Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop freezes during video play (online and offline)


  • This topic is locked This topic is locked
41 replies to this topic

#1 gabethegrape

gabethegrape

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 27 May 2014 - 09:11 AM

It started freezing during video play during movies watched on VLC player (yellow band across the scurbber). Now it happens when watching almost any video on or offline. Here is my HijackThis log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:07:58 AM, on 5/27/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Gabe\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Gabe\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7897 bytes

 

Speccy log:

 

http://speccy.piriform.com/results/fyVOTMhjruFDESqr1UuZNK3

 

Minitoolbox log:
 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Gabe (administrator) on 27-05-2014 at 07:32:23
Running from "C:\Users\Gabe\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/27/2014 07:03:56 AM) (Source: MsiInstaller) (User: Romina-PC)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2931368' could not be installed. Error code 1603. Additional information is available in the log file C:\Users\Gabe\AppData\Local\Temp\KB2931368_20140527_065937165-Microsoft .NET Framework 4.5.1-MSP0.txt.

Error: (05/27/2014 07:03:10 AM) (Source: MsiInstaller) (User: Romina-PC)
Description: Product: Microsoft .NET Framework 4.5.1 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2330. The arguments are: 1117, C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a,

Error: (05/27/2014 06:59:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
The request could not be performed because of an I/O device error.
.

Error: (05/27/2014 06:58:45 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
The request could not be performed because of an I/O device error.
.

Error: (05/27/2014 03:06:08 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2931368' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2931368_20140527_030145723-Microsoft .NET Framework 4.5.1-MSP0.txt.

Error: (05/27/2014 03:05:28 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2330. The arguments are: 1117, C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a,

Error: (05/27/2014 03:01:36 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
The request could not be performed because of an I/O device error.
.

Error: (05/27/2014 03:00:56 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
The request could not be performed because of an I/O device error.
.

Error: (05/26/2014 11:31:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9735

Error: (05/26/2014 11:31:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9735


System errors:
=============
Error: (05/27/2014 07:04:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5 and 4.5.1 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2931368).

Error: (05/27/2014 07:03:16 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/27/2014 07:03:16 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/27/2014 07:03:16 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/27/2014 07:03:16 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/27/2014 07:03:16 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/27/2014 07:03:16 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/27/2014 07:03:16 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/27/2014 07:03:16 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/27/2014 06:58:05 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (05/27/2014 07:03:56 AM) (Source: MsiInstaller)(User: Romina-PC)
Description: Microsoft .NET Framework 4.5.1KB29313681603C:\Users\Gabe\AppData\Local\Temp\KB2931368_20140527_065937165-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)

Error: (05/27/2014 07:03:10 AM) (Source: MsiInstaller)(User: Romina-PC)
Description: Product: Microsoft .NET Framework 4.5.1 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2330. The arguments are: 1117, C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/27/2014 06:59:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
The request could not be performed because of an I/O device error.

Error: (05/27/2014 06:58:45 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
The request could not be performed because of an I/O device error.

Error: (05/27/2014 03:06:08 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB29313681603C:\Windows\TEMP\KB2931368_20140527_030145723-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)

Error: (05/27/2014 03:05:28 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2330. The arguments are: 1117, C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a, (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/27/2014 03:01:36 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
The request could not be performed because of an I/O device error.

Error: (05/27/2014 03:00:56 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
TraverseDir : Unable to FindFirstFile.

System Error:
The request could not be performed because of an I/O device error.

Error: (05/26/2014 11:31:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9735

Error: (05/26/2014 11:31:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9735


=========================== Installed Programs ============================

7-Zip 9.20
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe Acrobat  8 Standard - English, Français, Deutsch (Version: 8.1.0)
Adobe Acrobat 8.1.0 Standard (Version: 8.1.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 13 Plugin (Version: 13.0.0.214)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Apple Application Support (Version: 3.0)
Apple Mobile Device Support (Version: 7.1.0.32)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.1
Canon MX860 series MP Drivers
CCleaner (Version: 3.24)
Cucusoft DVD to iPod Converter 7.22
Cucusoft Ultimate DVD + Video Converter Suite 8.3.8.3
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (Version: 2.6.33)
Epson Print CD (Version: 2.00.00)
EPSON Printer Software
ESET Online Scanner v3
FBReader for Windows
FreeMind (Version: 1.0.0)
GIMP 2.8.2 (Version: 2.8.2)
Git version 1.9.0-preview20140217 (Version: 1.9.0-preview20140217)
Google Chrome (Version: 33.0.1750.154)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Intel® TV Wizard
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (Version: 14.0.6123.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 29.0.1 (x86 en-US) (Version: 29.0.1)
Mozilla Maintenance Service (Version: 29.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Notepad++ (Version: 6.3.2)
Oracle VM VirtualBox 4.0.22 (Version: 4.0.22)
PowerDirector
Python 2.7.3 (Version: 2.7.3150)
qBittorrent 3.1.4 (Version: 3.1.4)
QuickTime 7 (Version: 7.75.80.95)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Ruby 2.0.0-p451 (Version: 2.0.0-p451)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.14 (Version: 6.14.104)
Speccy (Version: 1.26)
Sublime Text 2.0.2
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Vagrant (Version: 1.4.3)
VLC media player 2.1.3 (Version: 2.1.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Work Conditioning Toolkit (Version: 1.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3030.86 MB
Available physical RAM: 1760.02 MB
Total Pagefile: 6060.01 MB
Available Pagefile: 4691.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.57 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:218.2 GB) (Free:78.57 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.12 GB) NTFS

========================= Users: ========================================

User accounts for \\ROMINA-PC

Administrator            Gabe                     Guest                    
Romina                   

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

 

 

 

 

Please advise!

