Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe iexplorer.exe high cpu usage


  • This topic is locked This topic is locked
35 replies to this topic

#1 noserave

noserave

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 22 October 2014 - 05:44 AM

Hello, I'm brand new to this site. Did some googling and came across bleepingcomputer. The past few days ive noticed some strange processes running like iexplorer.exe. I've never had any encounters with malware or virus' before so I have no idea what to do... I have malwarebytes but it has not fixed the problem. Please let me know what I should do to get rid of this bug.



BC AdBot (Login to Remove)

 


#2 noserave

noserave
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 22 October 2014 - 10:16 PM

Someone please help me.



#3 noserave

noserave
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 23 October 2014 - 07:00 PM

Needing help removing this bug from my computer. malwarebytes doesnt seem to help. would a factory reset work?



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:37 PM

Posted 25 October 2014 - 04:21 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 noserave

noserave
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 26 October 2014 - 12:06 AM

Thank you very much for your reply! I will follow all instructions you provide. I have downloaded the FRST application you requested, and here are the results, 

 

'FRST'

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-10-2014
Ran by McCraney Family (administrator) on NOSERAVE on 25-10-2014 23:54:27
Running from C:\Users\McCraney Family\Desktop
Loaded Profile: McCraney Family (Available profiles: McCraney Family)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\MyPublicWiFi\PublicWiFiService.exe
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Connectify) C:\Program Files\Connectify\ConnectifyNetServices.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-18] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [3816960 2013-12-27] (Connectify)
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Run: [DAEMON Tools Pro Agent] => "C:\Program Files\Portable\DAEMON Tools Pro Advanced v5.2.0.0348\DTAgent.exe" -autorun
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\MountPoints2: {169dd255-0ad5-11e3-9b5c-206a8a194fd0} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\MountPoints2: {5ac6f3ba-249b-11e4-937b-206a8a194fd0} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\MountPoints2: {7a2e8a7d-267e-11e3-b8a6-206a8a194fd0} - F:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SEARCH~2\SEARCH~1\bin\SPVC32~1.DLL => C:\PROGRA~1\SEARCH~2\SEARCH~1\bin\SPVC32~1.DLL File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x078037A1DD98CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {025A07C6-DDCB-48C9-94CC-F9A00C7F5F4F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {7A11327E-A111-4ED9-AFDA-D31A9BE1DF75} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {91C77C29-C56E-4303-B693-C4888985F0EE} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
SearchScopes: HKCU - {FB771FAD-D59D-4639-9AE5-7857466BED71} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9D3A7B32-BBC6-442E-8FBA-D6F7C14FA76E}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [searchpredict@speedbit.com] - 
FF HKLM\...\Firefox\Extensions: [50846b386b77d@50846b386b78a.com] - C:\Users\McCraney Family\AppData\Roaming\Mozilla\Firefox\Profiles\dkbscgwi.default\extensions\50846b386b77d@50846b386b78a.com
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR Profile: C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]
CHR Extension: (Google Search) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]
CHR Extension: (AdBlock) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-29]
CHR Extension: (Facebook - Delete All Messages) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2014-07-29]
CHR Extension: (Refresh Monkey) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]
CHR Profile: C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak [2012-10-23]
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2012-10-23]
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geggofhlfbcmanadhknllmlajiafopoh [2012-10-23]
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ninmclfaanihkdljeclnamacejnlejhi [2012-10-23]
CHR HKLM\...\Chrome\Extension: [chopfbpmmolfkflnmdghmhhieebchfbn] - C:\ProgramData\SaveAs\chopfbpmmolfkflnmdghmhhieebchfbn.crx []
CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd10.crx []
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\McCraney Family\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2013-11-05] (Connectify) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MyPublicWiFiService; C:\Program Files\MyPublicWiFi\PublicWiFiService.exe [756224 2013-04-03] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S2 KDUpdater; "\\?\C:\Users\MCCRAN~1\AppData\Local\Temp\kd64CA.tmp" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1564160 2010-10-11] (Atheros Communications, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2014-10-12] (Connectify)
S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [22784 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [35256 2012-09-26] (Thesycon GmbH, Germany)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-22] (DT Soft Ltd)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R1 ndiskhaz; C:\Windows\System32\DRIVERS\ndiskhaz.sys [25416 2012-12-07] (Khalil Azzouzi)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2012-10-12] (VSO Software) [File not signed]
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21472 2011-07-22] (Windows ® Win 7 DDK provider)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-09-26] () [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
U3 a0npat80; C:\Windows\system32\Drivers\a0npat80.sys [0 ] (Microsoft Corporation)
S0 ElbyVCD; system32\DRIVERS\ElbyVCD.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-25 23:54 - 2014-10-25 23:58 - 00016806 _____ () C:\Users\McCraney Family\Desktop\FRST.txt
2014-10-25 23:54 - 2014-10-25 23:52 - 01104384 _____ (Farbar) C:\Users\McCraney Family\Desktop\FRST.exe
2014-10-25 23:53 - 2014-10-25 23:54 - 00000000 ____D () C:\FRST
2014-10-25 23:52 - 2014-10-25 23:52 - 01104384 _____ (Farbar) C:\Users\McCraney Family\Downloads\FRST.exe
2014-10-21 14:03 - 2014-10-25 23:50 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-10-21 14:03 - 2014-10-21 14:07 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-20 21:22 - 2014-10-20 21:22 - 00995648 _____ (DivX, LLC) C:\Users\McCraney Family\Downloads\DivXWebPlayerInstaller (3).exe
2014-10-20 21:12 - 2014-10-20 21:12 - 00995648 _____ (DivX, LLC) C:\Users\McCraney Family\Downloads\DivXWebPlayerInstaller (2).exe
2014-10-14 22:25 - 2014-10-16 05:24 - 00000000 ____D () C:\Users\McCraney Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-14 22:25 - 2014-10-16 05:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-14 22:25 - 2014-10-14 22:25 - 00002262 _____ () C:\Users\McCraney Family\Desktop\SpyHunter.lnk
