2014-03-12 23:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 21:03 - 2014-03-12 23:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-11 21:03 - 2014-03-12 23:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-11 21:03 - 2014-03-12 23:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-11 21:03 - 2014-03-12 22:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-11 21:03 - 2014-03-12 22:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-11 21:03 - 2014-03-12 22:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-11 21:03 - 2014-03-12 20:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-11 21:03 - 2014-03-12 20:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-11 21:01 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 21:01 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 21:01 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 21:01 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 21:01 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 21:01 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 21:01 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 21:01 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 21:01 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 21:01 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 21:01 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 21:01 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 21:01 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 21:01 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 21:01 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 21:01 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 21:01 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 14:57 - 2014-05-04 10:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-06 14:57 - 2014-04-06 14:57 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\com.aspexsoftware.studio_helper

==================== One Month Modified Files and Folders =======

2014-05-05 18:20 - 2014-05-05 18:20 - 00014252 _____ () C:\Users\KoLet\Desktop\FRST.txt
2014-05-05 18:20 - 2014-05-05 18:20 - 00000000 ____D () C:\FRST
2014-05-05 18:19 - 2014-05-05 18:19 - 02063872 _____ (Farbar) C:\Users\KoLet\Desktop\FRST64.exe
2014-05-05 18:00 - 2012-01-17 21:11 - 4174095360 _____ () C:\Users\KoLet\Outlook.pst
2014-05-05 18:00 - 2012-01-16 17:58 - 00000000 ____D () C:\Users\KoLet
2014-05-05 17:37 - 2012-06-16 13:01 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1740763064-2415086497-2998570533-1001UA.job
2014-05-05 15:53 - 2011-12-16 06:53 - 01890927 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 13:37 - 2012-06-16 13:01 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1740763064-2415086497-2998570533-1001Core.job
2014-05-05 08:05 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 08:05 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 08:02 - 2009-07-13 22:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-05 07:57 - 2014-04-12 16:28 - 00002072 _____ () C:\Windows\setupact.log
2014-05-05 07:57 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-04 10:01 - 2014-04-06 14:57 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-04 09:19 - 2014-05-04 09:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-04 09:19 - 2014-05-03 17:21 - 00000000 ____D () C:\Users\KoLet\Desktop\mbar
2014-05-04 09:09 - 2014-05-03 17:22 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 09:09 - 2014-05-03 17:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-03 21:54 - 2014-05-03 21:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 21:39 - 2014-04-19 14:10 - 00003758 _____ () C:\Windows\PFRO.log
2014-05-03 21:39 - 2010-11-21 00:16 - 00000000 ____D () C:\Windows\ShellNew
2014-05-03 20:55 - 2014-04-16 09:23 - 00000075 _____ () C:\Windows\system32\ryohfsa.ffg
2014-05-03 17:30 - 2014-05-03 17:23 - 00000530 _____ () C:\Windows\DtcInstall.log
2014-05-03 17:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-05-03 17:19 - 2014-05-03 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 17:19 - 2014-05-03 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 16:45 - 2012-01-16 21:27 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\EPSON
2014-05-03 16:45 - 2011-12-16 07:06 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-05-03 16:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
2014-05-03 16:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-03 16:41 - 2013-08-23 16:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-03 16:41 - 2012-04-11 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 16:41 - 2012-01-16 20:15 - 00000000 __RHD () C:\MSOCache
2014-05-03 16:41 - 2011-12-16 07:01 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-03 16:41 - 2011-11-08 01:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-03 15:52 - 2014-05-03 15:52 - 00000000 ____D () C:\Users\KoLet\Desktop\TCPView
2014-05-03 11:11 - 2014-04-28 19:20 - 00273792 _____ () C:\Users\KoLet\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-02 17:48 - 2013-12-29 19:02 - 00640000 ___SH () C:\Users\KoLet\Desktop\Thumbs.db
2014-04-29 07:14 - 2014-05-03 21:54 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 05:47 - 2014-05-03 21:54 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 05:36 - 2014-05-03 21:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 05:25 - 2014-05-03 21:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 21:31 - 2013-10-13 10:23 - 00000000 ____D () C:\Users\KoLet\Documents\Cameo
2014-04-28 19:18 - 2012-08-14 10:24 - 00000000 ____D () C:\Users\KoLet\AppData\Local\CrashDumps
