Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think the Windows Media Player virus has infected my computer


  • This topic is locked This topic is locked
46 replies to this topic

#1 therrrn

therrrn

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 22 May 2014 - 06:28 PM

A few days ago, I went on my computer and "Windows Media Player" tried opening about 15 times. It looked weird and went to I went to go online to look up what was going on with WMP, I couldn't. I couldn't open any other programs at all, so I concluded that I had some sort of infection on my computer. I started looking it up on my phone and found a helpful forum where they started directing me to try to run regedit, but it wouldn't work either. So we went in under safe mode and tried running things from there and still nothing would work. We tried doing a system restore and after running, I received a pop-up stating that it did not go through and I needed to pick an earlier date. However, there were no earlier date options presented. Then, we looked at something else (I'm sorry I don't remember, by now it had been hours and it was 5 am, I was very tired) to check if my system files were destroyed or able to be recovered or something else along those lines. He said that they were recoverable but I would need a clean computer, a flash drive and I would need to contact him from that computer. He also told me that to completely fix the whole thing, his company would have to charge me. Now, I understand that there are plenty of legitimate online tech supports that may need to charge for their services, but I was uncomfortable with the situation, so I told him I would try to find help and if I couldn't, I would contact them later. Then I asked friends who I know that fix computers if they could take a look at mine. A friend told me to dl a program that would let him look at my computer remotely, so I loaded it on a clean computer to a USB and turned on my computer to see if I could load it on that way. When I turned my computer on, it seemed to be working and it said system restore successful or something along those lines. So when my friend was accessing my computer, he said everything looked fine, he couldn't find any files that looked sketchy or anything anymore, so he told me to run malware bytes and I should be fine. So I did that, it said that nothing was found and I thought I was good to go. Then, after using the computer for a night, the next morning, no .exe files would run. I couldn't access anything, so I restarted the computer and hit f8 because I was going to try to log on in safe mode and try the system restore again, since that worked last time and I was able to try to work on the computer, but an option came up that said repair computer, so I chose that. It offered the system restore from there and I chose that and it worked fine. After that,  I went looking on all the forums on here, not wanting to post anything about an issue that had already been addressed. After reading what felt like hundreds of posts, I did a ton to the computer and as frustrating as it may be, I don't remember it all. I ran Malwarebytes Anti Root Kit, AwCleaner, ComboFix (which I just now saw in the instructions to not run unless told to, so I apologize if that's made this whole ordeal harder) and Spyhunter 4, which I didn't find out until later usually gives a ton of false positives, which was frustrating. I couldn't uninstall it through "Programs and Features" so I did it through regedit, which seemed to work. Then I ran rkill, then Super Antispyware. SA ran all night and when I woke up, it had found 400+ tracking cookies, but that was it. I was in the process of deleting them when about 2 hours in, my computer went to a blue screen that said windows has shut down to prevent damage to files or something along those lines. I'm sorry I don't remember the exact wording. So I logged on under safe mode and came straight here to post because I don't know what else to do. I hope I didn't make things worse by trying to handle all of this myself. If so, I'm very sorry. If you can help, I would love it, if not, I'll probably just end up taking it in somewhere. So here is the DDS and I'll attach the attach file. Thank you again for your time and I'll be waiting to do anything else to it until I get a response. Thanks. Oh, and I can't change the time on my computer anymore. It says that it can't find the program to run timedate.cpl and asks if I would like to find the program manually or look online. It's the same thing it was doing with the .exe files before, but instead of offering windows media player as the only option when looking for the program yourself or bringing you to some fake page that offers to let you buy the program, it gives me all my normal options and brings me to microsoft's page, so I don't know what that all means. I wasn't sure if that was worth mentioning or not. Also, I don't know if it matters that I ran this in safe mode or not. If you need it done in regular mode, please let me know and I can run it again and post that information. Thanks. 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Owner at 16:38:47 on 2014-05-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.3018 [GMT -7:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}\3557275675563747D25374D23454 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}\3596467756C6C6 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}\4586560264F6E637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}\74962637F6E6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{709B40FF-8646-458D-9811-B527DD3EB7C2} : NameServer = 0.0.0.0
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-17 55856]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-17 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-1-17 74280]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-1-17 7689216]
S1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-2 28600]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-17 98208]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-4 440400]
S2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-4 440400]
S2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-2 108440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-28 606720]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-1 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-1 701512]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 1025408]
S2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-5-20 5024576]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-17 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-28 911872]
S3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2011-1-17 71168]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-1-17 175104]
S3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2011-1-17 81920]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-1-17 53800]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-17 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-17 175168]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 14872]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2014-5-21 22704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-14 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-17 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-17 287232]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-1 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-17 245792]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-19 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-17 689472]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.chm: <filetype is not registered>
.ini: <filetype is not registered>
.inf: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-05-22 19:16:11 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B3F735AE-6B5B-4ACA-B298-7C4C2A000944}\mpengine.dll
2014-05-22 09:04:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-05-22 09:04:00 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-05-22 09:04:00 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-05-22 06:06:04 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-22 04:59:30 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-05-22 04:59:24 110080 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconF7A21AF7.exe
2014-05-22 04:59:24 110080 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconD7F16134.exe
2014-05-22 04:59:24 110080 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\Icon1226A4C5.exe
2014-05-22 04:59:23 -------- d-----w- C:\sh4ldr
2014-05-22 04:58:40 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-22 04:40:39 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-22 04:21:24 98816 ----a-w- C:\Windows\sed.exe
2014-05-22 04:21:24 256000 ----a-w- C:\Windows\PEV.exe
2014-05-22 04:21:24 208896 ----a-w- C:\Windows\MBR.exe
2014-05-21 22:54:25 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-21 22:52:32 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-21 19:48:04 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-05-21 19:48:03 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-21 19:48:03 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-21 19:48:03 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-05-21 19:48:01 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-05-21 19:48:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-05-21 19:48:01 538112 ----a-w- C:\Windows\SysWow64\objsel.dll
2014-05-21 19:48:01 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-05-21 19:48:01 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-05-21 19:48:01 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-21 19:48:01 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-21 19:48:00 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-20 14:26:01 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-05-08 13:19:36 -------- d-----w- C:\Users\Owner\AppData\Local\CrashDumps
2014-05-06 10:02:27 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 04:38:08 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 04:38:08 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-05 22:21:56 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieUserList
2014-05-05 22:21:56 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieSiteList
2014-05-02 19:39:27 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-02 19:39:27 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-04-29 03:36:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-04-14 20:16:31 0 ----a-w- C:\Windows\SysWow64\sho98C5.tmp
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-10 03:05:23 0 ----a-w- C:\Windows\SysWow64\sho4D95.tmp
2014-03-31 16:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-13 00:03:59 0 ----a-w- C:\Windows\SysWow64\sho5B2F.tmp
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:17:38 35328 ----a-w- C:\Windows\SysWow64\wincredprovider.dll
2014-03-04 09:17:27 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-03-04 09:17:26 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-03-04 09:17:22 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:08 47616 ----a-w- C:\Windows\SysWow64\dpapiprovider.dll
2014-03-04 09:17:08 36864 ----a-w- C:\Windows\SysWow64\dimsroam.dll
2014-03-04 09:17:07 51200 ----a-w- C:\Windows\SysWow64\cngprovider.dll
2014-03-04 09:17:07 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-03-04 09:17:06 48128 ----a-w- C:\Windows\SysWow64\capiprovider.dll
2014-03-04 09:17:05 49664 ----a-w- C:\Windows\SysWow64\adprovider.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 16:41:29.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 23 May 2014 - 11:36 PM