2014-10-14 22:24 - 2014-10-14 22:25 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-10-14 22:23 - 2014-10-14 22:23 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-12 20:05 - 2014-10-12 20:05 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk
2014-10-12 20:05 - 2014-10-12 20:05 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk
2014-10-12 20:05 - 2014-10-12 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
2014-10-12 19:55 - 2014-10-12 20:14 - 00000000 ____D () C:\Program Files\Connectify
2014-10-12 19:55 - 2014-10-12 20:09 - 00000000 ____D () C:\ProgramData\Connectify
2014-10-12 19:55 - 2014-10-12 19:55 - 00029672 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2014-10-12 19:39 - 2014-10-12 19:39 - 00000000 ____D () C:\Program Files\Microsoft Research
2014-10-12 19:35 - 2014-10-12 19:36 - 12766208 _____ () C:\Users\McCraney Family\Downloads\MSRMesh-VirtualWIFI.MSI
2014-10-12 19:31 - 2014-10-12 19:31 - 00001092 _____ () C:\Users\Public\Desktop\Maryfi.lnk
2014-10-12 19:31 - 2014-10-12 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MarySoft
2014-10-12 19:31 - 2014-10-12 19:31 - 00000000 ____D () C:\Program Files\MarySoft
2014-10-12 19:29 - 2014-10-12 19:29 - 02170291 _____ (MarySoft) C:\Users\McCraney Family\Downloads\Maryfi-EN.exe
2014-10-12 19:25 - 2014-10-12 19:25 - 00000000 ____D () C:\Users\McCraney Family\Downloads\virtualrouter3.3
2014-10-12 19:23 - 2014-10-12 19:24 - 00370323 _____ () C:\Users\McCraney Family\Downloads\virtualrouter3.3.zip
2014-10-12 19:19 - 2014-10-12 19:21 - 03691356 _____ (virtual-ap.com ) C:\Users\McCraney Family\Downloads\virtual-ap_setup.exe
2014-10-11 21:56 - 2014-10-22 15:27 - 00000000 ____D () C:\Program Files\SpeedFan
2014-10-11 21:56 - 2014-10-11 21:56 - 00000965 _____ () C:\Users\McCraney Family\Desktop\SpeedFan.lnk
2014-10-11 21:56 - 2014-10-11 21:56 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2014-10-11 21:56 - 2014-10-11 21:56 - 00000000 ____D () C:\Users\McCraney Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-11 21:56 - 2014-10-11 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-11 21:55 - 2014-10-11 21:56 - 02174848 _____ () C:\Users\McCraney Family\Downloads\instsf450.exe
2014-10-11 18:42 - 2014-10-12 19:43 - 00000000 ____D () C:\Program Files\Virtual Access Point
2014-10-11 18:42 - 2014-10-12 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Access Point
2014-10-11 03:08 - 2014-10-25 23:49 - 00003136 _____ () C:\Windows\setupact.log
2014-10-11 03:08 - 2014-10-11 03:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-30 01:50 - 2014-10-23 20:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-30 01:50 - 2014-10-20 18:56 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-30 01:50 - 2014-10-20 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-30 01:49 - 2014-10-20 18:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-30 01:49 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-30 01:49 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-30 01:49 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-30 01:46 - 2014-09-30 01:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McCraney Family\Downloads\mbam-setup-2.0.2.1012.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-25 23:57 - 2009-07-13 23:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 23:57 - 2009-07-13 23:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 23:52 - 2012-09-27 11:00 - 01515630 _____ () C:\Windows\WindowsUpdate.log
2014-10-25 23:49 - 2013-09-16 18:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-25 23:49 - 2012-10-22 11:51 - 00000432 ____H () C:\Windows\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678}.job
2014-10-25 23:49 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-25 05:35 - 2013-09-16 18:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 19:30 - 2013-09-23 01:10 - 00000000 ____D () C:\Users\McCraney Family\AppData\Roaming\Azureus
2014-10-22 14:45 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-19 22:31 - 2012-10-15 04:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-16 20:40 - 2012-09-27 11:02 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 20:34 - 2012-10-08 14:02 - 00000000 ____D () C:\Users\McCraney Family
2014-10-16 05:24 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-10-14 22:23 - 2014-08-20 22:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-12 19:25 - 2013-04-29 17:20 - 00000000 ____D () C:\Users\McCraney Family\AppData\Roaming\Adobe
2014-10-11 22:19 - 2014-07-14 15:32 - 00000507 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-11 22:09 - 2014-07-14 19:27 - 00002573 _____ () C:\Users\Public\Desktop\Virtual Router Plus.lnk
2014-10-10 14:45 - 2013-04-17 01:24 - 00097746 _____ () C:\Windows\PFRO.log
2014-09-30 02:09 - 2014-07-14 15:34 - 00000000 ____D () C:\Program Files\KeyDownload
2014-09-30 02:08 - 2014-06-18 23:21 - 00000000 ____D () C:\ProgramData\5CCACFBEA5A0D82BF1583A69D9B1B04D
2014-09-30 02:08 - 2013-09-23 03:52 - 00000000 ____D () C:\Users\McCraney Family\AppData\Local\Apple Computer
2014-09-30 01:49 - 2013-05-23 04:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-30 00:28 - 2009-07-13 23:33 - 03668224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-30 00:27 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-30 00:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
 
Some content of TEMP:
====================
C:\Users\McCraney Family\AppData\Local\Temp\ClientToMobilePlatform.exe
C:\Users\McCraney Family\AppData\Local\Temp\ctmpua.exe
C:\Users\McCraney Family\AppData\Local\Temp\gcadapter.dll
C:\Users\McCraney Family\AppData\Local\Temp\i4jdel0.exe
C:\Users\McCraney Family\AppData\Local\Temp\i4jdel1.exe
C:\Users\McCraney Family\AppData\Local\Temp\InstallerLibrary.dll
C:\Users\McCraney Family\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\McCraney Family\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\McCraney Family\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\McCraney Family\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\McCraney Family\AppData\Local\Temp\KDLdr2_new.exe
C:\Users\McCraney Family\AppData\Local\Temp\mp3el2.exe
C:\Users\McCraney Family\AppData\Local\Temp\ms.exe
C:\Users\McCraney Family\AppData\Local\Temp\ose00000.exe
C:\Users\McCraney Family\AppData\Local\Temp\qms.exe
C:\Users\McCraney Family\AppData\Local\Temp\setup_optimum.exe
C:\Users\McCraney Family\AppData\Local\Temp\sfamcc00001.dll
C:\Users\McCraney Family\AppData\Local\Temp\sfextra.dll
C:\Users\McCraney Family\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\McCraney Family\AppData\Local\Temp\ValidationScriptLibrary.dll
C:\Users\McCraney Family\AppData\Local\Temp\VirtualRouterPlusSetup.exe
C:\Users\McCraney Family\AppData\Local\Temp\x264enc5.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 21:47
 