2014-04-28 19:03 - 2014-04-28 19:03 - 00001884 _____ () C:\Windows\system32\cc_20140428_190333.reg
2014-04-28 18:58 - 2014-04-28 18:58 - 00007607 _____ () C:\Users\KoLet\AppData\Local\Resmon.ResmonCfg
2014-04-28 18:53 - 2014-04-12 17:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-28 18:52 - 2014-04-28 18:52 - 00000085 _____ () C:\Windows\wininit.ini
2014-04-28 18:52 - 2012-08-04 12:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-28 18:15 - 2014-04-28 18:15 - 00000000 ____D () C:\Users\KoLet\Documents\ProcAlyzer Dumps
2014-04-27 22:43 - 2013-09-08 15:21 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2014-04-23 17:06 - 2014-04-23 17:06 - 00001992 _____ () C:\Users\Public\Desktop\Silhouette Studio.lnk
2014-04-23 17:06 - 2014-04-23 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silhouette Studio
2014-04-23 17:06 - 2014-02-21 20:36 - 00000000 ____D () C:\Program Files (x86)\Silhouette Studio
2014-04-22 17:46 - 2014-01-11 21:35 - 00000000 ____D () C:\Users\KoLet\Documents\Young Women 2014
2014-04-21 18:32 - 2014-04-21 18:29 - 00003892 _____ () C:\Windows\System32\Tasks\KoLet1
2014-04-21 18:29 - 2014-04-21 18:29 - 00003722 _____ () C:\Windows\System32\Tasks\KoLet1 Merge
2014-04-21 09:44 - 2014-01-06 20:42 - 00012686 _____ () C:\Users\KoLet\Desktop\ebay invoice.xlsx
2014-04-20 18:43 - 2014-04-20 18:43 - 00003504 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2014-04-20 18:43 - 2014-04-20 18:43 - 00003492 _____ () C:\Windows\System32\Tasks\KoLet DBAgent 2 0
2014-04-20 18:43 - 2012-08-08 18:49 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Nero
2014-04-20 18:42 - 2014-04-20 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2014-04-20 18:42 - 2011-11-08 01:37 - 00000000 ____D () C:\ProgramData\Nero
2014-04-20 18:41 - 2014-04-20 18:41 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-04-20 18:40 - 2014-04-20 18:40 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Seagate
2014-04-20 18:40 - 2012-01-28 12:40 - 00000000 ____D () C:\ProgramData\Seagate
2014-04-20 18:38 - 2014-04-20 18:38 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-04-20 18:37 - 2014-04-20 18:37 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Leadertech
2014-04-20 17:06 - 2014-04-20 17:06 - 00003292 _____ () C:\Windows\System32\Tasks\{1E284E38-00E6-49D8-AAFD-B1EA9A49FE07}
2014-04-20 17:02 - 2014-04-20 17:02 - 00003294 _____ () C:\Windows\System32\Tasks\{07F0C32B-C75F-44F7-8B80-DD4326019A87}
2014-04-19 16:27 - 2012-01-16 18:09 - 00799604 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-19 14:15 - 2014-04-19 14:15 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Oracle
2014-04-19 14:04 - 2013-10-23 09:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-19 14:03 - 2014-04-19 14:03 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-19 14:03 - 2014-04-19 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-19 14:03 - 2013-06-23 20:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 09:14 - 2014-04-16 09:14 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-04-16 09:13 - 2014-04-16 09:13 - 00000064 _____ () C:\Windows\system32\ijxyehi.upj
2014-04-16 09:13 - 2014-04-16 09:13 - 00000000 _____ () C:\Windows\system32\mpgl.cwa
2014-04-16 08:57 - 2014-04-16 08:57 - 00234915 ____S () C:\Windows\system32\afqmozy.jqg
2014-04-16 08:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-14 20:13 - 2014-04-19 14:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-19 14:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-19 14:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-19 14:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 19:24 - 2014-05-03 21:53 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 19:19 - 2014-05-03 21:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 19:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 17:07 - 2014-04-12 17:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-12 17:04 - 2012-08-04 12:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-04-12 17:03 - 2014-04-12 17:03 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\KoLet\Downloads\spybot-2.2.exe
2014-04-12 16:56 - 2014-04-12 16:56 - 94296584 _____ (Silhouette America) C:\Users\KoLet\Downloads\silhouette-studio_v3.0.293.exe
2014-04-12 16:56 - 2014-04-12 16:56 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Silhouette America
2014-04-12 16:28 - 2014-04-12 16:28 - 00765408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 16:28 - 2014-04-12 16:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-12 16:26 - 2007-07-11 18:49 - 00000000 ____D () C:\Windows\Panther
2014-04-11 21:27 - 2012-01-16 20:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 21:26 - 2013-07-27 23:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 21:25 - 2012-01-16 20:01 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-11 20:54 - 2012-06-16 13:01 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-11 20:53 - 2012-01-16 20:15 - 00000000 ____D () C:\Users\KoLet\AppData\Local\Microsoft Help
2014-04-11 20:53 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-08 22:18 - 2012-08-19 19:43 - 00000000 ____D () C:\Users\KoLet\AppData\Local\CutePDF Writer
2014-04-07 13:45 - 2012-01-18 20:38 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\Image Zone Express
2014-04-06 15:38 - 2013-09-08 15:21 - 00000000 ____D () C:\ProgramData\com.aspexsoftware.Silhouette_Studio.license
2014-04-06 14:57 - 2014-04-06 14:57 - 00000000 ____D () C:\Users\KoLet\AppData\Roaming\com.aspexsoftware.studio_helper
2014-04-06 14:57 - 2013-09-08 15:21 - 00000000 ____D () C:\ProgramData\com.aspexsoftware.Silhouette_Studio.8