 

Thank you so much.


Edited by hamluis, 27 May 2014 - 09:35 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 01 June 2014 - 09:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/535702 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gabethegrape

gabethegrape
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 04 June 2014 - 01:27 AM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Gabe at 23:19:53 on 2014-06-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3031.2168 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 64.59.144.92 64.59.150.138
TCP: Interfaces\{1880AECA-9B6D-4593-8D9F-B38F29019371} : DHCPNameServer = 64.59.144.92 64.59.150.138
TCP: Interfaces\{3D227106-4282-48C6-BF85-60A162EDF434} : DHCPNameServer = 64.59.144.92 64.59.150.138
TCP: Interfaces\{3D227106-4282-48C6-BF85-60A162EDF434}\35861677F40756E6 : DHCPNameServer = 10.63.8.194 10.63.8.195
TCP: Interfaces\{3D227106-4282-48C6-BF85-60A162EDF434}\45F6B697F602A4F686E6023557378696 : DHCPNameServer = 64.59.144.90 64.59.150.136 192.168.1.1
TCP: Interfaces\{3D227106-4282-48C6-BF85-60A162EDF434}\74162656 : DHCPNameServer = 64.71.255.205 64.71.255.253
TCP: Interfaces\{3D227106-4282-48C6-BF85-60A162EDF434}\751667563734F666665656 : DHCPNameServer = 64.59.144.90 64.59.150.136
TCP: Interfaces\{936776E4-7BAC-48F3-8E4B-5D6D9D1DC93B} : DHCPNameServer = 64.71.255.205 64.71.255.253
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gabe\appdata\roaming\mozilla\firefox\profiles\ntp9ft3c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gabe\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2009-10-9 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2009-10-9 1214848]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2009-10-9 1217152]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-29 108032]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-26 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
.
=============== Created Last 30 ================
.
2014-06-03 04:36:27 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fd1b0401-62a3-4d19-910d-9e0aad1d4010}\mpengine.dll
2014-06-02 06:14:58 -------- d-----w- C:\b3c11e0370ef1fe826c4a402
2014-06-01 14:45:30 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-06-01 07:36:44 -------- d-----w- C:\e9bc0ed0d63aa60ca8ed
2014-05-31 06:50:43 -------- d-----w- C:\95be74a452c0b369022a6559165b
2014-05-27 14:48:05 -------- d-----w- c:\windows\ERUNT
2014-05-27 14:34:38 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-27 14:33:34 -------- d-----w- C:\AdwCleaner
2014-05-27 14:30:04 -------- d-----w- c:\program files\Speccy
2014-05-27 13:59:30 -------- d-----w- C:\b9c1a5e6bd7495463f6b
2014-05-27 10:01:40 -------- d-----w- C:\d8a2808f2b47dee9be
2014-05-26 10:02:37 -------- d-----w- C:\27b969e950dd659e1c68791a21b6aa8b
2014-05-25 10:12:31 -------- d-----w- C:\9d16425afbe89d322578bcf75f74
2014-05-25 10:02:00 -------- d-----w- C:\b3166f921e0b969b2ce6d8bc
2014-05-24 14:47:11 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6512225-1350-443b-8a4a-e44d5e491df8}\gapaengine.dll
2014-05-24 10:01:40 -------- d-----w- C:\1f46921884f0e7b9427aba4efefc8ee1
2014-05-23 10:01:38 -------- d-----w- C:\605a70a9b8af297c45
2014-05-22 10:02:19 -------- d-----w- C:\d965b13eab0feb5ee1bc
2014-05-21 10:01:43 -------- d-----w- C:\f3ffe93638220c4211b2b944
2014-05-20 02:16:24 -------- d-----w- C:\066d2a8d13a4c3719323f61bc5e97a
2014-05-19 10:02:50 -------- d-----w- C:\d0db5a2f1001f63ce9
2014-05-18 10:03:15 -------- d-----w- C:\e351b3786dd6a8fbcfd5fb72
2014-05-17 10:01:44 -------- d-----w- C:\3cb51b0fdc57b0a9e154d63119
2014-05-16 17:54:10 -------- d-----w- C:\7ca8d9d13fccc067dcc278f830
2014-05-16 10:02:07 -------- d-----w- C:\a57edc174077a1fe7236ff9cdece
2014-05-15 10:03:54 -------- d-----w- C:\cf4b6c0e3a11a8e4db8815a0d84569ef
2014-05-15 10:02:05 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-07 06:39:52 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-07 04:03:39 -------- d-----w- c:\users\gabe\appdata\roaming\DropboxMaster
.
==================== Find3M  ====================
.
2014-05-25 15:43:42 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-25 15:43:41 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-09 07:06:23 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04:12 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-15 09:34:10 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-03-11 16:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 23:25:32.82 ===============