==================== End Of Log ============================
 
 
 
'Addition'
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-10-2014
Ran by McCraney Family at 2014-10-25 23:59:25
Running from C:\Users\McCraney Family\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.minecraft (Version: 1.5.1 - Mojocraft.net) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 4 (HKLM\...\{12450631-3289-40F7-AEC3-F6DCB6E1BDCF}) (Version: 4.0.20.365 - ArcSoft)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin USB Wireless Adapter (HKLM\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (Version: 1.0.0.13 - Belkin) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Connectify (HKLM\...\Connectify) (Version: 7.1.0.29279 - Connectify)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HyperCam 3 (HKLM\...\HyperCam 3) (Version: 3.1.1012.03 - Solveig Multimedia)
inSSIDer 3 (HKLM\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2302 - Intel Corporation)
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
KeyPlayr (HKLM\...\{A21A2C02-B537-4418-858C-1F79C309FD0C}) (Version: 1.00.0000 - KeyDownload)
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
Letasoft Sound Booster version 1.2 (HKLM\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.2 - Letasoft LLC)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Maryfi - English (HKLM\...\{70DC8913-5212-4936-AC8C-B366F55045CF}) (Version: 1.1.0 - MarySoft)
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Research Mesh Virtual WIFI (HKLM\...\{034A32D5-699E-4AED-A2EB-2CCB6E7F37F1}) (Version: 1.0.000 - Microsoft Research)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MPC-HC (HKLM\...\MPC-HC) (Version:  - MPC-HC Team)
MyPublicWiFi 5.1 (HKLM\...\{C08D782B-9281-406B-ABCE-326DA70B8A1F}_is1) (Version:  - TRUE Software)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Prism Video File Converter (HKLM\...\Prism) (Version:  - NCH Software)
Remote Control Server (HKLM\...\{755C6515-9FEA-490C-B15E-22BB6519E57E}) (Version: 2.0.1.60 - Steppschuh)
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
SpyHunter (HKLM\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Access Point 3.3 (HKLM\...\Virtual Access Point_is1) (Version:  - virtual-ap.com)
Virtual Router Plus (HKLM\...\{0AEE4D51-3657-4F40-A689-533429CAEE0C}) (Version: 2.5.0 - Runxia Electronics)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
WinRAR 5.00 beta 3 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.3 - win.rar GmbH)
Wondershare Dr.Fone for iOS(Build 4.1.0.24) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.1.0.24 - Wondershare Software Co.,Ltd.)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2541303647-2148132043-692123963-1001_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\cmcfg32.dll (Microsoft)
 
==================== Restore Points  =========================
 
15-10-2014 03:24:46 Installed SpyHunter
15-10-2014 03:27:47 Removed SpyHunter
24-10-2014 03:11:56 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-10-20 00:58 - 2014-10-20 18:01 - 00001213 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {174150D1-8960-4602-BCB7-E2CAA87D0715} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2010-05-18] (Enigma Software Group USA, LLC.)
Task: {367F3B7F-106B-416A-A6DB-6722C5058656} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {4992B558-38CF-4A8C-B7FE-9CEB16584149} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {62E6EAA1-CF4D-414B-BD6C-8DF52218CA8D} - System32\Tasks\{06766DB3-FD06-4530-8C88-54C17D67998D} => C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe [2013-03-04] ()
Task: {6D016CEE-44A7-48D6-8FDD-5C9AA7E36A36} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {735DA16E-651F-43A0-9EEA-B15F7DDD5C1F} - System32\Tasks\Optimum_LogOn => C:\Program Files\Optimum PC Boost\OptimumPCBoost.exe
Task: {7E517A7C-FEFB-4219-B57E-E9DE4B7E8924} - System32\Tasks\{B582C7BB-285E-4360-B320-46D544AF6818} => C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe [2013-03-04] ()
Task: {94C9F437-004B-4858-96F3-7ED93D7666AB} - System32\Tasks\Optimum_Daily => C:\Program Files\Optimum PC Boost\OptimumPCBoost.exe
Task: {A7ED22B3-1520-4186-9668-B606831476D5} - System32\Tasks\{5EB3D69E-3F26-4E42-8745-FB34BE2E2E77} => C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe [2013-03-04] ()
Task: {EB462A67-25FB-4F88-8A45-7EF96FDDFEBD} - System32\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
Task: {F0E5B25E-8576-4D54-A885-C559370C2922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-13 21:51 - 2013-09-13 21:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 21:51 - 2013-09-13 21:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-12 19:55 - 2013-11-05 15:07 - 00376608 _____ () C:\Program Files\Connectify\NativeLibrary.dll
2014-10-12 19:55 - 2013-11-05 15:07 - 03156256 _____ () C:\Program Files\Connectify\ConnectifyNAT.dll
2014-10-12 19:55 - 2013-11-05 15:07 - 00714016 _____ () C:\Program Files\Connectify\log4cplus.dll
2014-10-12 19:55 - 2013-11-05 15:07 - 00353056 _____ () C:\Program Files\Connectify\LibDispatch.dll
2014-07-14 15:21 - 2013-04-03 14:09 - 00756224 _____ () C:\Program Files\MyPublicWiFi\PublicWiFiService.exe
2014-07-19 20:53 - 2011-07-28 17:06 - 00297440 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
2014-07-19 20:53 - 2011-07-27 11:53 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
2014-09-30 11:50 - 2014-09-22 23:06 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-30 11:50 - 2014-09-22 23:06 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-30 11:50 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-30 11:50 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-30 11:50 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Windows NT:4F5DEB151AA2C78C64D4BC1E4B8C7E66
AlternateDataStreams: C:\ProgramData\Windows NT:74A1657361C767CEE4C36B3EC4299B6C
AlternateDataStreams: C:\ProgramData\Windows NT:8EA170DFD6247DDA21B22FC519D58B62
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 
HKU\.DEFAULT\Software\Classes\exefile:  <===== ATTENTION!
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\Software\Classes\exefile:  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
0 (S-1-5-21-2541303647-2148132043-692123963-1003 - Administrator - Enabled)
Administrator (S-1-5-21-2541303647-2148132043-692123963-500 - Administrator - Disabled)
Guest (S-1-5-21-2541303647-2148132043-692123963-501 - Limited - Disabled)
McCraney Family (S-1-5-21-2541303647-2148132043-692123963-1001 - Administrator - Enabled) => C:\Users\McCraney Family
 