And now it just flashed a red screen, then a green screen, then a blue screen, then a black one. Then it stayed black, so I restarted it and now it's working fine apparently. I hate this thing.  



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 27 May 2014 - 06:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/535230 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 27 May 2014 - 09:06 PM

I don't seem to have any more regular issues, but last night, my computer again went to blue screen saying that Windows shut itself down before it's files or system could be damaged or something along those lines. I still can't change the time on my computer. I do not have the original Windows disk. Also, the last dds/attach files that I posted were posted under safe mode and I don't know if that makes a difference at all, so I ran these scans in the regular mode. Oh, and I have stopped letting windows update automatically, since that's when the problems seem to come back. I mean, I know that the update itself isn't the issue. I'm just assuming that I'm suppressing the issue somehow and when it updates, the suppression ends. Who knows, I clearly have no clue what I'm doing. Also, I unchecked "Real time protection" on my windows defender when I did this. I don't know why it says "enabled" of if that even has anything to do with what I'm talking about. I just figured I would put that out there in case you wanted to ask. Thanks again for your help. 
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Owner at 19:59:45 on 2014-05-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2252 [GMT -7:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}\3557275675563747D25374D23454 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}\3596467756C6C6 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}\4586560264F6E637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3DE5FF03-1AB6-480F-8FF4-A748166BC0F6}\74962637F6E6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{709B40FF-8646-458D-9811-B527DD3EB7C2} : NameServer = 0.0.0.0
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-17 55856]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-2 28600]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-17 98208]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-2 108440]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-28 606720]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-1 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-5-20 5024576]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-17 2533400]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-28 911872]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2011-1-17 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-1-17 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2011-1-17 81920]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-1-17 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-17 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-17 175168]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-17 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-17 287232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-1-17 74280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-1 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-1-17 7689216]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-4 440400]
S2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-4 440400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-14 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-17 245792]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-19 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-17 689472]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.chm: <filetype is not registered>
.ini: <filetype is not registered>
.inf: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-05-23 20:24:21 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBD20143-D70E-43BC-8D9E-577B8E008E88}\mpengine.dll
2014-05-23 08:24:19 -------- d-----w- C:\MATS
2014-05-22 09:04:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-05-22 09:04:00 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-05-22 09:04:00 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-05-22 06:06:04 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-22 04:59:24 110080 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconF7A21AF7.exe
2014-05-22 04:59:24 110080 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconD7F16134.exe
2014-05-22 04:59:24 110080 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\Icon1226A4C5.exe
2014-05-22 04:58:40 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-22 04:40:39 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-22 04:21:24 98816 ----a-w- C:\Windows\sed.exe
2014-05-22 04:21:24 256000 ----a-w- C:\Windows\PEV.exe
2014-05-22 04:21:24 208896 ----a-w- C:\Windows\MBR.exe
2014-05-21 22:54:25 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-21 22:52:32 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-21 19:48:04 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-05-21 19:48:03 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-21 19:48:03 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-21 19:48:03 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-05-21 19:48:01 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-05-21 19:48:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-05-21 19:48:01 538112 ----a-w- C:\Windows\SysWow64\objsel.dll
2014-05-21 19:48:01 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-05-21 19:48:01 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-05-21 19:48:01 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-21 19:48:01 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-21 19:48:00 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-20 14:26:01 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-05-08 13:19:36 -------- d-----w- C:\Users\Owner\AppData\Local\CrashDumps
2014-05-06 10:02:27 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 04:38:08 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 04:38:08 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-05 22:21:56 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieUserList
2014-05-05 22:21:56 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieSiteList
2014-05-02 19:39:27 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-02 19:39:27 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-04-29 03:36:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-04-14 20:16:31 0 ----a-w- C:\Windows\SysWow64\sho98C5.tmp
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-10 03:05:23 0 ----a-w- C:\Windows\SysWow64\sho4D95.tmp
2014-03-31 16:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-13 00:03:59 0 ----a-w- C:\Windows\SysWow64\sho5B2F.tmp
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:17:38 35328 ----a-w- C:\Windows\SysWow64\wincredprovider.dll
2014-03-04 09:17:27 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-03-04 09:17:26 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-03-04 09:17:22 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:08 47616 ----a-w- C:\Windows\SysWow64\dpapiprovider.dll
2014-03-04 09:17:08 36864 ----a-w- C:\Windows\SysWow64\dimsroam.dll
2014-03-04 09:17:07 51200 ----a-w- C:\Windows\SysWow64\cngprovider.dll
2014-03-04 09:17:07 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-03-04 09:17:06 48128 ----a-w- C:\Windows\SysWow64\capiprovider.dll
2014-03-04 09:17:05 49664 ----a-w- C:\Windows\SysWow64\adprovider.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 19:59:57.47 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/22/2011 3:11:22 AM
System Uptime: 5/27/2014 4:57:12 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 021CN3
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz | U2E1 | 2533/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 124.035 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP447: 5/20/2014 2:04:03 PM - Windows Update
RP448: 5/21/2014 3:17:33 AM - Windows Update
RP449: 5/21/2014 3:51:53 PM - Windows Update
RP450: 5/21/2014 5:38:59 PM - Removed Samsung PC Studio 3 USB Driver Installer
RP451: 5/21/2014 9:58:46 PM - Installed SpyHunter
RP452: 5/21/2014 11:26:29 PM - Removed SpyHunter
RP453: 5/21/2014 11:29:49 PM - Removed SpyHunter
RP454: 5/21/2014 11:32:28 PM - Removed SpyHunter
RP455: 5/26/2014 4:18:08 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1.2
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Avira Free Antivirus
Best Buy pc app
Bonjour
Canon MX430 series MP Drivers
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Product Registration
Dell Webcam Central
Full Tilt Poker
Google Chrome
Google Earth
Google Update Helper
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Officejet 6700 Basic Device Software
HP Photo Creations
HP Update
Intel PROSet Wireless
Intel WiMAX Tutorial
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® PROSet/Wireless WiMAX Software
Internet Explorer
IrfanView (remove only)
iTunes
Java 7 Update 55
Java Auto Updater
Java™ 6 Update 22 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
MotoHelper MergeModules
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Photo Story 3 for Windows
PokerStars
Quickset64
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype Click to Call
Skype™ 6.14
Smart PDF Creator 6.3.0.467
Spotify
SUPERAntiSpyware
Synaptics Pointing Device Driver
TeamViewer 9
VC80CRTRedist - 8.0.50727.6195
VLC
VLC media player 1.1.11
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/27/2014 7:39:02 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
5/27/2014 3:57:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2952664).
5/27/2014 3:57:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2926765).
5/27/2014 3:57:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2931356).
5/27/2014 3:57:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2953522).
5/27/2014 3:50:40 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2014 3:50:22 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
5/27/2014 3:50:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003e4f1a4, 0xfffff88009d8bd50, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052714-41855-01.
5/27/2014 3:50:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache SASDIFSV SASKUTIL spldr Wanarpv6
5/27/2014 3:50:02 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2014 12:47:45 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/27/2014 12:47:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/27/2014 12:46:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect.
5/27/2014 12:46:32 PM, Error: Service Control Manager [7000] - The Avira Real-Time Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/27/2014 12:46:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect.
5/27/2014 12:46:31 PM, Error: Service Control Manager [7000] - The Avira Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2014 4:38:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
5/22/2014 4:31:49 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/22/2014 4:30:24 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/22/2014 4:30:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/22/2014 4:30:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/22/2014 4:30:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/22/2014 4:30:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/22/2014 4:29:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003e3e1a4, 0xfffff8800ac73dc0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052214-21325-01.
5/21/2014 9:37:34 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/21/2014 9:36:56 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/21/2014 2:35:39 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
5/21/2014 2:01:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
5/21/2014 11:20:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.
5/21/2014 11:20:13 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2014 11:13:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache spldr Wanarpv6
5/21/2014 11:11:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
5/21/2014 11:10:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
5/21/2014 11:08:35 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:32 PM, Error: Service Control Manager [7034] - The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:32 PM, Error: Service Control Manager [7034] - The Intel® Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:32 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/21/2014 11:08:32 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/21/2014 11:08:32 PM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/21/2014 11:08:31 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:30 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:30 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:30 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:30 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:30 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:30 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:30 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:30 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/21/2014 11:08:30 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2014 11:08:30 PM, Error: Service Control Manager [7031] - The Intel® PROSet/Wireless WiMAX Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2014 11:08:30 PM, Error: Service Control Manager [7031] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2014 11:08:30 PM, Error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2014 11:08:30 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2014 11:08:29 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 11:08:29 PM, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).
5/20/2014 7:23:25 AM, Error: Service Control Manager [7022] - The Intel® Management & Security Application User Notification Service service hung on starting.
5/20/2014 7:21:23 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/20/2014 2:13:08 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 29 May 2014 - 09:09 AM.
Posted Attach