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 07 June 2014 - 12:10 PM

Greetings gabethegrape and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 gabethegrape

gabethegrape
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 08 June 2014 - 09:50 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by Gabe (administrator) on ROMINA-PC on 08-06-2014 07:46:00
Running from C:\Users\Gabe\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EFC19EBF8B6CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {83F47F75-B8A7-4888-8628-C79ECE493A28} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.92 64.59.150.138
 
FireFox:
========
FF ProfilePath: C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\ntp9ft3c.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gabe\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gabe\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.ca/
CHR StartupUrls: "hxxp://www.google.ca/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Google Update) - C:\Users\Gabe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (SEOquake) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2013-12-16]
CHR Extension: (Discover DevTools Companion) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\angkfkebojeancgemegoedelbnjgcgme [2013-12-16]
CHR Extension: (TechSmith Snagit (Extension)) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\annopcfmbiofommjmcmcfmhklhgbhkce [2014-03-30]
CHR Extension: (Google Drive) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-16]
CHR Extension: (JSON Formatter) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2014-01-17]
CHR Extension: (Music Visualizer Button) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\befnabfghcghgpmkjoalbecphdgdmick [2013-12-16]
CHR Extension: (Gliffy Diagrams) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-06-07]
CHR Extension: (YouTube) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
CHR Extension: (REST Console) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2013-12-30]
CHR Extension: (Google Search) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
CHR Extension: (Clear Cache) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2014-06-05]
CHR Extension: (Speechify) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dalapoeljdklkcfjkecafidnojkfpohn [2012-09-27]
CHR Extension: (MozBar) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2013-12-16]
CHR Extension: (Video Downloader professional) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-04-28]
CHR Extension: (GIMP on rollApp) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eodhmnkhmnkmimhckfpkgmbmcgjkaddo [2013-12-16]
CHR Extension: (TechSmith Snagit) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnghgbgmemnlbckdipnmelbanpgneik [2014-03-30]
CHR Extension: (MindMap) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdaeohpmcenmffofpikllphdhlkkocfa [2013-12-16]
CHR Extension: (AdBlock) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-16]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2013-12-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-13]
CHR Extension: (Rapportive) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2013-12-16]
CHR Extension: (Vector Paint) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo [2013-12-16]
CHR Extension: (goo.gl URL Shortener) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2013-12-16]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-12-16]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2012-09-27]
CHR Extension: (English dictionary translate pronunciation) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\neomigpibafpboiknmijddgnncengfnm [2012-09-27]
CHR Extension: (Google Wallet) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Readability) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2013-12-16]
CHR Extension: (SpeakIt!) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2013-12-16]
CHR Extension: (Gmail) - C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
CHR StartMenuInternet: Google Chrome - C:\Users\Gabe\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S4 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [28928 2009-10-09] (Hauppauge Computer Works, Inc.)
S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1214848 2009-10-09] (Hauppauge Computer Works, Inc.)
S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1217152 2009-10-09] (Hauppauge Computer Works, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2003-07-01] (Padus, Inc.)
S3 lgmdbus; system32\DRIVERS\lgmdbus.sys [X]
S3 lgmdmdfl; system32\DRIVERS\lgmdmdfl.sys [X]
S3 lgmdmdm; system32\DRIVERS\lgmdmdm.sys [X]
S3 lgmdmgmt; system32\DRIVERS\lgmdmgmt.sys [X]
S3 lgmdobex; system32\DRIVERS\lgmdobex.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-08 07:46 - 2014-06-08 07:46 - 00016104 _____ () C:\Users\Gabe\Downloads\FRST.txt
2014-06-08 07:45 - 2014-06-08 07:46 - 00000000 ____D () C:\FRST
2014-06-08 07:44 - 2014-06-08 07:44 - 01063424 _____ (Farbar) C:\Users\Gabe\Downloads\FRST.exe
2014-06-08 03:01 - 2014-06-08 03:07 - 00000000 ____D () C:\f499a068461df62f0783e17d91
