Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Run Tools or Update


  • This topic is locked This topic is locked
63 replies to this topic

#1 Pakhawaj

Pakhawaj

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 28 July 2014 - 02:51 PM

I started a thread here and was advised to make a new thread in this forum.

 

The problem is that I can't access the internet through most programs, including Windows Update and Ad-Aware. I can't update any definition for most programs (the only successful update I've had was using Notepad+) but I can access the internet through Firefox, though not Internet Explorer. I have no problem running any programs which don't need the internet to work.

 

I was advised by boopme to run the following programs: RKill, MiniToolBox, TDSSKiller, ADwCleaner, Junkware Removal Tool, ESET, winsockfix.bat, Farbar Service Scanner, Windows Repair and F-Secure. I could not run ESET or F-Secure due to my problem with programs accessing the internet.

 

Prior to my last thread, I had run the programs; Ad-Aware; Malware Bytes, RegClean Pro; Combofix; GMER

I haven't looked over the logs of the programs that boopme asked me to run, but it seems to me like a problem couldn't be found. Likewise with the programs I'd previously ran bar for RegClean Pro which did find some problems, but didn't fix my problem of programs accessing the internet.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 02 August 2014 - 02:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542545 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Pakhawaj

Pakhawaj
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 03 August 2014 - 04:58 AM

Hi, thank you for responding.

I'm still having issues with programs accessing the internet and would like some help solving my problem. Unfortunately, I'm away at the moment so I don't have access to my computer but I'll post the DDS logs as soon as I can- which should be some time tonight.

I do still have the original Windows 8 disc.



#4 Pakhawaj

Pakhawaj
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 03 August 2014 - 01:21 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Alex at 12:14:00 on 2014-08-04
Microsoft Windows 8 Pro  6.2.9200.0.1252.44.1033.18.8143.6566 [GMT 1:00]
.
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
E:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files (x86)\iTunes\iTunesHelper.exe
E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE -startup
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BECD33C2-4DE3-4320-B9E1-71429A8584D8} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - E:\Program Files (x86)\Office15\OCHelper.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - E:\Program Files (x86)\Office15\OCHelper.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files (x86)\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7iq0uid7.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [2013-7-17 97816]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-5-22 144560]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [2014-6-3 706864]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-16 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-16 21055432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-27 413128]
R2 TeamViewer9;TeamViewer 9;E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-7-8 5037888]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [2014-4-22 150256]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2013-1-19 46568]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-16 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2014-5-16 40392]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2013-3-18 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2014-5-16 23552]
.
=============== Created Last 30 ================
.
2014-07-27 21:32:46    --------    d-----w-    C:\Windows\System32\catroot2
2014-07-27 21:26:18    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2014-07-27 21:07:27    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2014-07-26 13:20:13    --------    d-----w-    C:\Windows\ERUNT
2014-07-26 13:09:52    --------    d-----w-    C:\AdwCleaner
2014-07-18 16:13:33    --------    d-----w-    C:\Program Files (x86)\Bonjour
2014-07-16 09:58:00    --------    d-----w-    C:\ProgramData\Origin
2014-07-14 16:18:16    --------    d-----w-    C:\Program Files (x86)\ESET
2014-07-14 12:23:12    271546    ----a-w-    C:\ProgramData\1405338917.bdinstall.bin
2014-07-14 10:41:22    179854    ----a-w-    C:\ProgramData\1405334450.bdinstall.bin
2014-07-14 10:36:11    --------    d-----w-    C:\Users\Alex\AppData\Local\temp
2014-07-14 10:34:58    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-07-14 10:07:10    98816    ----a-w-    C:\Windows\sed.exe
2014-07-14 10:07:10    256000    ----a-w-    C:\Windows\PEV.exe
2014-07-14 10:07:10    208896    ----a-w-    C:\Windows\MBR.exe
2014-07-14 10:00:47    --------    d-----w-    C:\Program Files\Common Files\Bitdefender
2014-07-12 13:31:11    --------    d-----w-    C:\Users\Alex\AppData\Roaming\MMFApplications
2014-07-12 11:38:05    --------    d-----w-    C:\Windows\softwaredistribution.bak1
2014-07-12 11:09:49    --------    d-----w-    C:\Windows\softwaredistribution.bak
2014-07-11 09:06:14    --------    d-----w-    C:\ProgramData\Logs
2014-07-11 09:06:14    --------    d-----w-    C:\ProgramData\Licenses
2014-07-09 18:45:15    --------    d-----w-    C:\Temp
2014-07-09 09:14:30    703968    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-09 09:14:30    105440    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 09:07:37    --------    d-----w-    C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2014-07-09 09:04:46    --------    d-----w-    C:\Users\Alex\AppData\Local\Diagnostics
2014-07-08 19:05:52    --------    d-----w-    C:\Windows\SysWow64\directx
.
==================== Find3M  ====================
.
2014-06-19 02:12:11    2239488    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-19 02:12:02    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2014-06-19 02:12:02    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2014-06-19 02:10:33    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-19 02:10:28    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 02:10:28    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-06-19 02:09:55    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-19 00:53:52    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-19 00:53:42    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2014-06-19 00:52:46    2863616    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-19 00:52:42    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-19 00:52:42    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-06-19 00:52:19    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-19 00:33:44    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 00:30:35    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 22:05:00    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2014-06-17 23:27:37    1440256    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-17 23:24:48    1557504    ----a-w-    C:\Windows\System32\osk.exe
2014-06-11 04:18:14    4038144    ----a-w-    C:\Windows\System32\win32k.sys
2014-06-06 14:06:38    596480    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 10:17:56    497152    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-06-02 22:33:45    265216    ----a-w-    C:\Windows\System32\InkEd.dll
2014-05-29 23:31:26    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2014-05-29 23:07:51    1291232    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-05-29 23:07:51    1122312    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38    1715176    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-05-29 23:07:38    1279480    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-05-29 23:03:04    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2014-05-29 23:02:28    439808    ----a-w-    C:\Windows\System32\lsm.dll
2014-05-29 23:02:27    1281536    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-05-29 22:24:46    576512    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-20 01:25:42    6769096    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42    3514144    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39    927520    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38    62808    ----a-w-    C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38    387528    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-05-19 23:10:44    601432    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-05-14 23:49:42    3774821    ----a-w-    C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 12:14:04.92 ===============
 