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-29 10:40

==================== End Of Log ============================

 

This is the Addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by KoLet at 2014-05-05 18:21:08
Running from C:\Users\KoLet\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Help Center 2.1 (x32 Version: 2.1 - Adobe Systems) Hidden
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 5.0 (x32 Version: 5.0 - Adobe Systems Inc.) Hidden
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2531.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotor 1.3.0 (HKLM-x32\...\Fotor) (Version: 1.3.0 - Everimaging Co., Ltd.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Gateway Incorporated)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Greenshot (HKLM-x32\...\Greenshot_is1) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
HP Photosmart Essential (HKLM-x32\...\{856D4888-3B48-4D0C-99D4-39AA7CF9DB2E}) (Version: 1.9.0.9 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM-x32\...\{F8AFEA7D-77BD-43F3-ADF7-EF71300BEFD2}) (Version: 16.4.1620.0719 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.11000.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.0.34.1 - Seagate)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}) (Version: 2.01.0109 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Silhouette Studio (HKLM-x32\...\{0706D4E8-C4DD-408C-94DA-4F7E8B3BCC66}) (Version: 3.0.343 - Silhouette America)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sophos Anti-Rootkit 1.5.4 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.4 - Sophos Plc)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

25-04-2014 14:45:43 Windows Update
29-04-2014 02:04:36 Windows Update
02-05-2014 15:25:51 Windows Update
03-05-2014 00:05:56 Windows Update
03-05-2014 00:07:58 Windows Update
03-05-2014 00:12:11 Windows Update
03-05-2014 00:16:28 Windows Update
03-05-2014 00:22:01 Windows Update
03-05-2014 00:44:18 Windows Update
03-05-2014 06:51:10 Windows Update
03-05-2014 18:14:18 Windows Update
03-05-2014 22:53:48 Windows Update
04-05-2014 04:38:02 Malwarebytes Anti-Rootkit Restore Point
04-05-2014 04:53:48 Windows Update
04-05-2014 04:54:33 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DCFF6E2-A4C2-4DA0-B0C7-404C5D3D4B05} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-02-10] (Seagate Technology LLC)
Task: {1F4C46EA-24C6-4CA8-BB68-D40AF77B7DEF} - System32\Tasks\KoLet DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-02-10] (Seagate Technology LLC)
Task: {44C34025-45D4-4E92-8120-1B4FEB5B67CB} - System32\Tasks\KoLet1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-02-10] (Seagate Technology LLC)
Task: {5885D621-BF7E-4894-B099-B5F5E90AF25B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1740763064-2415086497-2998570533-1001UA => C:\Users\KoLet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
Task: {6F6B606F-9433-4012-839E-EA61C250E8A7} - System32\Tasks\KoLet1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-02-10] (Seagate Technology LLC)
Task: {788C6A3C-D84C-4B86-AAAF-4D594ED91ECE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1740763064-2415086497-2998570533-1001Core => C:\Users\KoLet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
Task: {830ABC5F-BCEC-4AC3-A5DA-7E4719CEE658} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {CE4612D6-865E-46E6-A8C8-E78BF08ACC3D} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-07-05] (Nero AG)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1740763064-2415086497-2998570533-1001Core.job => C:\Users\KoLet\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1740763064-2415086497-2998570533-1001UA.job => C:\Users\KoLet\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-19 19:41 - 2012-07-31 11:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2006-09-14 08:56 - 2006-09-14 08:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2011-11-08 01:16 - 2011-04-04 19:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-30 12:05 - 2010-07-12 07:52 - 00548864 _____ () C:\Program Files (x86)\Greenshot\Greenshot.exe
2011-08-10 20:58 - 2011-08-10 20:58 - 00627304 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2012-09-30 12:05 - 2010-07-12 07:52 - 00028672 _____ () C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll
2011-08-10 20:57 - 2011-08-10 20:57 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2012-01-16 21:22 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2012-01-16 21:22 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-02-13 08:41 - 2014-02-13 08:41 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-11-08 01:24 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2014 07:57:59 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/04/2014 08:31:53 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 09:40:00 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 05:31:32 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 05:15:37 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 05:11:51 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 05:08:01 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 03:50:24 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 02:44:00 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 02:42:01 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/03/2014 05:12:15 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/03/2014 05:10:10 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/03/2014 05:10:10 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load:
AFD
DfsC
discache
MpFilter
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (05/03/2014 05:10:10 PM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (05/03/2014 05:10:07 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: The Power service terminated with the following error:
%%4203