==================== Faulty Device Manager Devices =============
 
Name: Virtual CloneDrive
Description: Virtual CloneDrive
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Elaborate Bytes AG
Service: ElbyVCD
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/24/2014 02:31:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 710069
 
Error: (10/24/2014 02:31:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 710069
 
Error: (10/24/2014 02:31:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2014 02:31:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 707948
 
Error: (10/24/2014 02:31:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 707948
 
Error: (10/24/2014 02:31:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2014 02:31:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 706856
 
Error: (10/24/2014 02:31:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 706856
 
Error: (10/24/2014 02:31:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2014 02:31:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 705857
 
 
System errors:
=============
Error: (10/25/2014 11:49:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ElbyVCD
 
Error: (10/25/2014 11:49:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KDUpdater service failed to start due to the following error: 
%%2
 
Error: (10/25/2014 11:49:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (10/25/2014 11:49:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:45:39 AM on ‎10/‎25/‎2014 was unexpected.
 
Error: (10/23/2014 08:20:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ElbyVCD
 
Error: (10/23/2014 08:20:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KDUpdater service failed to start due to the following error: 
%%2
 
Error: (10/23/2014 08:20:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (10/23/2014 07:26:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (10/23/2014 06:55:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ElbyVCD
 
Error: (10/23/2014 06:54:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KDUpdater service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (10/24/2014 02:31:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 710069
 
Error: (10/24/2014 02:31:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 710069
 
Error: (10/24/2014 02:31:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2014 02:31:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 707948
 
Error: (10/24/2014 02:31:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 707948
 
Error: (10/24/2014 02:31:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2014 02:31:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 706856
 
Error: (10/24/2014 02:31:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 706856
 
Error: (10/24/2014 02:31:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/24/2014 02:31:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 705857
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 2804.39 MB
Available physical RAM: 1601.45 MB
Total Pagefile: 5607.08 MB
Available Pagefile: 4155.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:39.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6A0C0F92)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:37 PM

Posted 26 October 2014 - 06:01 AM

Hello,

 

Your hosts file indicates that you have illegal software on your computer. Please remove Adobe abd any and all cracked software presently installed on your system and post a fresh FRST.txt and Addition.txt

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

Thank you for your understanding!

 

 

Regards,

Georgi

 

 


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:37 PM

Posted 27 October 2014 - 10:37 AM

Hi,

 

Are you still with me. I created a fixlist for you but I need you to delete all pirated apps first.

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#8 noserave

noserave
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 29 October 2014 - 02:14 PM

can you guide me through what to do here? I'm not sure what any of that stuff is. 



#9 noserave

noserave
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 29 October 2014 - 02:24 PM

Its taking me about 30 minutes just to be able to get on this websight and type my replies. I need to know what to do.



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:37 PM

Posted 29 October 2014 - 03:37 PM

Hi,

 

Ok, let's start this way and we will see how we will proceed further.

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi

 

 


cXfZ4wS.png


#11 noserave

noserave
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 31 October 2014 - 02:14 PM

Ok thank you so much, this computer is so messed up, I'd be happy to delete most everything off this computer and if you can help me set up a system restore with everything I want on here that'd be great. I mainly use this computer for browsing the web and league of legends... I'm not to fancy on the computer and dont understand most terms. I do however know how to look at ctrl alt del to view task manager, and even more tasks are popping up that ive never seen before. its not longer just dllhost and iexplorer... 
 
here is the document. 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2014 01
Ran by McCraney Family at 2014-10-31 13:51:09 Run:1
Running from C:\Users\McCraney Family\Desktop
Loaded Profile: McCraney Family (Available profiles: McCraney Family)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
AppInit_DLLs: C:\PROGRA~1\SEARCH~2\SEARCH~1\bin\SPVC32~1.DLL => C:\PROGRA~1\SEARCH~2\SEARCH~1\bin\SPVC32~1.DLL File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {7A11327E-A111-4ED9-AFDA-D31A9BE1DF75} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {FB771FAD-D59D-4639-9AE5-7857466BED71} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
FF HKLM\...\Firefox\Extensions: [50846b386b77d@50846b386b78a.com] - C:\Users\McCraney Family\AppData\Roaming\Mozilla\Firefox\Profiles\dkbscgwi.default\extensions\50846b386b77d@50846b386b78a.com
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak [2012-10-23]
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2012-10-23]
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geggofhlfbcmanadhknllmlajiafopoh [2012-10-23]
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ninmclfaanihkdljeclnamacejnlejhi [2012-10-23]
CHR HKLM\...\Chrome\Extension: [chopfbpmmolfkflnmdghmhhieebchfbn] - C:\ProgramData\SaveAs\chopfbpmmolfkflnmdghmhhieebchfbn.crx []
CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd10.crx []
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\McCraney Family\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []
S3 gfiark; system32\drivers\gfiark.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
Folder: C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4
File: C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\cmcfg32.dll
Task: {735DA16E-651F-43A0-9EEA-B15F7DDD5C1F} - System32\Tasks\Optimum_LogOn => C:\Program Files\Optimum PC Boost\OptimumPCBoost.exe
Task: {94C9F437-004B-4858-96F3-7ED93D7666AB} - System32\Tasks\Optimum_Daily => C:\Program Files\Optimum PC Boost\OptimumPCBoost.exe
Task: {EB462A67-25FB-4F88-8A45-7EF96FDDFEBD} - System32\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Windows NT:4F5DEB151AA2C78C64D4BC1E4B8C7E66
AlternateDataStreams: C:\ProgramData\Windows NT:74A1657361C767CEE4C36B3EC4299B6C
AlternateDataStreams: C:\ProgramData\Windows NT:8EA170DFD6247DDA21B22FC519D58B62
HKU\.DEFAULT\Software\Classes\exefile:  <===== ATTENTION!
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\Software\Classes\exefile:  <===== ATTENTION!
hosts:
emptytemp:
end
*****************
 