Edit: forgot to turn off anti-virus during second scan.


Edited by Pakhawaj, 04 August 2014 - 06:15 AM.


#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:46 AM

Posted 04 August 2014 - 12:11 PM

Hello Pakhawaj,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 Pakhawaj

Pakhawaj
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 04 August 2014 - 02:19 PM

Hey Cody, these are the logs. Thank you very much for looking at my problem.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Alex (administrator) on DPC on 04-08-2014 20:14:12
Running from C:\Users\Alex\Desktop
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) E:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Power Software Ltd) E:\Program Files\PowerISO\PWRISOVM.EXE
(Apple Inc.) E:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) E:\Program Files (x86)\Office15\WINWORD.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => E:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-02-03] (Power Software Ltd)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-674474806-3385298796-2796329221-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe [851120 2014-06-18] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - E:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Program Files (x86)\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files (x86)\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7iq0uid7.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\Program Files (x86)\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7iq0uid7.default\searchplugins\chambers-21st-century-dictionary.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7iq0uid7.default\searchplugins\urban-dictionary.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7iq0uid7.default\searchplugins\youtube-video-search.xml
FF Extension: British English Dictionary (Updated) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7iq0uid7.default\Extensions\en-gb@flyingtophat.co.uk [2014-07-22]
FF Extension: English (GB) Language Pack - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7iq0uid7.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-07-18]
FF Extension: TinEye Reverse Image Search - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7iq0uid7.default\Extensions\tineye@ideeinc.com.xpi [2014-06-21]
FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7iq0uid7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-16]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R3 iPod Service; E:\Program Files\iPod\bin\iPodService.exe [641352 2014-07-08] (Apple Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 TeamViewer9; E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [5037888 2014-07-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2013-07-17] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 vsserv;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 20:14 - 2014-08-04 20:14 - 00011215 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-08-04 20:14 - 2014-08-04 20:14 - 00000000 ____D () C:\FRST
2014-08-04 20:13 - 2014-08-04 20:13 - 02094080 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-08-04 12:13 - 2014-08-04 12:14 - 00013275 _____ () C:\Users\Alex\Desktop\dds.txt
2014-08-04 12:13 - 2014-08-04 12:14 - 00007102 _____ () C:\Users\Alex\Desktop\attach.txt
2014-07-31 17:25 - 2014-07-31 17:25 - 00000000 ____D () E:\Program Files (x86)\Mozilla Firefox
2014-07-28 19:49 - 2014-07-28 19:49 - 00688992 ____R (Swearware) C:\Users\Alex\Desktop\dds.com
2014-07-28 19:21 - 2014-07-28 19:21 - 05124208 _____ (F-Secure Corporation) C:\Users\Alex\Desktop\F-SecureOnlineScanner-HC.exe
2014-07-27 22:08 - 2014-07-27 22:08 - 00002159 _____ () C:\Users\Alex\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-27 22:08 - 2014-07-27 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-27 22:07 - 2014-07-27 22:07 - 09518328 _____ () C:\Users\Alex\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-07-27 20:46 - 2014-07-27 20:46 - 00415232 _____ (Farbar) C:\Users\Alex\Desktop\FSS.exe
2014-07-27 20:46 - 2014-07-27 20:46 - 00002762 _____ () C:\Users\Alex\Desktop\FSS.txt
2014-07-26 14:30 - 2014-07-26 14:30 - 02347384 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_enu(2).exe
2014-07-26 14:23 - 2014-07-26 14:23 - 00001188 _____ () C:\Users\Alex\Desktop\JRT.txt
2014-07-26 14:20 - 2014-07-26 14:20 - 00000000 ____D () C:\Windows\ERUNT
2014-07-26 14:19 - 2014-07-26 14:19 - 01016261 _____ (Thisisu) C:\Users\Alex\Desktop\JRT.exe
2014-07-26 14:09 - 2014-07-26 14:13 - 00000000 ____D () C:\AdwCleaner
2014-07-26 14:09 - 2014-07-26 14:09 - 01354223 _____ () C:\Users\Alex\Desktop\AdwCleaner.exe
2014-07-26 14:07 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Alex\Desktop\TDSSKiller.exe
2014-07-26 14:01 - 2014-07-26 14:02 - 00037531 _____ () C:\Users\Alex\Desktop\Result.txt
2014-07-26 14:00 - 2014-07-26 14:00 - 00401920 _____ (Farbar) C:\Users\Alex\Desktop\MiniToolBox.exe
2014-07-26 13:59 - 2014-07-26 13:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Alex\Desktop\rkill.com
2014-07-26 13:59 - 2014-07-26 13:59 - 00002276 _____ () C:\Users\Alex\Desktop\Rkill.txt
2014-07-18 17:14 - 2014-07-18 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-18 17:13 - 2014-07-18 17:14 - 00000000 ____D () E:\Program Files\iTunes
2014-07-18 17:13 - 2014-07-18 17:14 - 00000000 ____D () E:\Program Files (x86)\iTunes
2014-07-18 17:13 - 2014-07-18 17:13 - 00000000 ____D () E:\Program Files\Bonjour