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 29 May 2014 - 09:08 AM

Greetings therrrn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I appreciate your very detailed explanation of the steps you have taken thus far. Now having the full picture will now allow us to be far more brief in our back and forth so as not to confuse the issues and ensure we are efficient and effective.

While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information
  • BSOD log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 30 May 2014 - 04:04 AM

Oh, thank you so much for taking the time to help me at all! My name is Erin and I am so grateful for your help, Gary. I am in the process of moving and I am leaving day after tomorrow. So I am packing non stop and driving long distances and all that, but I should be able to check every day, if not multiple times daily. If for some reason, I cannot check for a day, please be assured that I absolutely will still need your help. Even if I just post that I saw the message and I will run the actions asap, I will do my very best to check at least daily. If for some reason, I no longer need help, coming here and letting you know will be one of the first things I do. 

 

So, I ran the FRST for my 64 bit system. After downloading, before I was able to scan, this error popped up. http://imgur.com/vomTYcZ

 

I hit ok, then it worked just fine, so I don't know if that was important or not, but I figured I would include it. 

 

 

This is the FRST notepad text:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Owner (administrator) on ERIN on 30-05-2014 02:40:09
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-10-03] (Intel® Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2923065098-2265594029-2962721977-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0BB51F8967DCC01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3C0B9203-745F-446D-81C7-77ED9BAA6977} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{709B40FF-8646-458D-9811-B527DD3EB7C2}: [NameServer]0.0.0.0
 
FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @spoon.net/Spoon Plugin 3.33 - C:\Users\Owner\AppData\Local\Spoon\3.33.6.244\npMozillaSpoonPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-05]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-30 02:40 - 2014-05-30 02:40 - 00015962 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-05-30 02:39 - 2014-05-30 02:40 - 00000000 ____D () C:\FRST
2014-05-30 02:38 - 2014-05-30 02:39 - 02066944 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-05-28 00:19 - 2014-05-28 00:19 - 00020054 _____ () C:\Users\Owner\Downloads\attach.txt
2014-05-27 20:02 - 2014-05-27 20:02 - 00017408 _____ () C:\Users\Owner\Desktop\Attach3.txt
2014-05-27 20:01 - 2014-05-27 20:01 - 00022556 _____ () C:\Users\Owner\Desktop\DDS3.txt
2014-05-27 19:59 - 2014-05-27 19:59 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds (3).com
2014-05-27 19:51 - 2014-05-27 19:51 - 00022606 _____ () C:\Users\Owner\Desktop\DDS2.txt
2014-05-27 19:51 - 2014-05-27 19:51 - 00017408 _____ () C:\Users\Owner\Desktop\Attach2.txt
2014-05-27 19:47 - 2014-05-27 19:48 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds (2).com
2014-05-27 03:49 - 2014-05-27 03:50 - 00279280 _____ () C:\Windows\Minidump\052714-41855-01.dmp
2014-05-23 01:26 - 2014-05-23 01:26 - 00003318 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-05-23 01:25 - 2014-05-23 01:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.139324255297257531.1.3.Run.exe
2014-05-23 01:24 - 2014-05-23 01:24 - 00000000 ____D () C:\MATS
2014-05-23 01:23 - 2014-05-23 01:23 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.139324255297257531.1.2.Run.exe
2014-05-22 23:56 - 2014-05-22 23:56 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.139324255297257531.1.1.Run.exe
2014-05-22 16:41 - 2014-05-27 20:00 - 00017408 _____ () C:\Users\Owner\Desktop\attach.txt
2014-05-22 16:41 - 2014-05-27 19:59 - 00022556 _____ () C:\Users\Owner\Desktop\dds.txt
2014-05-22 16:37 - 2014-05-22 16:38 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds (1).com
2014-05-22 16:37 - 2014-05-22 16:37 - 00688992 _____ (Swearware) C:\Users\Owner\Downloads\dds.com
2014-05-22 16:29 - 2014-05-27 03:49 - 503367130 _____ () C:\Windows\MEMORY.DMP
2014-05-22 16:29 - 2014-05-22 16:29 - 00279280 _____ () C:\Windows\Minidump\052214-21325-01.dmp
2014-05-22 02:04 - 2014-05-22 02:04 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-22 02:04 - 2014-05-22 02:04 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-05-22 02:04 - 2014-05-22 02:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-22 02:04 - 2014-05-22 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-22 02:04 - 2014-05-22 02:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-22 02:00 - 2014-05-22 02:03 - 19222352 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-05-22 01:58 - 2014-05-22 02:01 - 00002122 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-05-22 01:54 - 2014-05-22 01:54 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.scr
2014-05-22 01:54 - 2014-05-22 01:54 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.scr
2014-05-22 01:39 - 2014-05-22 01:39 - 285664776 _____ () C:\Users\Owner\Desktop\backup.reg
2014-05-21 23:27 - 2014-05-21 23:31 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-21 23:23 - 2014-05-21 23:23 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2014-05-21 23:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-21 23:03 - 2014-05-21 23:04 - 01326389 _____ () C:\Users\Owner\Downloads\adwcleaner_3.210.exe
2014-05-21 21:58 - 2014-05-23 01:26 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-21 21:40 - 2014-05-21 21:40 - 00024760 _____ () C:\ComboFix.txt
2014-05-21 21:40 - 2014-05-21 21:40 - 00000000 ____D () C:\Users\TS\AppData\Local\temp
2014-05-21 21:40 - 2014-05-21 21:40 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-21 21:40 - 2014-05-21 21:40 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-21 21:40 - 2014-05-21 21:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-21 21:21 - 2014-05-21 21:40 - 00000000 ____D () C:\Qoobox
2014-05-21 21:21 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-21 21:21 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-21 21:21 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-21 21:21 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-21 21:21 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-21 21:21 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-21 21:21 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-21 21:21 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-21 21:20 - 2014-05-21 21:38 - 00000000 ____D () C:\Windows\erdnt
2014-05-21 21:18 - 2014-05-21 21:20 - 05200426 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-05-21 15:54 - 2014-05-21 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-21 15:52 - 2014-05-21 15:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-21 15:51 - 2014-05-21 17:24 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-05-21 12:48 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-21 12:48 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-21 12:48 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-21 12:48 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-21 12:48 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-21 12:48 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-21 12:48 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-21 12:48 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-21 12:48 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-21 12:48 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-21 12:48 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-21 12:48 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-21 12:47 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-21 12:47 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-21 12:47 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-21 12:47 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-21 12:47 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-21 12:47 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-21 12:47 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-21 12:47 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-21 12:47 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-21 12:47 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-21 12:47 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-21 12:47 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-21 12:47 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-21 12:47 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-21 12:47 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-21 12:47 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-21 12:47 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-21 12:47 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-21 12:47 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-21 12:47 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-21 00:09 - 2014-05-21 00:10 - 00094871 _____ () C:\Users\Owner\Downloads\sapaa_dtab_sep2013.pptx
2014-05-20 19:26 - 2014-05-20 19:26 - 00021528 _____ () C:\Users\Owner\Downloads\[kickass.to]24.s09e04.hdtv.x264.lol.ettv.torrent
2014-05-20 19:25 - 2014-05-20 19:25 - 00025849 _____ () C:\Users\Owner\Downloads\[kickass.to]game.of.thrones.s04e07.hdtv.x264.killers.ettv.torrent
2014-05-20 07:26 - 2014-05-20 07:26 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-20 07:26 - 2014-05-20 07:26 - 00001168 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-20 07:26 - 2014-05-20 07:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-20 07:19 - 2014-05-20 07:20 - 06171848 _____ (TeamViewer GmbH) C:\Users\Owner\Downloads\TeamViewer_Setup_en.exe
2014-05-16 04:31 - 2014-05-16 03:59 - 00000000 ___RD () C:\Users\TS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-16 04:31 - 2014-05-16 03:59 - 00000000 ___RD () C:\Users\TS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-16 04:31 - 2014-05-16 03:59 - 00000000 ____D () C:\Users\TS
2014-05-16 04:31 - 2013-03-20 11:34 - 00000000 ____D () C:\Users\TS\AppData\Roaming\Macromedia
2014-05-16 04:31 - 2011-01-17 03:45 - 00000000 ____D () C:\Users\TS\AppData\Local\SoftThinks
2014-05-12 23:26 - 2014-05-12 23:26 - 00012220 _____ () C:\Users\Owner\Downloads\[kickass.to]24.s09e03.hdtv.x264.lol.eztv.torrent
2014-05-10 10:29 - 2014-05-10 10:29 - 00132289 _____ () C:\Users\Owner\Downloads\Attachments_2014510.zip
2014-05-08 06:19 - 2014-05-08 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-05-06 03:02 - 2014-05-27 03:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 21:38 - 2014-04-13 19:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-05 21:38 - 2014-04-13 19:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 15:21 - 2014-05-05 15:21 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-05-05 15:21 - 2014-05-05 15:21 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-05-05 01:48 - 2014-05-05 04:22 - 00000000 ____D () C:\Users\Owner\Documents\Fon Wedding
2014-05-02 12:39 - 2014-04-29 07:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 12:39 - 2014-04-29 06:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 12:39 - 2014-04-29 05:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 12:39 - 2014-04-29 05:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 01:39 - 2014-05-04 19:33 - 00000000 ____D () C:\Users\Owner\Downloads\Star Trek Into Darkness (2013) [1080p]
 