"C:\PROGRA~1\SEARCH~2\SEARCH~1\bin\SPVC32~1.DLL" => Value Data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A11327E-A111-4ED9-AFDA-D31A9BE1DF75}" => Key deleted successfully.
"HKCR\CLSID\{7A11327E-A111-4ED9-AFDA-D31A9BE1DF75}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB771FAD-D59D-4639-9AE5-7857466BED71}" => Key deleted successfully.
"HKCR\CLSID\{FB771FAD-D59D-4639-9AE5-7857466BED71}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value deleted successfully.
"HKCR\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}" => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\50846b386b77d@50846b386b78a.com => value deleted successfully.
C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak => Moved successfully.
C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf => Moved successfully.
C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geggofhlfbcmanadhknllmlajiafopoh => Moved successfully.
C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ninmclfaanihkdljeclnamacejnlejhi => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\chopfbpmmolfkflnmdghmhhieebchfbn" => Key deleted successfully.
"C:\ProgramData\SaveAs\chopfbpmmolfkflnmdghmhhieebchfbn.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih" => Key deleted successfully.
"C:\Program Files\OnlineHD.TV\onhd10.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak" => Key deleted successfully.
"C:\Users\McCraney Family\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx" => File/Directory not found.
gfiark => Service deleted successfully.
sbapifs => Service deleted successfully.
 
========================= Folder: C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4 ========================
 
Directory Not Found
 
========================= File: C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\cmcfg32.dll ========================
 
MD5: 669608BE92AF7DC5030412F789979D96
Creation and modification date: 2014-10-21 14:03 - 2014-10-29 14:04
Size: 0206912
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: ntdsa.dll
Original Name: ntdsa.dll
Product Name: Microsoft® Windows® Operating System
Description: NT5DS
File Version: 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)
Product Version: 5.2.3790.3959
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End Of File: ======
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{735DA16E-651F-43A0-9EEA-B15F7DDD5C1F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{735DA16E-651F-43A0-9EEA-B15F7DDD5C1F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimum_LogOn => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_LogOn" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94C9F437-004B-4858-96F3-7ED93D7666AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94C9F437-004B-4858-96F3-7ED93D7666AB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimum_Daily => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_Daily" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB462A67-25FB-4F88-8A45-7EF96FDDFEBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB462A67-25FB-4F88-8A45-7EF96FDDFEBD}" => Key deleted successfully.
C:\Windows\System32\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678}" => Key deleted successfully.
C:\Windows\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678}.job => Moved successfully.
C:\ProgramData\Windows NT => ":4F5DEB151AA2C78C64D4BC1E4B8C7E66" ADS removed successfully.
C:\ProgramData\Windows NT => ":74A1657361C767CEE4C36B3EC4299B6C" ADS removed successfully.
C:\ProgramData\Windows NT => ":8EA170DFD6247DDA21B22FC519D58B62" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-2541303647-2148132043-692123963-1001\Software\Classes\exefile" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 5.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:37 PM

Posted 31 October 2014 - 02:18 PM

Hi,

 

Please download the latest version of FRST from the link above and re-run it. Make sure that the Addition.txt is checked before you press the Scan button.

Next please post both logs files in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#13 noserave

noserave
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 31 October 2014 - 04:49 PM

 Ok I re downloaded it from the original link and here are the files attached. I also want to thank you for helping and will be donating you a 6 pack or more when my card gets in the mail (had security issues with my debit)   Also, I'd like to know exactly how this works. I consider myself pretty savvy with a computer, but as far as virus, malware, pirated apps, I have no idea whats goin on with it. do you have a messenger we can chat on? or something quicker so you can teach me (if willing) and I can ask questions? I plan on going to school one day for computer science, so this is really interesting to me. I'm grateful for your help either way man, its very nice for you to take your time to help me. Also, My computer runs a bit better after using task manager to end the strange processes over and over again. At first keep popping up after I end the process, but if I keep at it they stop attacking so vigorously, and my computer runs fairly smooth.  

 

 

Addition -

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2014 01
Ran by McCraney Family at 2014-10-31 13:51:09 Run:1
Running from C:\Users\McCraney Family\Desktop
Loaded Profile: McCraney Family (Available profiles: McCraney Family)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
AppInit_DLLs: C:\PROGRA~1\SEARCH~2\SEARCH~1\bin\SPVC32~1.DLL => C:\PROGRA~1\SEARCH~2\SEARCH~1\bin\SPVC32~1.DLL File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {7A11327E-A111-4ED9-AFDA-D31A9BE1DF75} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {FB771FAD-D59D-4639-9AE5-7857466BED71} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
FF HKLM\...\Firefox\Extensions: [50846b386b77d@50846b386b78a.com] - C:\Users\McCraney Family\AppData\Roaming\Mozilla\Firefox\Profiles\dkbscgwi.default\extensions\50846b386b77d@50846b386b78a.com
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak [2012-10-23]
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2012-10-23]
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geggofhlfbcmanadhknllmlajiafopoh [2012-10-23]
CHR Extension: (No Name) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ninmclfaanihkdljeclnamacejnlejhi [2012-10-23]
CHR HKLM\...\Chrome\Extension: [chopfbpmmolfkflnmdghmhhieebchfbn] - C:\ProgramData\SaveAs\chopfbpmmolfkflnmdghmhhieebchfbn.crx []
CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd10.crx []
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\McCraney Family\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []
S3 gfiark; system32\drivers\gfiark.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
Folder: C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4
File: C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\cmcfg32.dll
Task: {735DA16E-651F-43A0-9EEA-B15F7DDD5C1F} - System32\Tasks\Optimum_LogOn => C:\Program Files\Optimum PC Boost\OptimumPCBoost.exe
Task: {94C9F437-004B-4858-96F3-7ED93D7666AB} - System32\Tasks\Optimum_Daily => C:\Program Files\Optimum PC Boost\OptimumPCBoost.exe
Task: {EB462A67-25FB-4F88-8A45-7EF96FDDFEBD} - System32\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Windows NT:4F5DEB151AA2C78C64D4BC1E4B8C7E66
AlternateDataStreams: C:\ProgramData\Windows NT:74A1657361C767CEE4C36B3EC4299B6C
AlternateDataStreams: C:\ProgramData\Windows NT:8EA170DFD6247DDA21B22FC519D58B62
HKU\.DEFAULT\Software\Classes\exefile:  <===== ATTENTION!
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\Software\Classes\exefile:  <===== ATTENTION!
hosts:
emptytemp:
end
*****************
 