2014-07-18 17:13 - 2014-07-18 17:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-16 13:57 - 2014-07-16 13:57 - 00003949 _____ () C:\Users\Alex\Desktop\Attach.zip
2014-07-16 13:42 - 2014-07-16 13:42 - 00006674 _____ () C:\Users\Alex\Desktop\ark.txt
2014-07-16 11:46 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Alex\Desktop\gmer.exe
2014-07-16 11:34 - 2014-07-16 11:34 - 00688992 ____R (Swearware) C:\Users\Alex\Desktop\dds.scr
2014-07-16 10:58 - 2014-07-16 10:58 - 00000000 ____D () C:\ProgramData\Origin
2014-07-14 15:34 - 2014-07-14 15:34 - 32298100 _____ () C:\Users\Alex\New document 1.2014_07_14_15_34_06.0.svg
2014-07-14 13:51 - 2014-07-14 13:51 - 66060288 _____ () C:\Windows\system32\config\SOFTWARE.bdkup
2014-07-14 13:51 - 2014-07-14 13:51 - 10747904 _____ () C:\Windows\system32\config\SYSTEM.bdkup
2014-07-14 13:25 - 2014-07-14 13:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Lavasoft
2014-07-14 13:23 - 2014-07-14 13:23 - 00271546 _____ () C:\ProgramData\1405338917.bdinstall.bin
2014-07-14 13:23 - 2014-07-14 13:23 - 00001273 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-14 13:23 - 2014-07-14 13:23 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-07-14 13:23 - 2014-07-14 13:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-14 13:23 - 2014-07-14 13:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-07-14 13:23 - 2014-07-14 13:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-07-14 13:23 - 2014-07-14 13:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-07-14 11:41 - 2014-07-14 11:41 - 00179854 _____ () C:\ProgramData\1405334450.bdinstall.bin
2014-07-14 11:36 - 2014-07-14 11:36 - 00016871 _____ () C:\ComboFix.txt
2014-07-14 11:07 - 2014-07-14 11:36 - 00000000 ____D () C:\Qoobox
2014-07-14 11:07 - 2014-07-14 11:12 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 11:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-14 11:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-14 11:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-14 11:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-14 11:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-14 11:07 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-07-14 11:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-14 11:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-14 11:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-14 11:06 - 2014-07-14 11:04 - 05219590 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2014-07-14 11:00 - 2014-07-14 13:23 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-12 14:31 - 2014-07-12 14:31 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\MMFApplications
2014-07-12 12:38 - 2014-07-12 12:38 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-07-12 12:09 - 2014-07-12 12:09 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () E:\Program Files\The Wolf Among Us Episode 4
2014-07-11 10:06 - 2014-07-14 11:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-11 10:06 - 2014-07-11 10:06 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-09 19:45 - 2014-07-09 19:45 - 00000000 ____D () C:\Temp
2014-07-09 17:19 - 2014-07-09 17:19 - 00000218 _____ () C:\Users\Alex\AppData\Local\recently-used.xbel
2014-07-09 10:51 - 2014-07-28 08:50 - 05072040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 10:14 - 2014-06-26 21:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 10:14 - 2014-06-26 21:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 10:03 - 2014-06-18 00:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 10:03 - 2014-06-18 00:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 10:03 - 2014-06-11 05:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 10:03 - 2014-06-02 23:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 10:03 - 2014-05-30 00:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 10:03 - 2014-05-30 00:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 10:03 - 2014-05-30 00:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 10:03 - 2014-05-30 00:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 10:03 - 2014-05-03 07:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 10:03 - 2014-05-03 07:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 10:03 - 2014-05-03 05:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 10:03 - 2014-05-01 23:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 10:03 - 2014-04-29 23:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 10:03 - 2014-04-29 23:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 10:03 - 2014-04-24 00:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 10:03 - 2014-04-24 00:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 10:03 - 2014-04-24 00:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 10:03 - 2014-04-24 00:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 10:03 - 2014-02-08 05:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 10:02 - 2014-06-19 03:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 10:02 - 2014-06-19 03:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 10:02 - 2014-06-19 03:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 10:02 - 2014-06-19 03:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 10:02 - 2014-06-19 03:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 10:02 - 2014-06-19 03:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 10:02 - 2014-06-19 03:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 10:02 - 2014-06-19 03:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 10:02 - 2014-06-19 03:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 10:02 - 2014-06-19 03:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 10:02 - 2014-06-19 01:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 10:02 - 2014-06-19 01:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 10:02 - 2014-06-19 01:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 10:02 - 2014-06-19 01:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 10:02 - 2014-06-19 01:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 10:02 - 2014-06-19 01:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 10:02 - 2014-06-19 01:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 10:02 - 2014-06-19 01:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 10:02 - 2014-06-19 01:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 10:02 - 2014-06-19 01:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 10:02 - 2014-06-19 01:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 10:02 - 2014-06-18 23:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 10:02 - 2014-06-06 15:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 10:02 - 2014-06-06 11:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 10:02 - 2014-05-29 23:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 20:05 - 2014-07-08 20:05 - 00000000 ____D () C:\Windows\SysWOW64\directx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 20:14 - 2014-08-04 20:14 - 00011215 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-08-04 20:14 - 2014-08-04 20:14 - 00000000 ____D () C:\FRST
2014-08-04 20:13 - 2014-08-04 20:13 - 02094080 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-08-04 20:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-04 18:17 - 2014-05-22 12:17 - 00000927 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {06B817E9-531F-4D8A-A5E0-B96E4D374A85}.job
2014-08-04 18:17 - 2014-05-22 12:17 - 00000741 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {06B817E9-531F-4D8A-A5E0-B96E4D374A85}.job
2014-08-04 18:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-04 17:06 - 2014-05-16 14:01 - 01074252 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 12:14 - 2014-08-04 12:13 - 00013275 _____ () C:\Users\Alex\Desktop\dds.txt
2014-08-04 12:14 - 2014-08-04 12:13 - 00007102 _____ () C:\Users\Alex\Desktop\attach.txt
2014-08-04 11:59 - 2014-05-31 18:56 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe
2014-08-01 12:30 - 2012-07-26 08:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-31 17:25 - 2014-07-31 17:25 - 00000000 ____D () E:\Program Files (x86)\Mozilla Firefox
2014-07-28 19:49 - 2014-07-28 19:49 - 00688992 ____R (Swearware) C:\Users\Alex\Desktop\dds.com
2014-07-28 19:21 - 2014-07-28 19:21 - 05124208 _____ (F-Secure Corporation) C:\Users\Alex\Desktop\F-SecureOnlineScanner-HC.exe
2014-07-28 18:25 - 2013-06-01 13:36 - 00000000 ____D () C:\Users\Alex\AppData\Local\Packages
2014-07-28 16:55 - 2012-07-26 08:21 - 00019515 _____ () C:\Windows\setupact.log
2014-07-28 08:51 - 2014-06-02 17:25 - 00003490 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-07-28 08:50 - 2014-07-09 10:51 - 05072040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-28 08:50 - 2014-05-16 14:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-28 08:50 - 2014-05-16 13:52 - 00015984 _____ () C:\Windows\PFRO.log
2014-07-28 08:50 - 2014-02-24 15:52 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-07-28 08:50 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 03:00 - 2014-05-18 19:02 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-674474806-3385298796-2796329221-1001
2014-07-27 23:15 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-27 22:28 - 2012-07-26 06:26 - 00000203 _____ () C:\Windows\win.ini
2014-07-27 22:08 - 2014-07-27 22:08 - 00002159 _____ () C:\Users\Alex\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-27 22:08 - 2014-07-27 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-27 22:07 - 2014-07-27 22:07 - 09518328 _____ () C:\Users\Alex\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-07-27 20:46 - 2014-07-27 20:46 - 00415232 _____ (Farbar) C:\Users\Alex\Desktop\FSS.exe
2014-07-27 20:46 - 2014-07-27 20:46 - 00002762 _____ () C:\Users\Alex\Desktop\FSS.txt
2014-07-27 10:21 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-26 14:30 - 2014-07-26 14:30 - 02347384 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_enu(2).exe
2014-07-26 14:28 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-26 14:23 - 2014-07-26 14:23 - 00001188 _____ () C:\Users\Alex\Desktop\JRT.txt
2014-07-26 14:20 - 2014-07-26 14:20 - 00000000 ____D () C:\Windows\ERUNT
2014-07-26 14:19 - 2014-07-26 14:19 - 01016261 _____ (Thisisu) C:\Users\Alex\Desktop\JRT.exe
2014-07-26 14:13 - 2014-07-26 14:09 - 00000000 ____D () C:\AdwCleaner
2014-07-26 14:09 - 2014-07-26 14:09 - 01354223 _____ () C:\Users\Alex\Desktop\AdwCleaner.exe
2014-07-26 14:02 - 2014-07-26 14:01 - 00037531 _____ () C:\Users\Alex\Desktop\Result.txt
2014-07-26 14:00 - 2014-07-26 14:00 - 00401920 _____ (Farbar) C:\Users\Alex\Desktop\MiniToolBox.exe
2014-07-26 13:59 - 2014-07-26 13:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Alex\Desktop\rkill.com
2014-07-26 13:59 - 2014-07-26 13:59 - 00002276 _____ () C:\Users\Alex\Desktop\Rkill.txt
2014-07-21 18:38 - 2014-05-22 17:53 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2014-07-18 17:14 - 2014-07-18 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-18 17:14 - 2014-07-18 17:13 - 00000000 ____D () E:\Program Files\iTunes