Error: (05/03/2014 05:10:07 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (05/03/2014 05:10:07 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:
%%31

Error: (05/03/2014 05:10:07 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (05/03/2014 05:10:07 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (05/03/2014 05:10:07 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Microsoft Office Sessions:
=========================
Error: (05/05/2014 07:57:59 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/04/2014 08:31:53 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 09:40:00 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 05:31:32 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 05:15:37 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 05:11:51 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 05:08:01 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 03:50:24 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 02:44:00 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 02:42:01 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2012-07-29 16:57:53.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\8CCE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-29 16:57:53.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\8CCE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-29 16:45:14.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\E5B7.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-29 16:45:14.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\E5B7.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-29 16:44:52.052
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\8CCE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-29 16:44:52.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\8CCE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 8096.28 MB
Available physical RAM: 4851.89 MB
Total Pagefile: 16190.73 MB
Available Pagefile: 13233.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:616.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D57FC46F)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

And here is the Search.txt file:

 

Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by KoLet at 2014-05-05 18:22:29
Running from C:\Users\KoLet\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2010-11-20 20:24] - [2010-11-20 20:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

====== End Of Search ======

 

Thank you so much Gingo!



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 AM

Posted 06 May 2014 - 07:10 AM

Hello jimcrofts



I need you to download this script I have made for you --> Attached File  fixlist.txt   432bytes   36 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jimcrofts

jimcrofts
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 06 May 2014 - 06:54 PM

Sorry for the delay. Here is the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2014
Ran by KoLet at 2014-05-06 16:48:57 Run:1
Running from C:\Users\KoLet\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-04-16 09:23 - 2014-05-03 20:55 - 00000075 _____ () C:\Windows\system32\ryohfsa.ffg
2014-04-16 09:14 - 2014-04-16 09:14 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-04-16 09:13 - 2014-04-16 09:13 - 00000064 _____ () C:\Windows\system32\ijxyehi.upj
2014-04-16 09:13 - 2014-04-16 09:13 - 00000000 _____ () C:\Windows\system32\mpgl.cwa
2014-04-16 08:57 - 2014-04-16 08:57 - 00234915 ____S () C:\Windows\system32\afqmozy.jqg

*****************

C:\Windows\system32\ryohfsa.ffg => Moved successfully.
C:\Windows\SysWOW64\u => Moved successfully.
C:\Windows\system32\ijxyehi.upj => Moved successfully.
C:\Windows\system32\mpgl.cwa => Moved successfully.
Could not move "C:\Windows\system32\afqmozy.jqg" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-06 16:50:25)<=

C:\Windows\system32\afqmozy.jqg => Is moved successfully.