"C:\PROGRA~1\SEARCH~2\SEARCH~1\bin\SPVC32~1.DLL" => Value Data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A11327E-A111-4ED9-AFDA-D31A9BE1DF75}" => Key deleted successfully.
"HKCR\CLSID\{7A11327E-A111-4ED9-AFDA-D31A9BE1DF75}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB771FAD-D59D-4639-9AE5-7857466BED71}" => Key deleted successfully.
"HKCR\CLSID\{FB771FAD-D59D-4639-9AE5-7857466BED71}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value deleted successfully.
"HKCR\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}" => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\50846b386b77d@50846b386b78a.com => value deleted successfully.
C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak => Moved successfully.
C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf => Moved successfully.
C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geggofhlfbcmanadhknllmlajiafopoh => Moved successfully.
C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ninmclfaanihkdljeclnamacejnlejhi => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\chopfbpmmolfkflnmdghmhhieebchfbn" => Key deleted successfully.
"C:\ProgramData\SaveAs\chopfbpmmolfkflnmdghmhhieebchfbn.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih" => Key deleted successfully.
"C:\Program Files\OnlineHD.TV\onhd10.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak" => Key deleted successfully.
"C:\Users\McCraney Family\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx" => File/Directory not found.
gfiark => Service deleted successfully.
sbapifs => Service deleted successfully.
 
========================= Folder: C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4 ========================
 
Directory Not Found
 
========================= File: C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\cmcfg32.dll ========================
 