2014-06-07 01:17 - 2014-06-07 01:21 - 00000000 ____D () C:\ef9889f5a518a0a80ea1cc2a5e7fa6d6
2014-06-06 03:01 - 2014-06-06 03:06 - 00000000 ____D () C:\f3210d81612835d57776e73a
2014-06-05 03:01 - 2014-06-05 03:06 - 00000000 ____D () C:\979161f66ed72b9fb53bba07db321031
2014-06-03 23:25 - 2014-06-03 23:25 - 00014360 _____ () C:\Users\Gabe\Desktop\dds.txt
2014-06-03 23:25 - 2014-06-03 23:25 - 00010928 _____ () C:\Users\Gabe\Desktop\attach.txt
2014-06-03 23:13 - 2014-06-03 23:14 - 00688992 ____R (Swearware) C:\Users\Gabe\Downloads\dds.com
2014-06-01 23:14 - 2014-06-01 23:19 - 00000000 ____D () C:\b3c11e0370ef1fe826c4a402
2014-06-01 00:36 - 2014-06-01 00:41 - 00000000 ____D () C:\e9bc0ed0d63aa60ca8ed
2014-05-31 07:48 - 2014-05-31 07:49 - 00152912 _____ () C:\Windows\Minidump\053114-19375-01.dmp
2014-05-30 23:50 - 2014-05-31 07:42 - 00000000 ____D () C:\95be74a452c0b369022a6559165b
2014-05-27 07:48 - 2014-05-27 07:48 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 07:39 - 2014-05-27 07:39 - 00000310 _____ () C:\Windows\PFRO.log
2014-05-27 07:34 - 2014-05-27 07:35 - 01016261 _____ (Thisisu) C:\Users\Gabe\Downloads\JRT.exe
2014-05-27 07:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-27 07:33 - 2014-05-27 07:38 - 00000000 ____D () C:\AdwCleaner
2014-05-27 07:32 - 2014-05-27 07:32 - 00015014 _____ () C:\Users\Gabe\Downloads\Result.txt
2014-05-27 07:30 - 2014-05-27 07:30 - 00000000 ____D () C:\Program Files\Speccy
2014-05-27 07:29 - 2014-05-27 07:30 - 01327971 _____ () C:\Users\Gabe\Downloads\AdwCleaner.exe
2014-05-27 07:28 - 2014-05-27 07:28 - 00982016 _____ (Farbar) C:\Users\Gabe\Downloads\MiniToolBox.exe
2014-05-27 07:26 - 2014-05-27 07:29 - 04890736 _____ (Piriform Ltd) C:\Users\Gabe\Downloads\spsetup126.exe
2014-05-27 07:07 - 2014-05-27 07:07 - 00007898 _____ () C:\Users\Gabe\Downloads\hijackthis.log
2014-05-27 07:06 - 2014-05-27 07:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabe\Downloads\HijackThis.exe
2014-05-27 06:59 - 2014-05-27 07:04 - 00000000 ____D () C:\b9c1a5e6bd7495463f6b
2014-05-27 03:01 - 2014-05-27 03:06 - 00000000 ____D () C:\d8a2808f2b47dee9be
2014-05-26 03:02 - 2014-05-26 03:07 - 00000000 ____D () C:\27b969e950dd659e1c68791a21b6aa8b
2014-05-25 03:12 - 2014-05-25 03:18 - 00000000 ____D () C:\9d16425afbe89d322578bcf75f74
2014-05-25 03:06 - 2014-05-31 07:48 - 300218930 _____ () C:\Windows\MEMORY.DMP
2014-05-25 03:06 - 2014-05-25 03:06 - 00153008 _____ () C:\Windows\Minidump\052514-22651-01.dmp
2014-05-25 03:02 - 2014-05-25 03:02 - 00000000 ____D () C:\b3166f921e0b969b2ce6d8bc
2014-05-24 03:01 - 2014-05-24 03:07 - 00000000 ____D () C:\1f46921884f0e7b9427aba4efefc8ee1
2014-05-23 03:01 - 2014-05-23 03:06 - 00000000 ____D () C:\605a70a9b8af297c45
2014-05-22 03:02 - 2014-05-22 03:06 - 00000000 ____D () C:\d965b13eab0feb5ee1bc
2014-05-21 03:01 - 2014-05-21 03:06 - 00000000 ____D () C:\f3ffe93638220c4211b2b944
2014-05-19 21:47 - 2014-05-19 21:47 - 00002792 _____ () C:\Users\Gabe\AppData\Local\recently-used.xbel
2014-05-19 21:46 - 2014-05-19 21:46 - 00612103 _____ () C:\Users\Gabe\Downloads\FinalVectorKourush.zip
2014-05-19 19:25 - 2014-05-19 19:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-19 19:16 - 2014-05-19 19:22 - 00000000 ____D () C:\066d2a8d13a4c3719323f61bc5e97a
2014-05-19 03:02 - 2014-05-19 03:09 - 00000000 ____D () C:\d0db5a2f1001f63ce9
2014-05-18 03:03 - 2014-05-18 03:08 - 00000000 ____D () C:\e351b3786dd6a8fbcfd5fb72
2014-05-17 03:01 - 2014-05-17 03:06 - 00000000 ____D () C:\3cb51b0fdc57b0a9e154d63119
2014-05-16 10:54 - 2014-05-16 10:59 - 00000000 ____D () C:\7ca8d9d13fccc067dcc278f830
2014-05-16 03:02 - 2014-05-16 03:07 - 00000000 ____D () C:\a57edc174077a1fe7236ff9cdece
2014-05-15 03:14 - 2014-05-15 03:14 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 03:03 - 2014-05-15 03:08 - 00000000 ____D () C:\cf4b6c0e3a11a8e4db8815a0d84569ef
2014-05-15 03:02 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:02 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:02 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 07:53 - 2014-05-09 00:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 07:53 - 2014-05-09 00:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 07:53 - 2014-04-11 19:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 07:53 - 2014-04-11 19:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 07:53 - 2014-04-11 19:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 07:53 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 07:53 - 2014-04-11 19:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 07:53 - 2014-04-11 19:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 07:53 - 2014-04-11 19:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 07:53 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 07:53 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 07:53 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 07:53 - 2014-03-04 02:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 07:53 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 07:52 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
 