==================== One Month Modified Files and Folders =======
 
2014-05-30 02:41 - 2011-02-22 04:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\Temp
2014-05-30 02:40 - 2014-05-30 02:40 - 00015962 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-05-30 02:40 - 2014-05-30 02:39 - 00000000 ____D () C:\FRST
2014-05-30 02:39 - 2014-05-30 02:38 - 02066944 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-05-30 02:36 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 02:35 - 2011-03-19 04:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 02:34 - 2013-04-26 12:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 02:34 - 2011-03-19 07:35 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA.job
2014-05-30 02:34 - 2009-07-13 22:10 - 01988436 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 00:07 - 2011-03-19 07:35 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core.job
2014-05-29 14:40 - 2014-03-12 03:59 - 01750528 ___SH () C:\Users\Owner\Downloads\Thumbs.db
2014-05-29 14:40 - 2011-03-19 06:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\FullTiltPoker
2014-05-29 14:40 - 2011-03-19 06:09 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-05-29 12:30 - 2011-03-19 04:59 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 19:19 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 19:19 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 00:55 - 2011-01-17 03:37 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-28 00:19 - 2014-05-28 00:19 - 00020054 _____ () C:\Users\Owner\Downloads\attach.txt
2014-05-27 20:02 - 2014-05-27 20:02 - 00017408 _____ () C:\Users\Owner\Desktop\Attach3.txt
2014-05-27 20:01 - 2014-05-27 20:01 - 00022556 _____ () C:\Users\Owner\Desktop\DDS3.txt
2014-05-27 20:00 - 2014-05-22 16:41 - 00017408 _____ () C:\Users\Owner\Desktop\attach.txt
2014-05-27 19:59 - 2014-05-27 19:59 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds (3).com
2014-05-27 19:59 - 2014-05-22 16:41 - 00022556 _____ () C:\Users\Owner\Desktop\dds.txt
2014-05-27 19:51 - 2014-05-27 19:51 - 00022606 _____ () C:\Users\Owner\Desktop\DDS2.txt
2014-05-27 19:51 - 2014-05-27 19:51 - 00017408 _____ () C:\Users\Owner\Desktop\Attach2.txt
2014-05-27 19:48 - 2014-05-27 19:47 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds (2).com
2014-05-27 12:46 - 2011-02-22 04:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\SoftThinks
2014-05-27 12:46 - 2011-01-17 03:09 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
2014-05-27 12:46 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 12:46 - 2009-07-13 21:51 - 00177395 _____ () C:\Windows\setupact.log
2014-05-27 03:50 - 2014-05-27 03:49 - 00279280 _____ () C:\Windows\Minidump\052714-41855-01.dmp
2014-05-27 03:50 - 2014-05-06 03:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-27 03:49 - 2014-05-22 16:29 - 503367130 _____ () C:\Windows\MEMORY.DMP
2014-05-27 03:49 - 2013-08-14 08:58 - 00000000 ____D () C:\Windows\Minidump
2014-05-26 04:27 - 2013-08-16 00:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-26 04:23 - 2011-02-22 13:01 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-23 01:26 - 2014-05-23 01:26 - 00003318 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-05-23 01:26 - 2014-05-21 21:58 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-23 01:25 - 2014-05-23 01:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.139324255297257531.1.3.Run.exe
2014-05-23 01:24 - 2014-05-23 01:24 - 00000000 ____D () C:\MATS
2014-05-23 01:23 - 2014-05-23 01:23 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.139324255297257531.1.2.Run.exe
2014-05-22 23:56 - 2014-05-22 23:56 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.139324255297257531.1.1.Run.exe
2014-05-22 17:37 - 2009-07-13 22:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-22 16:38 - 2014-05-22 16:37 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds (1).com
2014-05-22 16:37 - 2014-05-22 16:37 - 00688992 _____ (Swearware) C:\Users\Owner\Downloads\dds.com
2014-05-22 16:29 - 2014-05-22 16:29 - 00279280 _____ () C:\Windows\Minidump\052214-21325-01.dmp
2014-05-22 06:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-22 02:04 - 2014-05-22 02:04 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-22 02:04 - 2014-05-22 02:04 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-05-22 02:04 - 2014-05-22 02:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-22 02:04 - 2014-05-22 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-22 02:04 - 2014-05-22 02:04 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-22 02:03 - 2014-05-22 02:00 - 19222352 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-05-22 02:01 - 2014-05-22 01:58 - 00002122 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-05-22 01:54 - 2014-05-22 01:54 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.scr
2014-05-22 01:54 - 2014-05-22 01:54 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.scr
2014-05-22 01:39 - 2014-05-22 01:39 - 285664776 _____ () C:\Users\Owner\Desktop\backup.reg
2014-05-21 23:31 - 2014-05-21 23:27 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-21 23:23 - 2014-05-21 23:23 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2014-05-21 23:19 - 2011-01-17 04:47 - 01389152 _____ () C:\Windows\PFRO.log
2014-05-21 23:18 - 2013-10-19 10:39 - 00000000 ____D () C:\AdwCleaner
2014-05-21 23:04 - 2014-05-21 23:03 - 01326389 _____ () C:\Users\Owner\Downloads\adwcleaner_3.210.exe
2014-05-21 21:40 - 2014-05-21 21:40 - 00024760 _____ () C:\ComboFix.txt
2014-05-21 21:40 - 2014-05-21 21:40 - 00000000 ____D () C:\Users\TS\AppData\Local\temp
2014-05-21 21:40 - 2014-05-21 21:40 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-21 21:40 - 2014-05-21 21:40 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-21 21:40 - 2014-05-21 21:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-21 21:40 - 2014-05-21 21:21 - 00000000 ____D () C:\Qoobox
2014-05-21 21:40 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-05-21 21:38 - 2014-05-21 21:20 - 00000000 ____D () C:\Windows\erdnt
2014-05-21 21:37 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-21 21:20 - 2014-05-21 21:18 - 05200426 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-05-21 17:41 - 2011-01-17 03:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-21 17:38 - 2014-03-22 12:00 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-05-21 17:33 - 2013-07-31 11:07 - 00000258 __RSH () C:\Users\Owner\ntuser.pol
2014-05-21 17:33 - 2011-02-22 04:11 - 00000000 ____D () C:\Users\Owner
2014-05-21 17:24 - 2014-05-21 15:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-21 17:24 - 2014-05-21 15:51 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-05-21 15:52 - 2014-05-21 15:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-21 13:45 - 2013-03-04 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-21 13:45 - 2013-03-04 00:24 - 00000000 ____D () C:\ProgramData\Avira
2014-05-21 13:45 - 2013-03-04 00:24 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-21 13:45 - 2011-05-24 01:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-05-21 13:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-05-21 13:44 - 2011-03-19 04:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-05-21 00:10 - 2014-05-21 00:09 - 00094871 _____ () C:\Users\Owner\Downloads\sapaa_dtab_sep2013.pptx
2014-05-20 19:26 - 2014-05-20 19:26 - 00021528 _____ () C:\Users\Owner\Downloads\[kickass.to]24.s09e04.hdtv.x264.lol.ettv.torrent
2014-05-20 19:25 - 2014-05-20 19:25 - 00025849 _____ () C:\Users\Owner\Downloads\[kickass.to]game.of.thrones.s04e07.hdtv.x264.killers.ettv.torrent
2014-05-20 13:57 - 2011-02-22 04:12 - 00058408 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-20 13:55 - 2009-07-13 21:45 - 00277608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-20 07:26 - 2014-05-20 07:26 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-20 07:26 - 2014-05-20 07:26 - 00001168 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-20 07:26 - 2014-05-20 07:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-20 07:20 - 2014-05-20 07:19 - 06171848 _____ (TeamViewer GmbH) C:\Users\Owner\Downloads\TeamViewer_Setup_en.exe
2014-05-16 04:00 - 2014-03-16 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-16 04:00 - 2014-01-27 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-16 04:00 - 2013-12-26 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-16 04:00 - 2013-11-19 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX430 series
2014-05-16 04:00 - 2013-10-02 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2014-05-16 04:00 - 2013-10-01 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-16 04:00 - 2013-08-01 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-16 04:00 - 2013-03-14 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-16 04:00 - 2013-03-13 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-16 04:00 - 2013-03-13 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-16 04:00 - 2011-03-24 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2014-05-16 04:00 - 2011-01-17 03:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2014-05-16 04:00 - 2011-01-17 03:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2014-05-16 04:00 - 2011-01-17 03:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-16 04:00 - 2011-01-17 03:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-05-16 04:00 - 2011-01-17 03:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-16 04:00 - 2011-01-17 03:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-05-16 04:00 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-16 04:00 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 04:00 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 04:00 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-16 04:00 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-16 03:59 - 2014-05-16 04:31 - 00000000 ___RD () C:\Users\TS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-16 03:59 - 2014-05-16 04:31 - 00000000 ___RD () C:\Users\TS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-16 03:59 - 2014-05-16 04:31 - 00000000 ____D () C:\Users\TS
2014-05-16 03:59 - 2009-07-14 00:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-12 23:26 - 2014-05-12 23:26 - 00012220 _____ () C:\Users\Owner\Downloads\[kickass.to]24.s09e03.hdtv.x264.lol.eztv.torrent
2014-05-10 10:29 - 2014-05-10 10:29 - 00132289 _____ () C:\Users\Owner\Downloads\Attachments_2014510.zip
2014-05-08 06:19 - 2014-05-08 06:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-05-07 00:02 - 2011-03-19 07:35 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA
2014-05-07 00:02 - 2011-03-19 07:35 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core
2014-05-06 11:44 - 2011-03-19 04:59 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 11:44 - 2011-03-19 04:59 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 15:21 - 2014-05-05 15:21 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-05-05 15:21 - 2014-05-05 15:21 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-05-05 05:18 - 2014-01-18 02:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Spotify
2014-05-05 04:22 - 2014-05-05 01:48 - 00000000 ____D () C:\Users\Owner\Documents\Fon Wedding
2014-05-04 19:33 - 2014-05-02 01:39 - 00000000 ____D () C:\Users\Owner\Downloads\Star Trek Into Darkness (2013) [1080p]
2014-05-04 13:49 - 2014-01-18 02:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Spotify
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\SHSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-29 00:07
 