MD5: 669608BE92AF7DC5030412F789979D96
Creation and modification date: 2014-10-21 14:03 - 2014-10-29 14:04
Size: 0206912
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: ntdsa.dll
Original Name: ntdsa.dll
Product Name: Microsoft® Windows® Operating System
Description: NT5DS
File Version: 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)
Product Version: 5.2.3790.3959
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End Of File: ======
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{735DA16E-651F-43A0-9EEA-B15F7DDD5C1F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{735DA16E-651F-43A0-9EEA-B15F7DDD5C1F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimum_LogOn => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_LogOn" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94C9F437-004B-4858-96F3-7ED93D7666AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94C9F437-004B-4858-96F3-7ED93D7666AB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimum_Daily => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimum_Daily" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB462A67-25FB-4F88-8A45-7EF96FDDFEBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB462A67-25FB-4F88-8A45-7EF96FDDFEBD}" => Key deleted successfully.
C:\Windows\System32\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678}" => Key deleted successfully.
C:\Windows\Tasks\OptimizerPro1UpdaterTask{A774B3EB-D80F-4F7B-92DB-E7453D225678}.job => Moved successfully.
C:\ProgramData\Windows NT => ":4F5DEB151AA2C78C64D4BC1E4B8C7E66" ADS removed successfully.
C:\ProgramData\Windows NT => ":74A1657361C767CEE4C36B3EC4299B6C" ADS removed successfully.
C:\ProgramData\Windows NT => ":8EA170DFD6247DDA21B22FC519D58B62" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-2541303647-2148132043-692123963-1001\Software\Classes\exefile" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 5.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
FRST -
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01
Ran by McCraney Family (administrator) on NOSERAVE on 31-10-2014 16:37:00
Running from C:\Users\McCraney Family\Desktop
Loaded Profile: McCraney Family (Available profiles: McCraney Family)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\MyPublicWiFi\PublicWiFiService.exe
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Connectify) C:\Program Files\Connectify\ConnectifyNetServices.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\McCraney Family\Desktop\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-18] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [3816960 2013-12-27] (Connectify)
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Run: [DAEMON Tools Pro Agent] => "C:\Program Files\Portable\DAEMON Tools Pro Advanced v5.2.0.0348\DTAgent.exe" -autorun
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Run: [oyvrxnm] => C:\Users\McCraney Family\AppData\Local\Microsoft Games\oyvrxnm.exe
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Run: [Ilmmsoft] => C:\Users\McCraney Family\AppData\Local\Ilmmsoft\wcigxcg.exe [142392 2014-10-31] ()
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Run: [Ukqmedia] => regsvr32.exe "C:\Users\McCraney Family\AppData\Local\Ukqmedia\kctlHelpapi.dll" <===== ATTENTION
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Run: [USBmedia] => C:\Windows\System32\regsvr32.exe "C:\Users\McCraney Family\AppData\Local\Ilmmsoft\kctlHelpapi.dll"
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\MountPoints2: {169dd255-0ad5-11e3-9b5c-206a8a194fd0} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\MountPoints2: {5ac6f3ba-249b-11e4-937b-206a8a194fd0} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2541303647-2148132043-692123963-1001\...\MountPoints2: {7a2e8a7d-267e-11e3-b8a6-206a8a194fd0} - F:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-21] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x078037A1DD98CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {025A07C6-DDCB-48C9-94CC-F9A00C7F5F4F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {91C77C29-C56E-4303-B693-C4888985F0EE} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9D3A7B32-BBC6-442E-8FBA-D6F7C14FA76E}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [searchpredict@speedbit.com] - 
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR Profile: C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]
CHR Extension: (Google Search) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]
CHR Extension: (AdBlock) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-29]
CHR Extension: (Facebook - Delete All Messages) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2014-07-29]
CHR Extension: (Refresh Monkey) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]
CHR Profile: C:\Users\McCraney Family\AppData\Local\Google\Chrome\User Data\Profile 1
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2013-11-05] (Connectify) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MyPublicWiFiService; C:\Program Files\MyPublicWiFi\PublicWiFiService.exe [756224 2013-04-03] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S2 KDUpdater; "\\?\C:\Users\MCCRAN~1\AppData\Local\Temp\kd64CA.tmp" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1564160 2010-10-11] (Atheros Communications, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2014-10-12] (Connectify)
S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [22784 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [35256 2012-09-26] (Thesycon GmbH, Germany)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-22] (DT Soft Ltd)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R1 ndiskhaz; C:\Windows\System32\DRIVERS\ndiskhaz.sys [25416 2012-12-07] (Khalil Azzouzi)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2012-10-12] (VSO Software) [File not signed]
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21472 2011-07-22] (Windows ® Win 7 DDK provider)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-09-26] () [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
U3 afhdwh0o; C:\Windows\system32\Drivers\afhdwh0o.sys [0 ] (Microsoft Corporation)
S0 ElbyVCD; system32\DRIVERS\ElbyVCD.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-31 16:37 - 2014-10-31 16:37 - 00014941 _____ () C:\Users\McCraney Family\Desktop\FRST.txt
2014-10-31 16:29 - 2014-10-31 16:29 - 01105408 _____ (Farbar) C:\Users\McCraney Family\Desktop\FRST (1).exe
2014-10-31 13:19 - 2014-10-31 13:19 - 00000000 ____D () C:\Users\McCraney Family\AppData\Local\Ukqmedia
2014-10-31 13:19 - 2014-10-31 13:19 - 00000000 ____D () C:\Users\McCraney Family\AppData\Local\Ilmmsoft
2014-10-25 23:53 - 2014-10-31 16:37 - 00000000 ____D () C:\FRST
2014-10-25 23:52 - 2014-10-25 23:52 - 01104384 _____ (Farbar) C:\Users\McCraney Family\Downloads\FRST.exe
2014-10-21 14:03 - 2014-10-31 15:05 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-10-21 14:03 - 2014-10-21 14:07 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-20 21:22 - 2014-10-20 21:22 - 00995648 _____ (DivX, LLC) C:\Users\McCraney Family\Downloads\DivXWebPlayerInstaller (3).exe
2014-10-20 21:12 - 2014-10-20 21:12 - 00995648 _____ (DivX, LLC) C:\Users\McCraney Family\Downloads\DivXWebPlayerInstaller (2).exe
2014-10-14 22:25 - 2014-10-16 05:24 - 00000000 ____D () C:\Users\McCraney Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-14 22:25 - 2014-10-16 05:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-14 22:25 - 2014-10-14 22:25 - 00002262 _____ () C:\Users\McCraney Family\Desktop\SpyHunter.lnk
2014-10-14 22:24 - 2014-10-14 22:25 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-10-14 22:23 - 2014-10-14 22:23 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-12 20:05 - 2014-10-12 20:05 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk
2014-10-12 20:05 - 2014-10-12 20:05 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk
2014-10-12 20:05 - 2014-10-12 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
2014-10-12 19:55 - 2014-10-12 20:14 - 00000000 ____D () C:\Program Files\Connectify
2014-10-12 19:55 - 2014-10-12 20:09 - 00000000 ____D () C:\ProgramData\Connectify
2014-10-12 19:55 - 2014-10-12 19:55 - 00029672 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2014-10-12 19:39 - 2014-10-12 19:39 - 00000000 ____D () C:\Program Files\Microsoft Research
2014-10-12 19:35 - 2014-10-12 19:36 - 12766208 _____ () C:\Users\McCraney Family\Downloads\MSRMesh-VirtualWIFI.MSI
2014-10-12 19:31 - 2014-10-12 19:31 - 00001092 _____ () C:\Users\Public\Desktop\Maryfi.lnk
2014-10-12 19:31 - 2014-10-12 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MarySoft
2014-10-12 19:31 - 2014-10-12 19:31 - 00000000 ____D () C:\Program Files\MarySoft
2014-10-12 19:29 - 2014-10-12 19:29 - 02170291 _____ (MarySoft) C:\Users\McCraney Family\Downloads\Maryfi-EN.exe
2014-10-12 19:25 - 2014-10-12 19:25 - 00000000 ____D () C:\Users\McCraney Family\Downloads\virtualrouter3.3
2014-10-12 19:23 - 2014-10-12 19:24 - 00370323 _____ () C:\Users\McCraney Family\Downloads\virtualrouter3.3.zip
2014-10-12 19:19 - 2014-10-12 19:21 - 03691356 _____ (virtual-ap.com ) C:\Users\McCraney Family\Downloads\virtual-ap_setup.exe
2014-10-11 21:56 - 2014-10-22 15:27 - 00000000 ____D () C:\Program Files\SpeedFan
2014-10-11 21:56 - 2014-10-11 21:56 - 00000965 _____ () C:\Users\McCraney Family\Desktop\SpeedFan.lnk
2014-10-11 21:56 - 2014-10-11 21:56 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2014-10-11 21:56 - 2014-10-11 21:56 - 00000000 ____D () C:\Users\McCraney Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-11 21:56 - 2014-10-11 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-11 21:55 - 2014-10-11 21:56 - 02174848 _____ () C:\Users\McCraney Family\Downloads\instsf450.exe
2014-10-11 18:42 - 2014-10-12 19:43 - 00000000 ____D () C:\Program Files\Virtual Access Point
2014-10-11 18:42 - 2014-10-12 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Access Point
2014-10-11 03:08 - 2014-10-31 14:00 - 00003752 _____ () C:\Windows\setupact.log
2014-10-11 03:08 - 2014-10-11 03:08 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-31 16:34 - 2013-09-16 18:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 16:34 - 2009-07-13 23:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-31 16:34 - 2009-07-13 23:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-31 15:34 - 2013-09-16 18:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-31 14:53 - 2013-09-16 18:09 - 00000000 ____D () C:\Users\McCraney Family\AppData\Local\Microsoft Games
2014-10-31 14:26 - 2012-09-27 11:00 - 01546562 _____ () C:\Windows\WindowsUpdate.log
2014-10-31 14:08 - 2014-09-30 01:50 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 14:00 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 13:59 - 2013-04-17 01:24 - 00103906 _____ () C:\Windows\PFRO.log
2014-10-29 15:55 - 2013-09-23 01:10 - 00000000 ____D () C:\Users\McCraney Family\AppData\Roaming\Azureus
2014-10-28 07:56 - 2009-07-13 23:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-28 07:23 - 2012-09-27 11:02 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 07:18 - 2009-07-14 02:48 - 00000000 ____D () C:\Windows\ShellNew
2014-10-27 11:45 - 2014-03-29 19:31 - 00000000 ____D () C:\Users\McCraney Family\AppData\Local\Blizzard Entertainment
2014-10-22 14:45 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 18:56 - 2014-09-30 01:50 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-20 18:56 - 2014-09-30 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-20 18:56 - 2014-09-30 01:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-19 22:31 - 2012-10-15 04:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-16 20:34 - 2012-10-08 14:02 - 00000000 ____D () C:\Users\McCraney Family
2014-10-16 05:24 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-10-14 22:23 - 2014-08-20 22:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-12 19:25 - 2013-04-29 17:20 - 00000000 ____D () C:\Users\McCraney Family\AppData\Roaming\Adobe
2014-10-11 22:19 - 2014-07-14 15:32 - 00000507 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-11 22:09 - 2014-07-14 19:27 - 00002573 _____ () C:\Users\Public\Desktop\Virtual Router Plus.lnk
2014-10-01 11:11 - 2014-09-30 01:49 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-09-30 01:49 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-09-30 01:49 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-27 11:41
 