==================== One Month Modified Files and Folders =======
 
2014-06-08 07:46 - 2014-06-08 07:46 - 00016104 _____ () C:\Users\Gabe\Downloads\FRST.txt
2014-06-08 07:46 - 2014-06-08 07:45 - 00000000 ____D () C:\FRST
2014-06-08 07:46 - 2011-12-09 21:56 - 00000000 ____D () C:\Users\Gabe\AppData\Local\Temp
2014-06-08 07:44 - 2014-06-08 07:44 - 01063424 _____ (Farbar) C:\Users\Gabe\Downloads\FRST.exe
2014-06-08 07:05 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-08 06:41 - 2014-04-28 06:37 - 00014728 _____ () C:\Windows\setupact.log
2014-06-08 06:41 - 2009-12-29 17:41 - 01746994 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 03:07 - 2014-06-08 03:01 - 00000000 ____D () C:\f499a068461df62f0783e17d91
2014-06-07 10:09 - 2013-12-17 08:30 - 00000000 ____D () C:\Users\Gabe\AppData\Roaming\vlc
2014-06-07 07:41 - 2009-07-13 21:34 - 00013776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 07:41 - 2009-07-13 21:34 - 00013776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 07:34 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 01:21 - 2014-06-07 01:17 - 00000000 ____D () C:\ef9889f5a518a0a80ea1cc2a5e7fa6d6
2014-06-06 03:06 - 2014-06-06 03:01 - 00000000 ____D () C:\f3210d81612835d57776e73a
2014-06-05 03:06 - 2014-06-05 03:01 - 00000000 ____D () C:\979161f66ed72b9fb53bba07db321031
2014-06-03 23:25 - 2014-06-03 23:25 - 00014360 _____ () C:\Users\Gabe\Desktop\dds.txt
2014-06-03 23:25 - 2014-06-03 23:25 - 00010928 _____ () C:\Users\Gabe\Desktop\attach.txt
2014-06-03 23:14 - 2014-06-03 23:13 - 00688992 ____R (Swearware) C:\Users\Gabe\Downloads\dds.com
2014-06-01 23:19 - 2014-06-01 23:14 - 00000000 ____D () C:\b3c11e0370ef1fe826c4a402
2014-06-01 00:41 - 2014-06-01 00:36 - 00000000 ____D () C:\e9bc0ed0d63aa60ca8ed
2014-05-31 07:49 - 2014-05-31 07:48 - 00152912 _____ () C:\Windows\Minidump\053114-19375-01.dmp
2014-05-31 07:48 - 2014-05-25 03:06 - 300218930 _____ () C:\Windows\MEMORY.DMP
2014-05-31 07:48 - 2010-02-08 17:49 - 00000000 ____D () C:\Windows\Minidump
2014-05-31 07:42 - 2014-05-30 23:50 - 00000000 ____D () C:\95be74a452c0b369022a6559165b
2014-05-30 11:49 - 2013-12-28 12:46 - 00000000 ___RD () C:\Users\Gabe\Dropbox
2014-05-30 11:49 - 2013-12-28 12:43 - 00000000 ____D () C:\Users\Gabe\AppData\Roaming\Dropbox
2014-05-28 17:36 - 2014-05-06 21:03 - 00000000 ____D () C:\Users\Gabe\AppData\Roaming\DropboxMaster
2014-05-28 17:34 - 2013-12-28 12:46 - 00001015 _____ () C:\Users\Gabe\Desktop\Dropbox.lnk
2014-05-28 17:34 - 2013-12-28 12:45 - 00000000 ____D () C:\Users\Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 07:48 - 2014-05-27 07:48 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 07:39 - 2014-05-27 07:39 - 00000310 _____ () C:\Windows\PFRO.log
2014-05-27 07:39 - 2012-04-09 21:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 07:38 - 2014-05-27 07:33 - 00000000 ____D () C:\AdwCleaner
2014-05-27 07:35 - 2014-05-27 07:34 - 01016261 _____ (Thisisu) C:\Users\Gabe\Downloads\JRT.exe
2014-05-27 07:32 - 2014-05-27 07:32 - 00015014 _____ () C:\Users\Gabe\Downloads\Result.txt
2014-05-27 07:30 - 2014-05-27 07:30 - 00000000 ____D () C:\Program Files\Speccy
2014-05-27 07:30 - 2014-05-27 07:29 - 01327971 _____ () C:\Users\Gabe\Downloads\AdwCleaner.exe
2014-05-27 07:29 - 2014-05-27 07:26 - 04890736 _____ (Piriform Ltd) C:\Users\Gabe\Downloads\spsetup126.exe
2014-05-27 07:28 - 2014-05-27 07:28 - 00982016 _____ (Farbar) C:\Users\Gabe\Downloads\MiniToolBox.exe
2014-05-27 07:07 - 2014-05-27 07:07 - 00007898 _____ () C:\Users\Gabe\Downloads\hijackthis.log
2014-05-27 07:06 - 2014-05-27 07:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabe\Downloads\HijackThis.exe
2014-05-27 07:04 - 2014-05-27 06:59 - 00000000 ____D () C:\b9c1a5e6bd7495463f6b
2014-05-27 03:06 - 2014-05-27 03:01 - 00000000 ____D () C:\d8a2808f2b47dee9be
2014-05-26 03:07 - 2014-05-26 03:02 - 00000000 ____D () C:\27b969e950dd659e1c68791a21b6aa8b
2014-05-25 17:05 - 2014-03-01 08:20 - 00000000 ____D () C:\Users\Gabe\AppData\Roaming\Skype
2014-05-25 08:43 - 2012-04-09 21:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-25 08:43 - 2011-05-14 19:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-25 08:42 - 2011-12-09 21:56 - 00000000 ____D () C:\Users\Gabe
2014-05-25 03:18 - 2014-05-25 03:12 - 00000000 ____D () C:\9d16425afbe89d322578bcf75f74