2014-07-18 17:14 - 2014-07-18 17:13 - 00000000 ____D () E:\Program Files (x86)\iTunes
2014-07-18 17:14 - 2014-06-02 13:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-18 17:13 - 2014-07-18 17:13 - 00000000 ____D () E:\Program Files\Bonjour
2014-07-18 17:13 - 2014-07-18 17:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-16 13:57 - 2014-07-16 13:57 - 00003949 _____ () C:\Users\Alex\Desktop\Attach.zip
2014-07-16 13:42 - 2014-07-16 13:42 - 00006674 _____ () C:\Users\Alex\Desktop\ark.txt
2014-07-16 11:42 - 2013-11-15 15:20 - 00000000 ____D () C:\Users\Alex\Desktop\New folder
2014-07-16 11:34 - 2014-07-16 11:34 - 00688992 ____R (Swearware) C:\Users\Alex\Desktop\dds.scr
2014-07-16 10:58 - 2014-07-16 10:58 - 00000000 ____D () C:\ProgramData\Origin
2014-07-16 10:48 - 2014-05-21 13:08 - 00000000 ____D () C:\ProgramData\BitDefender
2014-07-16 09:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-07-16 08:49 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-14 15:34 - 2014-07-14 15:34 - 32298100 _____ () C:\Users\Alex\New document 1.2014_07_14_15_34_06.0.svg
2014-07-14 15:34 - 2014-05-16 13:54 - 00000000 ____D () C:\Users\Alex
2014-07-14 13:51 - 2014-07-14 13:51 - 66060288 _____ () C:\Windows\system32\config\SOFTWARE.bdkup
2014-07-14 13:51 - 2014-07-14 13:51 - 10747904 _____ () C:\Windows\system32\config\SYSTEM.bdkup
2014-07-14 13:51 - 2014-04-19 15:10 - 00000000 ____D () E:\Program Files\Mount&Blade - Warband
2014-07-14 13:25 - 2014-07-14 13:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Lavasoft
2014-07-14 13:23 - 2014-07-14 13:23 - 00271546 _____ () C:\ProgramData\1405338917.bdinstall.bin
2014-07-14 13:23 - 2014-07-14 13:23 - 00001273 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-14 13:23 - 2014-07-14 13:23 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-07-14 13:23 - 2014-07-14 13:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-14 13:23 - 2014-07-14 13:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2014-07-14 13:23 - 2014-07-14 13:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2014-07-14 13:23 - 2014-07-14 13:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-07-14 13:23 - 2014-07-14 11:00 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-14 13:23 - 2014-05-16 13:54 - 00000000 ____D () C:\Users\Administrator
2014-07-14 13:23 - 2014-05-16 13:54 - 00000000 ____D () C:\ProgramData\PRICache
2014-07-14 13:23 - 2013-06-03 11:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-07-14 11:41 - 2014-07-14 11:41 - 00179854 _____ () C:\ProgramData\1405334450.bdinstall.bin
2014-07-14 11:36 - 2014-07-14 11:36 - 00016871 _____ () C:\ComboFix.txt
2014-07-14 11:36 - 2014-07-14 11:07 - 00000000 ____D () C:\Qoobox
2014-07-14 11:34 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini
2014-07-14 11:34 - 2012-07-26 06:26 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_958
2014-07-14 11:12 - 2014-07-14 11:07 - 00000000 ____D () C:\Windows\erdnt
2014-07-14 11:10 - 2012-07-26 06:26 - 65798144 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-14 11:10 - 2012-07-26 06:26 - 10747904 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-14 11:10 - 2012-07-26 06:26 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-14 11:10 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-14 11:10 - 2012-07-26 06:26 - 00065536 _____ () C:\Windows\system32\config\SAM.bak
2014-07-14 11:09 - 2014-07-11 10:06 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-14 11:04 - 2014-07-14 11:06 - 05219590 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2014-07-14 10:55 - 2012-07-26 09:08 - 04853760 _____ () C:\Windows\system32\config\DRIVERS.bak
2014-07-12 14:31 - 2014-07-12 14:31 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\MMFApplications
2014-07-12 12:38 - 2014-07-12 12:38 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-07-12 12:09 - 2014-07-12 12:09 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2014-07-12 10:17 - 2013-10-16 18:17 - 00000000 ____D () C:\Users\Alex\Documents\Telltale Games
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () E:\Program Files\The Wolf Among Us Episode 4
2014-07-11 10:06 - 2014-07-11 10:06 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-10 12:38 - 2014-07-26 14:07 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Alex\Desktop\TDSSKiller.exe
2014-07-09 19:45 - 2014-07-09 19:45 - 00000000 ____D () C:\Temp
2014-07-09 17:19 - 2014-07-09 17:19 - 00000218 _____ () C:\Users\Alex\AppData\Local\recently-used.xbel
2014-07-09 10:12 - 2014-06-02 17:02 - 00000000 ____D () E:\Program Files (x86)\Office15
2014-07-09 10:12 - 2014-05-18 20:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 10:12 - 2013-06-03 12:44 - 00000000 ____D () E:\Program Files\Windows Journal
2014-07-09 10:12 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 10:12 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 10:12 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 10:11 - 2014-05-18 20:11 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 10:10 - 2014-06-02 17:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 10:08 - 2014-06-02 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-08 20:05 - 2014-07-08 20:05 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-08 11:07 - 2014-06-04 13:58 - 00000904 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 11:07 - 2014-06-04 13:58 - 00000904 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-06 20:40 - 2014-01-16 12:36 - 00000000 ____D () E:\Program Files (x86)\Cheat Engine 6.3

Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\temp\cleanup_tool.exe
C:\Users\Alex\AppData\Local\temp\npp.6.6.7.Installer.exe
C:\Users\Alex\AppData\Local\temp\Quarantine.exe
C:\Users\Alex\AppData\Local\temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 03:01

==================== End Of Log ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Alex at 2014-08-04 20:14:48
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Ad-Aware Antivirus (Enabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.sol Editor 1.1.0.1 (HKLM-x32\...\.sol Editor) (Version: 1.1.0.1 - alexisisaac.net)
Ad-Aware Antivirus (HKLM\...\{9F965DAA-2FFD-41E3-8125-893BFBBE01D6}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2.137 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1C35197-B856-45E2-BA67-5ABB6B0CA9C2}) (Version:  - Microsoft)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-312 313 315 Series Printer Uninstall (HKLM\...\EPSON XP-312 313 315 Series) (Version:  - SEIKO EPSON Corporation)
Europa Universalis IV Wealth of Nations (HKLM-x32\...\Europa Universalis IV Wealth of Nations_is1) (Version:  - )
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Inkscape 0.48.4 (HKCU\...\Inkscape) (Version: 0.48.4 - )
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mod Updater for NRaas mods (HKLM-x32\...\{B4E52851-4B4B-459E-9A9F-07B9115328B2}) (Version: 1.9.0 - Tucknology)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Firefox 31.0 (x86 en-US) (HKCU\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pandora First Contact (HKLM-x32\...\Pandora First Contact_is1) (Version:  - Slitherine)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
The Sims" 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims" 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims" 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims" 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims" 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims" 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims" 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims" 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims" 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims" 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims" 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims" 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims" 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims" 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims" 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims" 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims" 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims" 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims" 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims" 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims" 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 3 + Expansions Uninstaller (HKLM-x32\...\The Sims™ 3 + Expansions Uninstaller) (Version: 1.0.0.11 - Electronic Arts)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.3 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9F71CF8-8310-4EFC-869F-47BC0FEE269D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9A479F9C-C1EC-4833-A115-A8B7A60480BD}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3A12DFA2-3FF5-450E-BDB1-A742551A5D1A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{EA8072E8-E3CF-46DF-A5DE-9F5975344327}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{1BABB09A-AB4C-427F-B23C-76A278737988}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-07-2014 02:03:04 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-07-27 22:28 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {250C6278-E26A-4B45-93BE-45983F6A39B1} - System32\Tasks\EPSON XP-312 313 315 Series Update {06B817E9-531F-4D8A-A5E0-B96E4D374A85} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {5497EB1A-9F2C-4B40-9B16-292FA3765FFF} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {59BDCC92-E6D7-4CF9-A054-481D11CB3CA5} - System32\Tasks\EPSON XP-312 313 315 Series Invitation {06B817E9-531F-4D8A-A5E0-B96E4D374A85} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {5CFB630F-D446-4AA2-9816-56C95DC87885} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {9883EA3A-452A-48AF-B16E-AA3F7F80F5FA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BE27D610-4D12-4531-AC31-BB4413D64F95} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-alexanderduckettpike4@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {C31A7C3C-0A3C-409B-BF9C-9A0CA7F7EC05} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F39FF079-A6DF-42EC-B00B-50D5DB9275AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {F77E17DB-222F-4F87-A6E9-15A58899E16F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-06-02] ()
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {06B817E9-531F-4D8A-A5E0-B96E4D374A85}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {06B817E9-531F-4D8A-A5E0-B96E4D374A85}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE

==================== Loaded Modules (whitelisted) =============

2014-06-03 15:47 - 2014-06-03 15:47 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
2014-06-03 16:19 - 2014-06-03 16:19 - 00103800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00024440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00055680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00123776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00033656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 10070888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 03393352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00788856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll
2014-06-03 16:17 - 2014-06-03 16:17 - 00604520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00360312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00149840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00106824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00142696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00098648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00120152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00290168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00198024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00417128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00245608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00336752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00212336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00509808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00610144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00035192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00326000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00453496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00227688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00218976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00171368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00786800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 01936744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00422256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00650608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00358744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00298336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00371576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00154464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll
2014-05-21 11:41 - 2013-07-17 17:09 - 00156936 _____ () C:\Windows\SYSTEM32\bdfwcore.dll
2014-04-22 17:29 - 2014-07-07 11:47 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
2014-04-22 17:29 - 2014-07-07 11:47 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
2014-04-22 17:29 - 2014-07-07 11:47 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
2014-04-22 17:29 - 2014-07-07 11:47 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
2014-05-16 14:20 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () E:\Program Files\Unlocker\UnlockerCOM.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 02082160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareShellExtension.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () E:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 07715160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
2014-06-03 16:18 - 2014-06-03 16:18 - 00500088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_locale-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00364896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\HtmlFramework.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00066904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\DllStorage.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00803696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTrayDefaultSkin.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00139608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\Localization.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2014-07-31 17:25 - 2014-07-31 17:25 - 03800688 _____ () E:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2014 03:03:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (07/31/2014 03:03:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (07/31/2014 03:00:29 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Spooler8

Error: (07/28/2014 09:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (07/28/2014 09:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (07/28/2014 09:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 09:00:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/28/2014 09:00:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/28/2014 08:54:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/28/2014 08:54:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (08/04/2014 08:12:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1062

Error: (08/04/2014 08:12:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147952422

Error: (08/04/2014 08:12:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147952422

Error: (08/04/2014 00:15:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147952422

Error: (08/04/2014 00:15:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147952422

Error: (08/04/2014 00:15:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147952422

Error: (08/04/2014 00:15:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147952422

Error: (08/04/2014 11:58:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147952422

Error: (08/04/2014 11:58:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147952422

Error: (08/04/2014 11:56:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147952422


Microsoft Office Sessions:
=========================
Error: (07/31/2014 03:03:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (07/31/2014 03:03:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (07/31/2014 03:00:29 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Spooler8