==================== End Of Log ============================
 
This is the Addition text:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by Owner at 2014-05-30 02:41:59
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.65.0.WIN.FullTilt.COM - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{1A570BFA-D775-47EE-8071-06E9559C14F5}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Intel PROSet Wireless (Version:  - ) Hidden
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.3000 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart PDF Creator 6.3.0.467 (HKLM\...\Smart PDF Creator_is1) (Version: 6.3.0.467 - Smart Soft)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC (HKLM-x32\...\{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}) (Version: 1.0.0.0 - VLC)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
20-05-2014 21:04:03 Windows Update
21-05-2014 10:17:33 Windows Update
21-05-2014 22:51:53 Windows Update
22-05-2014 00:38:59 Removed Samsung PC Studio 3 USB Driver Installer
22-05-2014 04:58:46 Installed SpyHunter
22-05-2014 06:26:29 Removed SpyHunter
22-05-2014 06:29:49 Removed SpyHunter
22-05-2014 06:32:28 Removed SpyHunter
26-05-2014 11:18:08 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2014-05-21 21:37 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0D9567C6-7263-4654-99D1-88513B6B67B5} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: {17F01972-BA25-4761-96F4-D0833EF5A9AE} - System32\Tasks\{A2BA4E4F-5931-41BF-9129-D1AA77CB3D19} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {22288001-8F5E-4E1F-B329-514E949B8D4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23BD1189-E5FC-40C5-87E4-992692AD9BE9} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {2CFDF33C-3172-4054-A770-A654AC02A50A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {344A6E41-9863-4557-B2C9-9A2B8933A068} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-19] (Google Inc.)
Task: {34636674-C610-429C-ABE1-36D60E8FEAC4} - System32\Tasks\Updater32912.exe => C:\Users\Owner\AppData\Local\Updater32912\Updater32912.exe <==== ATTENTION
Task: {53E6E94E-3556-42EA-B90B-7CF0F9AEBBE1} - System32\Tasks\{79D9C216-AD1A-41CD-9445-8CB63E88D743} => C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe [2014-05-28] ()
Task: {6311B852-9446-471C-BB6A-8983A1B8D61E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19] (Google Inc.)
Task: {70CF8754-1E92-4456-836C-47FD290A346A} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {829807B4-2467-4DFA-A7D2-304E341FE9E1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\WSCStub.exe
Task: {8742BF0B-8010-480C-8662-0674C84A5FA4} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {A2FC2D6C-F790-4957-A987-D81A26455AB6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {E1C4C088-71A3-411F-BACF-6D8A4DB09019} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-19] (Google Inc.)
Task: {F5F20B76-00AE-45F6-86F7-BFFCA8F46098} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {F657690F-1376-45E3-BEF3-76F585C8B8DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19] (Google Inc.)
Task: {F905FA34-0FA1-4051-8638-0021C6802A78} - System32\Tasks\PhotoProduct.exe => C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe [2010-07-01] (Visan / RocketLife)
Task: {FE00498E-9BD1-4565-B539-D767060F34BD} - System32\Tasks\Google Updater and Installer => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-19] (Google Inc.)
Task: {FE83669D-364D-465F-A269-623CD57CEE1E} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {FEA7664C-332A-465E-96BD-DE53F4CC2E3B} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2923065098-2265594029-2962721977-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-01-17 03:38 - 2010-08-11 17:19 - 00781536 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-17 03:37 - 2010-08-11 17:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2011-01-17 03:37 - 2010-08-11 17:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-01-17 03:37 - 2010-08-11 17:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-01-17 03:37 - 2010-08-11 17:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-01-17 03:37 - 2010-08-11 17:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-01-17 03:37 - 2010-08-11 17:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-01-17 03:37 - 2010-08-11 17:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2014-05-22 19:38 - 2014-05-13 16:40 - 00716616 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-22 19:38 - 2014-05-13 16:40 - 00126280 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-22 19:38 - 2014-05-13 16:40 - 04217672 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-22 19:38 - 2014-05-13 16:40 - 00414536 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-22 19:37 - 2014-05-13 16:40 - 01732424 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-22 19:38 - 2014-05-13 16:40 - 13695816 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk => C:\Windows\pss\MP3 Rocket (Minimized).lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmazonGSDownloaderTray => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVP => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 => "C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Officejet 6700 (NET) => "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN27V7G1MT05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartSoft PDF Printer Agent => "C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/30/2014 01:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6583
 