2014-05-25 03:06 - 2014-05-25 03:06 - 00153008 _____ () C:\Windows\Minidump\052514-22651-01.dmp
2014-05-25 03:06 - 2013-06-17 17:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-25 03:02 - 2014-05-25 03:02 - 00000000 ____D () C:\b3166f921e0b969b2ce6d8bc
2014-05-24 03:07 - 2014-05-24 03:01 - 00000000 ____D () C:\1f46921884f0e7b9427aba4efefc8ee1
2014-05-23 03:06 - 2014-05-23 03:01 - 00000000 ____D () C:\605a70a9b8af297c45
2014-05-22 03:06 - 2014-05-22 03:02 - 00000000 ____D () C:\d965b13eab0feb5ee1bc
2014-05-21 03:06 - 2014-05-21 03:01 - 00000000 ____D () C:\f3ffe93638220c4211b2b944
2014-05-19 21:47 - 2014-05-19 21:47 - 00002792 _____ () C:\Users\Gabe\AppData\Local\recently-used.xbel
2014-05-19 21:47 - 2012-09-17 10:26 - 00000000 ____D () C:\Users\Gabe\.gimp-2.8
2014-05-19 21:46 - 2014-05-19 21:46 - 00612103 _____ () C:\Users\Gabe\Downloads\FinalVectorKourush.zip
2014-05-19 19:25 - 2014-05-19 19:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-19 19:22 - 2014-05-19 19:16 - 00000000 ____D () C:\066d2a8d13a4c3719323f61bc5e97a
2014-05-19 19:21 - 2014-04-29 22:37 - 00007604 _____ () C:\Users\Gabe\AppData\Local\Resmon.ResmonCfg
2014-05-19 08:38 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-05-19 03:09 - 2014-05-19 03:02 - 00000000 ____D () C:\d0db5a2f1001f63ce9
2014-05-18 03:08 - 2014-05-18 03:03 - 00000000 ____D () C:\e351b3786dd6a8fbcfd5fb72
2014-05-17 03:06 - 2014-05-17 03:01 - 00000000 ____D () C:\3cb51b0fdc57b0a9e154d63119
2014-05-16 10:59 - 2014-05-16 10:54 - 00000000 ____D () C:\7ca8d9d13fccc067dcc278f830
2014-05-16 03:07 - 2014-05-16 03:02 - 00000000 ____D () C:\a57edc174077a1fe7236ff9cdece
2014-05-15 15:04 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 03:34 - 2014-05-06 23:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:19 - 2009-12-30 20:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:14 - 2014-05-15 03:14 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 03:14 - 2013-08-15 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:08 - 2014-05-15 03:03 - 00000000 ____D () C:\cf4b6c0e3a11a8e4db8815a0d84569ef
2014-05-15 03:08 - 2009-12-30 19:29 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-09 00:06 - 2014-05-14 07:53 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 00:04 - 2014-05-14 07:53 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 
Some content of TEMP:
====================
C:\Users\Gabe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvnexs.dll
C:\Users\Gabe\AppData\Local\Temp\Quarantine.exe
C:\Users\Gabe\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-06-08 00:40
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by Gabe at 2014-06-08 07:46:56
Running from C:\Users\Gabe\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat  8 Standard - English, Français, Deutsch (Version: 8.1.0 - Adobe Systems) Hidden
Adobe Acrobat 8.1.0 Standard (HKLM\...\Adobe Acrobat  8 Standard - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.1 (HKLM\...\MP Navigator EX 2.1) (Version:  - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Cucusoft DVD to iPod Converter 7.22 (HKLM\...\Cucusoft DVD to iPod Converter_is1) (Version:  - Cucusoft, Inc.)
Cucusoft Ultimate DVD + Video Converter Suite 8.3.8.3 (HKLM\...\Cucusoft Ultimate DVD + Video Converter Suite_is1) (Version:  - Cucusoft, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Git version 1.9.0-preview20140217 (HKLM\...\Git_is1) (Version: 1.9.0-preview20140217 - The Git Development Community)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
Oracle VM VirtualBox 4.0.22 (HKLM\...\{82A71023-4BA0-4EB1-A1CF-5DB5E537F5D7}) (Version: 4.0.22 - Oracle Corporation)
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version:  - )
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.1.4 (HKLM\...\qbittorrent) (Version: 3.1.4 - The qBittorrent project)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Ruby 2.0.0-p451 (HKCU\...\{ABAA9781-845A-43CC-BABA-76CB580FE35D}_is1) (Version: 2.0.0-p451 - RubyInstaller Team)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Vagrant (HKLM\...\{EF413BFE-2501-4193-920A-22DECAADF751}) (Version: 1.4.3 - HashiCorp)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Work Conditioning Toolkit (HKLM\...\{91CA20BE-F7E0-4C58-88E7-970F7083C0B5}) (Version: 1.0.0 - RehabCalcs)
 