Error: (07/28/2014 09:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (07/28/2014 09:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (07/28/2014 09:58:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2014 09:00:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Desktop\esetsmartinstaller_enu(2).exe

Error: (07/28/2014 09:00:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Alex\Desktop\esetsmartinstaller_enu(2).exe

Error: (07/28/2014 08:54:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestE:\Downloads\esetsmartinstaller_enu.exe

Error: (07/28/2014 08:54:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestE:\Downloads\esetsmartinstaller_enu(1).exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-14 11:10:19.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 8142.93 MB
Available physical RAM: 6453.6 MB
Total Pagefile: 9358.93 MB
Available Pagefile: 7333.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.62 GB) (Free:5.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Main Disk) (Fixed) (Total:1862.67 GB) (Free:1627.59 GB) NTFS
Drive g: (15.0.4420.1017) (CDROM) (Total:0.79 GB) (Free:0 GB) UDF
Drive h: (Pandora) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 8B6618FB)
Partition 1: (Active) - (Size=60 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 8B6618F3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:46 AM

Posted 05 August 2014 - 08:31 AM

Hello Pakhawaj,

 

You're welcome.  :)

 

Given the amount of tools you have run [and the results of your most recent FRST log], whatever is wrong with your computer it is not malware related.

 

I will walk you through some basic troubleshooting steps, but as I am a student in the malware removal program I will eventually need to transfer you to another section of the forums if this is not resolved soon.

 

================================================

 

Please try temporarily disabling Ad-Aware (if this isn't disabled already) and the BitDefender Firewall -- these may have something to do with your lack of Internet access.

 

================================================

 

Lastly, see the following regarding registry cleaners.

 

Registry Cleaners

 

You should never use registry cleaners, optimizers, etc.

 

While the programs claim to speed up your computer, they can actually wreck havoc on them and even corrupt the operating system so the system cannot boot.

 

The use of these programs may or may not be related to problems you're experiencing.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#8 Pakhawaj

Pakhawaj
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 05 August 2014 - 06:21 PM

I have uninstalled BitDefender and have already tried disabling Ad-Aware.
I only downloaded the registry cleaner after experiencing this problem, I've since uninstalled the software.
It's a shame to be moved on again after having waited for so long, but I'm thankful for you helping me out.

#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:46 AM

Posted 07 August 2014 - 09:34 PM

Sorry for my delay, some circumstances have come up that I will be largely out of touch Until Tuesday of next week.

I am going to discuss your next steps with my instructor to confirm, but the Networking forum or Windows 8 forum would likely be most appropriate.

I will post back ASAP.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:46 AM

Posted 07 August 2014 - 09:36 PM

I also want to apologize for "moving you on", but confirming this is not due to malware will help the experts in the other forums narrow the problem down to certain possibilities.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:46 PM

Posted 08 August 2014 - 01:52 AM

Hi Pakhawaj,
Because TheShooter is currently not available I will work with you from here, rather than have you repost about your problem as you already waited some time after posting.

Lets first have a look at various internet-related services to see if they're in place and running.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Pakhawaj

Pakhawaj
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 08 August 2014 - 04:52 AM

No worries Cody, real life is more important than helping out internet strangers!

 

Hi Elise, these are the results of the scan:

Farbar Service Scanner Version: 21-07-2014
Ran by Alex (administrator) on 08-08-2014 at 10:50:57
Running from "C:\Users\Alex\Desktop"
Microsoft Windows 8 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:46 PM

Posted 08 August 2014 - 08:36 AM

That all looks good. Do you know what the error code is for windows update (you can find this in the update history usually).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Pakhawaj

Pakhawaj
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 08 August 2014 - 09:21 AM

If I go to the Windows update page it says that there are "No updates available", even though there are updates I don't have. It also says I have never updated or checked for updates, which is false.

If I try to check for updates the error message appears: "Windows could not search for new updates", "There was a problem checking for updates,", "Error(s) found:
Code 8024402C"

 

To reiterate, the vast majority of programs cannot access the internet (not that I've purposely went around trying, but the only two programs I've managed to connect with are Notepad+ and Mozilla Firefox) and most of the error messages just say something along the lines of 'cannot connect to the internet'

 

Unfortunately I'm going away for a couple of days, so I won't be able to go through any instructions you give me but I'll be able to access this thread on my phone.


Edited by Pakhawaj, 08 August 2014 - 09:52 AM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:46 PM

Posted 08 August 2014 - 11:24 AM

It sounds like a third party program is blocking these connections. How did you uninstall BitDefender's firewall? I would also recommend you to completely uninstall adaware to ensure that is not interfering.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users