Error: (05/30/2014 01:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6583
 
Error: (05/30/2014 01:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2014 01:15:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5164
 
Error: (05/30/2014 01:15:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5164
 
Error: (05/30/2014 01:15:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2014 01:15:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134
 
Error: (05/30/2014 01:15:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4134
 
Error: (05/30/2014 01:15:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2014 01:15:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3120
 
 
System errors:
=============
Error: (05/30/2014 02:34:04 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/29/2014 08:32:46 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/29/2014 02:27:04 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/29/2014 00:17:19 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/29/2014 03:05:18 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/29/2014 01:53:19 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/28/2014 11:29:00 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/28/2014 06:43:33 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/28/2014 04:08:02 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/28/2014 00:09:53 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
Microsoft Office Sessions:
=========================
Error: (05/30/2014 01:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6583
 
Error: (05/30/2014 01:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6583
 
Error: (05/30/2014 01:15:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2014 01:15:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5164
 
Error: (05/30/2014 01:15:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5164
 
Error: (05/30/2014 01:15:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2014 01:15:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134
 
Error: (05/30/2014 01:15:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4134
 
Error: (05/30/2014 01:15:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/30/2014 01:15:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3120
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-21 21:36:56.938
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-21 21:36:56.735
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 50%
Total physical RAM: 3892.52 MB
Available physical RAM: 1927.52 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 4625.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:121.23 GB) NTFS
Drive d: (SONYCD) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
This is the BSOD text:
 
==================================================
Dump File         : 052714-41855-01.dmp
Crash Time        : 5/27/2014 3:48:05 AM
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff800`03e4f1a4
Parameter 3       : fffff880`09d8bd50
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\052714-41855-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 279,280
Dump File Time    : 5/27/2014 3:50:04 AM
==================================================
 
==================================================
Dump File         : 052214-21325-01.dmp
Crash Time        : 5/22/2014 4:27:00 PM
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff800`03e3e1a4
Parameter 3       : fffff880`0ac73dc0
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\052214-21325-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 279,280
Dump File Time    : 5/22/2014 4:29:43 PM
==================================================
 
==================================================
Dump File         : 042814-22838-01.dmp
Crash Time        : 4/28/2014 6:51:15 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`04903060
Parameter 3       : fffff800`00b9c518
Parameter 4       : fffffa80`09589010
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\042814-22838-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 745,504
Dump File Time    : 4/28/2014 8:27:21 PM
==================================================
 
==================================================
Dump File         : 042114-46831-01.dmp
Crash Time        : 4/20/2014 9:00:43 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`04915a10
Parameter 3       : fffff800`00b9c518
Parameter 4       : fffffa80`04194520
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\042114-46831-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 745,344
Dump File Time    : 4/21/2014 12:37:52 AM
==================================================
 
==================================================
Dump File         : 040114-18486-01.dmp
Crash Time        : 3/31/2014 11:49:30 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`048ffa10
Parameter 3       : fffff800`04de1518
Parameter 4       : fffffa80`03bc0010
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\040114-18486-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 745,288
Dump File Time    : 4/1/2014 12:05:47 PM
==================================================
 
==================================================
Dump File         : 021714-27300-01.dmp
Crash Time        : 2/17/2014 7:38:48 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`04905a10
Parameter 3       : fffff800`00b9c518
Parameter 4       : fffffa80`09655a50
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\021714-27300-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 771,056
Dump File Time    : 2/17/2014 8:11:11 PM
==================================================
 
==================================================
Dump File         : 020514-16582-01.dmp
Crash Time        : 2/5/2014 7:31:47 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`048fea10
Parameter 3       : fffff800`00b9c518
Parameter 4       : fffffa80`03de88d0
Caused By Driver  : Wdf01000.sys
Caused By Address : Wdf01000.sys+4866
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\020514-16582-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 771,112
Dump File Time    : 2/5/2014 9:13:18 PM
==================================================
 
==================================================
Dump File         : 011114-33446-01.dmp
Crash Time        : 1/10/2014 11:58:15 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`048fda10
Parameter 3       : fffff800`00b9c518
Parameter 4       : fffffa80`04845c60
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\011114-33446-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 762,864
Dump File Time    : 1/11/2014 1:27:20 AM
==================================================
 
==================================================
Dump File         : 081413-16255-01.dmp
Crash Time        : 8/14/2013 8:56:49 AM
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff880`0424743a
Parameter 3       : fffff880`0adfda50
Parameter 4       : 00000000`00000000
Caused By Driver  : afd.sys
Caused By Address : afd.sys+243a
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+75c00
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\081413-16255-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 279,280
Dump File Time    : 8/14/2013 8:58:42 AM
==================================================
 
I hope I did everything right. If there's something I missed or did incorrectly, please let me know and I will do whatever I need to do to fix it. Thank you again and I will talk to you soon. 
 
-Erin
 
 
 

 

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 30 May 2014 - 11:04 AM

Greetings Erin,

You did everything perfectly. :) Don't worry about a delay unless it gets to about 3 days or so. No need to check in every day if you are busy.

The first thing we need to do is copy and paste the FRST program from C:\Users\Owner\Downloads to your desktop. What we want to do won't work unless we do that.