==================== Restore Points  =========================
 
07-06-2014 08:16:26 Windows Update
08-06-2014 10:01:13 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 19:04 - 2013-12-28 09:16 - 00616110 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1506D346-035C-4A0E-8AC1-175EDBBE3089} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2236863942-700609166-4167345211-1000Core => C:\Users\Romina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09] (Google Inc.)
Task: {285DB00A-75DA-460E-B5AE-9B10819023D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {47AF89F6-E2E3-4190-9589-586191A7D172} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2236863942-700609166-4167345211-1000UA => C:\Users\Romina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09] (Google Inc.)
Task: {49836115-A356-44A9-904A-3B9E4016CA2B} - System32\Tasks\4795 => Wscript.exe C:\Users\Romina\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {62A6FFB1-BFD7-4FF7-A030-417485DF5752} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-25] (Adobe Systems Incorporated)
Task: {70E31EF2-4A9F-4BB8-8039-C5B058BCA5BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2236863942-700609166-4167345211-1003Core => C:\Users\Gabe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09] (Google Inc.)
Task: {96D6F613-B730-45B1-B1AF-3E69088B7339} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {AF062390-74D4-4053-8822-049E2C7256F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2236863942-700609166-4167345211-1003UA => C:\Users\Gabe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09] (Google Inc.)
Task: {DB101478-A961-43FD-81CF-37291A3A453C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2236863942-700609166-4167345211-1000Core.job => C:\Users\Romina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2236863942-700609166-4167345211-1000UA.job => C:\Users\Romina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2236863942-700609166-4167345211-1003Core.job => C:\Users\Gabe\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2236863942-700609166-4167345211-1003UA.job => C:\Users\Gabe\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-10-01 14:07 - 2011-08-16 21:07 - 00011264 _____ () C:\Windows\System32\KOAZCJ_L.DLL
2011-06-21 08:42 - 2011-06-21 08:42 - 00024064 _____ () C:\Windows\System32\sst3cl3.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-18 21:40 - 2014-03-14 17:50 - 00051016 _____ () C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-18 21:40 - 2014-03-14 17:50 - 00716616 _____ () C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-18 21:40 - 2014-03-14 17:50 - 00100168 _____ () C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-18 21:40 - 2014-03-14 17:50 - 04061000 _____ () C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-18 21:40 - 2014-03-14 17:50 - 00394568 _____ () C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-18 21:40 - 2014-03-14 17:50 - 01647432 _____ () C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-18 21:40 - 2014-03-14 17:50 - 13637448 _____ () C:\Users\Gabe\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Romina\.DS_Store:AFP_AfpInfo
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeActiveFileMonitor7.0 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^Gabe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EPSON Stylus Photo R220 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /FU "C:\Users\Romina\AppData\Local\Temp\E_S95F5.tmp" /EF "HKCU"
MSCONFIG\startupreg: Google Update => "C:\Users\Gabe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PowerDirector => C:\Windows\Temp\TPDIR\setup.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom NetLink ™ Gigabit Ethernet
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/08/2014 03:07:05 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 - Update 'KB2931368' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2931368_20140608_030235566-Microsoft .NET Framework 4.5.1-MSP0.txt.
 
Error: (06/08/2014 03:06:24 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2330. The arguments are: 1117, C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a,
 
Error: (06/08/2014 03:01:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
The request could not be performed because of an I/O device error.
.
 
Error: (06/08/2014 03:01:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
The request could not be performed because of an I/O device error.
.
 
Error: (06/07/2014 11:21:45 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (06/07/2014 10:41:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (06/07/2014 08:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2090
 
Error: (06/07/2014 08:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2090
 
Error: (06/07/2014 08:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/07/2014 08:31:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1076
 
 
System errors:
=============
Error: (06/08/2014 03:08:03 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (06/08/2014 03:08:03 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (06/08/2014 03:08:03 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (06/08/2014 03:08:03 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (06/08/2014 03:08:03 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (06/08/2014 03:08:03 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (06/08/2014 03:07:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5 and 4.5.1 on Windows 7, Windows Vista and Windows Server 2008 x86 (KB2931368).
 