==== End of Fixlog ====

Thanks again.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 AM

Posted 07 May 2014 - 07:49 AM



Hello jimcrofts

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jimcrofts

jimcrofts
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 07 May 2014 - 01:54 PM

Here are the two reports.  The computer appears to be running perfectly!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by KoLet on Wed 05/07/2014 at 11:34:49.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\KoLet\appdata\local\{01F0734E-DB17-4C90-A47A-DF86F94D1A23}
Successfully deleted: [Empty Folder] C:\Users\KoLet\appdata\local\{064FA279-F33E-4390-86AC-38777ABDBBB7}
Successfully deleted: [Empty Folder] C:\Users\KoLet\appdata\local\{1348E08F-F62A-42E0-8D02-94E011D23E80}
Successfully deleted: [Empty Folder] C:\Users\KoLet\appdata\local\{18114664-1795-4D61-A166-5D7D6F0821BD}
Successfully deleted: [Empty Folder] C:\Users\KoLet\appdata\local\{3D064353-7D97-4AC1-A626-2654A1F9B414}
Successfully deleted: [Empty Folder] C:\Users\KoLet\appdata\local\{A44B47E1-3ACD-47D9-9552-20B1E62FE7D5}
Successfully deleted: [Empty Folder] C:\Users\KoLet\appdata\local\{B2CB9200-AF6C-42AB-A50B-FE952F4D5038}
Successfully deleted: [Empty Folder] C:\Users\KoLet\appdata\local\{B836C216-6498-457D-90B8-36046559A5DA}
Successfully deleted: [Empty Folder] C:\Users\KoLet\appdata\local\{B886B460-AFFB-46C8-8E59-6AE88185B000}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/07/2014 at 11:38:34.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.207 - Report created 07/05/2014 at 11:29:24
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : KoLet - KOLET-PC
# Running from : C:\Users\KoLet\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866

-\\ Google Chrome v

[ File : C:\Users\KoLet\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1018 octets] - [07/05/2014 11:27:20]
AdwCleaner[R1].txt - [1078 octets] - [07/05/2014 11:28:48]
AdwCleaner[S0].txt - [1009 octets] - [07/05/2014 11:29:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1069 octets] ##########

 

Thank you again Gringo.



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 AM

Posted 08 May 2014 - 11:00 AM


Hello jimcrofts

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jimcrofts

jimcrofts
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 08 May 2014 - 09:16 PM

I am unable to run combofix successfully.  I downloaded combofix.exe to my desktop, disabled security essentials, then double-clicked the combofix icon.  A box came up and information scrolled by saying files being extracted etc.  Then a second box came up with a couple moving progress bars.  Then in the first box, everything stopped with the last line of "Can't write: c:\32788R22FWJFW\pev.3XE".  I could find no obvious output file.

 

So I rebooted the computer, this time re-ran combofix by right-clicking the icon to run as administrator and it appeared to run without errors but no again output file that I can find.  But now I have a very odd entry in the root of c:.  It's a computer icon with the same name as above, 32788R22FWJFW, with subfolders showing all of my drive letters but nothing else.

 

What did I do wrong?



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 AM

Posted 09 May 2014 - 04:18 AM


Hello jimcrofts

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jimcrofts

jimcrofts
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 09 May 2014 - 01:58 PM

No luck running Combofix in safe mode.  Combofix started, but then gave the following in a warning dialog box:

Error saving file

c:\Windows\erdnt\Hiv-backup\BCD !

Continue to the next file?

[regCreateKeyEx: 5 - Access is denied]

The warning box provided "Yes" and "No" buttons.  I chose yes.

 

Then the program continued and I chose Yes to the following warnings:

c:\Windows\erdnt\Hiv-backup\system !

Continue to the next file?

[regCreateKeyEx: 5 - Access is denied]

 

c:\Windows\erdnt\Hiv-backup\software !

Continue to the next file?

[regCreateKeyEx: 5 - Access is denied]

 

c:\Windows\erdnt\Hiv-backup\default !

Continue to the next file?

[regCreateKeyEx: 5 - Access is denied]

 

c:\Windows\erdnt\Hiv-backup\sam !

Continue to the next file?

[regCreateKeyEx: 5 - Access is denied]

 

c:\Windows\erdnt\Hiv-backup\users\00000001\

Continue to the next file?

[regCreateKeyEx: 5 - Access is denied]

 

c:\Windows\erdnt\Hiv-backup\users\00000002\r

Continue to the next file?

[regCreateKeyEx: 5 - Access is denied]

 

c:\Windows\erdnt\Hiv-backup\users\00000002\ntuser.dat !

Continue to the next file?

[regCreateKeyEx: 5 - Access is denied]

 

c:\Windows\erdnt\Hiv-backup\users\00000004\UsrClass.dat !

Continue to the next file?

[regCreateKeyEx: 5 - Access is denied]

 

I chose yes to continue at each of those warnings, then the program ended with no other process or output.

 

Could this be due to running the prior partial installations of combofix?



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:02 AM

Posted 09 May 2014 - 08:16 PM


Hello jimcrofts

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users