Please consider and complete the following for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD5AB1073-39FB-4384-AAB4-904BCB7A9792&q={searchTerms}&SSPV=SE1CG2_sp_ie
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\SHSetup.exe
Task: {34636674-C610-429C-ABE1-36D60E8FEAC4} - System32\Tasks\Updater32912.exe => C:\Users\Owner\AppData\Local\Updater32912\Updater32912.exe <==== ATTENTION
C:\Users\Owner\AppData\Local\Updater32912\Updater32912.exe
C:\Windows\System32\Tasks\Updater32912.exe
Task: {70CF8754-1E92-4456-836C-47FD290A346A} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uploading Minidump File

--------------------
  • Using Windows Explorer please navigate to the following locations:

C:\Windows\Minidump\052714-41855-01.dmp
C:\Windows\Minidump\042814-22838-01.dmp

  • Zip the file
  • Upload the files here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Uploaded Minidump files
  • What issues are you currently experiencing?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 31 May 2014 - 12:08 AM

Thanks so much! Yeah, it definitely won't be 3 days between hearing from me. Oh, and I was afraid it would be from the torrent sites, so I will be uninstalling that. I just am not going to really touch anything on this computer until you and I are all done. With my luck, I would somehow find a way to mess it up even more. 

 

Fixlog.txt: 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by Owner at 2014-05-30 22:32:07 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\SHSetup.exe
Task: {34636674-C610-429C-ABE1-36D60E8FEAC4} - System32\Tasks\Updater32912.exe => C:\Users\Owner\AppData\Local\Updater32912\Updater32912.exe <==== ATTENTION
C:\Users\Owner\AppData\Local\Updater32912\Updater32912.exe
C:\Windows\System32\Tasks\Updater32912.exe
Task: {70CF8754-1E92-4456-836C-47FD290A346A} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
AppMgmt => Service deleted successfully.
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SHSetup.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34636674-C610-429C-ABE1-36D60E8FEAC4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34636674-C610-429C-ABE1-36D60E8FEAC4} => Key deleted successfully.
C:\Windows\System32\Tasks\Updater32912.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater32912.exe => Key deleted successfully.
"C:\Users\Owner\AppData\Local\Updater32912\Updater32912.exe" => File/Directory not found.
"C:\Windows\System32\Tasks\Updater32912.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70CF8754-1E92-4456-836C-47FD290A346A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70CF8754-1E92-4456-836C-47FD290A346A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
C:\ProgramData\TEMP => ":302ECBD6" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":A1D3FEF0" ADS removed successfully.
 

 

==== End of Fixlog ====
 
Now, I'm having trouble zipping the minidump files. When I go to compress them, it says "File not found or no read permission" on both of them. I tried just attaching it without compressing it and it says I don't have permission to view the file. Then it says to contact the owner or the administrator to obtain permission. I'm not currently experiencing any problems that I've noticed except for the fact that my computer still isn't acknowledging daylight savings time and it won't let me change it. 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 31 May 2014 - 08:55 AM

We will get to the date/time issue. Please attempt to upload the minidump file here. I will be automatically notified when it arrives.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 31 May 2014 - 10:53 AM

Oh, ok. No rush on the date/time. I was just letting you know that was the only issue I was currently experiencing. My computer hasn't shut down on me again since you responded to me originally. When I go to the link you provide and try to upload through there, it says "You do not have permission to open this file. Contact the file owner or administrator for permission."



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 31 May 2014 - 07:56 PM

Thanks,

Please do this and then attempt to either attach the file or upload them.

===================================================

GrantPerms by Farbar

--------------------
  • Download Grantperms (32 bit systems) or Grantperms64 (64 bit systems) and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\Windows\Minidump\052714-41855-01.dmp
C:\Windows\Minidump\042814-22838-01.dmp

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document.
  • A copy of Perms.txt will be saved in the same directory the tool is run.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Perms.txt
  • Uploaded files

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 June 2014 - 03:24 AM

Thanks, that worked! Here you go! :)

 

This is the perms.txt:

 

GrantPerms by Farbar 
Ran by Owner (administrator) at 2014-06-02 02:19:31
 
===============================================
\\?\C:\Windows\Minidump\052714-41855-01.dmp
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (NI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (NI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (NI)
 
 
\\?\C:\Windows\Minidump\042814-22838-01.dmp
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (NI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (NI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (NI)
 
 
 
================ End Of List ================
 
 

Attached Files



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 02 June 2014 - 08:39 AM

Greetings Erin, 

Thanks, that worked!

:thumbsup2:

One of the crash reports is pointing to a memory corruption. That doesn't mean your memory is bad but we need to target that possibility and determine one way or another if that is an issue. And since we are poking around I also want to check the file the second crash report was identifying to make sure it is OK. Sometimes quirks happen and it just might be one of those things but I really want to make sure things are good. Once we resolve these 2 issues we will take a look at your clock.

Please do these things for me.

===================================================

Testing Computer Memory Using MemTest86+

--------------------

  • Download the latest version of MemTest86+ Windows Images: Image for creating boot-able CD , and and save it to your desktop
  • Right click on the folder and select Extract All...
  • Select Next, Next, then Finish
  • Burn the image file to a CD, as an image file. If you're unsure how to do this, see the How to Burn an ISO File tutorial.
  • Put your CD in the drive and configure your machine to boot to the CD. This is different on all machines, but it's usually by pressing F12 or F10 as your system boots, and selecting either "CDROM" or your cdrom drive.
  • If you've done it correctly, MemTest86+ will start to run automaticly, as shown below:

memtestStart.png

  • If you want to be reasonably your RAM is OK, then allow MemTest to run until you see this message:

memtestFinished.png

  • On the other hand, if you want to be completely sure your RAM is OK, allow MemTest to run overnight. Memtest will run forever until power is pulled on the machine.
  • Check the MemTest screen for any reported errors. Errors will appear as RED warnings at the bottom of the screen, similar to the following screenshot:

memtestFail.png

  • Press the reset button on the computer, removing the MemTest disk in the process
  • Report the results

===================================================

SystemLook by jpshortstuff

--------------------

  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
pci.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Memtest results
  • SystemLook log
  • Any issues other than the clock?

Edited by Oh My, 02 June 2014 - 09:07 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 therrrn

therrrn
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 04 June 2014 - 03:09 AM

I am in the process of moving right now and am checked in to a hotel with everything I own stuffed in to my car except the clothes I need over the next week. I have CD's but I have no idea where they are, so I will go tomorrow an buy a a blank cd. Also, there are some instructions that I am slightly confused about, but that could just be because I'm exhausted and am not thinking clearly. I will reread tomorrow evening and will let you know if I have any questions. Thank you again so much and I will post tomorrow night either way.

 

-Erin 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,179 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 AM

Posted 04 June 2014 - 08:27 AM

Hi Erin,

Please feel free to take your time. Sounds like you have a lot going on and things are disrupted. I have lots of other logs to keep me busy!

I think I can provide you with instructions on how to run the test using a USB drive rather than a CD if you'd like.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users