Error: (06/08/2014 03:02:51 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (06/08/2014 03:02:51 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (06/08/2014 03:02:51 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
Microsoft Office Sessions:
=========================
Error: (06/08/2014 03:07:05 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.1KB29313681603C:\Windows\TEMP\KB2931368_20140608_030235566-Microsoft .NET Framework 4.5.1-MSP0.txt(NULL)(NULL)
 
Error: (06/08/2014 03:06:24 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.1 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2330. The arguments are: 1117, C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a, (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/08/2014 03:01:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
The request could not be performed because of an I/O device error.
 
Error: (06/08/2014 03:01:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
The request could not be performed because of an I/O device error.
 
Error: (06/07/2014 11:21:45 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (06/07/2014 10:41:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (06/07/2014 08:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2090
 
Error: (06/07/2014 08:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2090
 
Error: (06/07/2014 08:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/07/2014 08:31:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1076
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 57%
Total physical RAM: 3030.86 MB
Available physical RAM: 1284.72 MB
Total Pagefile: 6060.01 MB
Available Pagefile: 4078.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:218.2 GB) (Free:85.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 6F191570)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 08 June 2014 - 10:05 AM

Thanks for posting. I will be away from my computer for several hours but upon my return I will have some instructions for you after reviewing the System Summary report you may be able to post while I am gone.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 08 June 2014 - 01:57 PM

Greetings,

Thank you for your patience.

I would like you to run the following for me please. Also, please be sure to complete the System Summary step from my first post and attach the report.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM - DefaultScope value is missing.
Task: {49836115-A356-44A9-904A-3B9E4016CA2B} - System32\Tasks\4795 => Wscript.exe C:\Users\Romina\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\Romina\AppData\Local\Temp\launchie.vbs
Task: {96D6F613-B730-45B1-B1AF-3E69088B7339} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\Users\Romina\.DS_Store:AFP_AfpInfo
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached System Summary report
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 gabethegrape

gabethegrape
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 08 June 2014 - 02:47 PM

Thank you for helping me out :)
 
My computer runs mostly normally when doing basic word processing tasks or browsing the internet. However, when I watch movies (stored on local drive) the movie will pause and a yellow band runs across the scrubber. It takes about 40 to 50 seconds for the movie to resume play. Pretty much my entire CPU gets drained when this happens and I can't open any other programs until it has run its course. 
 
Please see attachments as requested.
 
Regards,
 
Gabe
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:06-06-2014
Ran by Gabe at 2014-06-08 12:39:37 Run:1
Running from C:\Users\Gabe\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
Task: {49836115-A356-44A9-904A-3B9E4016CA2B} - System32\Tasks\4795 => Wscript.exe C:\Users\Romina\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\Romina\AppData\Local\Temp\launchie.vbs
Task: {96D6F613-B730-45B1-B1AF-3E69088B7339} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\Users\Romina\.DS_Store:AFP_AfpInfo
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49836115-A356-44A9-904A-3B9E4016CA2B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49836115-A356-44A9-904A-3B9E4016CA2B}' => Key deleted successfully.
C:\Windows\System32\Tasks\4795 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4795' => Key deleted successfully.
"C:\Users\Romina\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96D6F613-B730-45B1-B1AF-3E69088B7339}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96D6F613-B730-45B1-B1AF-3E69088B7339}' => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0' => Key deleted successfully.
C:\Users\Romina\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
 
==== End of Fixlog ====


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 08 June 2014 - 03:00 PM

Thanks Gabe.

Can you tell me if you experience the same thing while in Safe Mode?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 gabethegrape

gabethegrape
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 08 June 2014 - 03:49 PM

It doesn't appear to happen when watching a movie in Safe mode. However, I had no audio and was unable to troubleshoot the problem.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 08 June 2014 - 04:11 PM

OK, we will concentrate on the video for right now but monitor the audio as well. Please do this.

===================================================

Using VGA Driver in Normal Mode

--------------------
  • Click Start, type msconfig, then hit Enter
  • Click the Boot tab
  • Place a check mark in Base video, then click OK
  • Restart your computer
  • Your screen resolution will look different as if it was in Safe Mode, that is normal
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • How is your video?
  • Do you have sound?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 gabethegrape

gabethegrape
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 08 June 2014 - 06:39 PM

The video still has the same problem as before - stalling while yellow band runs across the scrubber. the audio was working fine this time. 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 08 June 2014 - 06:44 PM

OK,

Now do this please.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items

2440069.png

  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • How is your video?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 gabethegrape

gabethegrape
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 08 June 2014 - 09:58 PM

Hi Gary, no change with last attempt.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:42 AM

Posted 08 June 2014 - 10:39 PM

Hi Gabe,

 

You can reverse the Clean Boot steps.

I have asked for the System Summary on a couple of occasions but you have yet to provide it. Are you having difficulty completing the task?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users