==================== End Of Log ============================


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:37 PM

Posted 31 October 2014 - 05:54 PM

Hi,

 

You posted the fixlog.txt again instead of the new Addition.txt. :)

 

Ok I re downloaded it from the original link and here are the files attached. I also want to thank you for helping and will be donating you a 6 pack or more when my card gets in the mail (had security issues with my debit)

 

No need to worry about that.

 

Also, I'd like to know exactly how this works. I consider myself pretty savvy with a computer, but as far as virus, malware, pirated apps, I have no idea whats goin on with it. do you have a messenger we can chat on? or something quicker so you can teach me (if willing) and I can ask questions? I plan on going to school one day for computer science, so this is really interesting to me. I'm grateful for your help either way man, its very nice for you to take your time to help me. Also, My computer runs a bit better after using task manager to end the strange processes over and over again. At first keep popping up after I end the process, but if I keep at it they stop attacking so vigorously, and my computer runs fairly smooth.

 

We don't provide support via PM. That's what the forums are here for. :)

If you are interested about the cleaning process then I suggest that you read this post (and the next posts)... ;)

Hope this helps!

Btw, please don't stop any processes at your own. This can make the tools to miss the malware...

Thank you for your understanding! :)

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 31 October 2014 - 05:55 PM.

cXfZ4wS.png


#15 noserave

noserave
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 31 October 2014 - 06:06 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2014 01
Ran by McCraney Family at 2014-10-31 16:37:47
Running from C:\Users\McCraney Family\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.minecraft (Version: 1.5.1 - Mojocraft.net) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 4 (HKLM\...\{12450631-3289-40F7-AEC3-F6DCB6E1BDCF}) (Version: 4.0.20.365 - ArcSoft)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin USB Wireless Adapter (HKLM\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (Version: 1.0.0.13 - Belkin) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Connectify (HKLM\...\Connectify) (Version: 7.1.0.29279 - Connectify)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HyperCam 3 (HKLM\...\HyperCam 3) (Version: 3.1.1012.03 - Solveig Multimedia)
inSSIDer 3 (HKLM\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2302 - Intel Corporation)
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
KeyPlayr (HKLM\...\{A21A2C02-B537-4418-858C-1F79C309FD0C}) (Version: 1.00.0000 - KeyDownload)
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
Letasoft Sound Booster version 1.2 (HKLM\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.2 - Letasoft LLC)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Maryfi - English (HKLM\...\{70DC8913-5212-4936-AC8C-B366F55045CF}) (Version: 1.1.0 - MarySoft)
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Research Mesh Virtual WIFI (HKLM\...\{034A32D5-699E-4AED-A2EB-2CCB6E7F37F1}) (Version: 1.0.000 - Microsoft Research)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MPC-HC (HKLM\...\MPC-HC) (Version:  - MPC-HC Team)
MyPublicWiFi 5.1 (HKLM\...\{C08D782B-9281-406B-ABCE-326DA70B8A1F}_is1) (Version:  - TRUE Software)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Prism Video File Converter (HKLM\...\Prism) (Version:  - NCH Software)
Remote Control Server (HKLM\...\{755C6515-9FEA-490C-B15E-22BB6519E57E}) (Version: 2.0.1.60 - Steppschuh)
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
SpyHunter (HKLM\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Access Point 3.3 (HKLM\...\Virtual Access Point_is1) (Version:  - virtual-ap.com)
Virtual Router Plus (HKLM\...\{0AEE4D51-3657-4F40-A689-533429CAEE0C}) (Version: 2.5.0 - Runxia Electronics)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
WinRAR 5.00 beta 3 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.3 - win.rar GmbH)
Wondershare Dr.Fone for iOS(Build 4.1.0.24) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.1.0.24 - Wondershare Software Co.,Ltd.)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2541303647-2148132043-692123963-1001_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\cmcfg32.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
15-10-2014 03:24:46 Installed SpyHunter
15-10-2014 03:27:47 Removed SpyHunter
24-10-2014 03:11:56 Scheduled Checkpoint
31-10-2014 19:49:57 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-10-20 00:58 - 2014-10-31 13:52 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {174150D1-8960-4602-BCB7-E2CAA87D0715} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2010-05-18] (Enigma Software Group USA, LLC.)
Task: {367F3B7F-106B-416A-A6DB-6722C5058656} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {4992B558-38CF-4A8C-B7FE-9CEB16584149} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {62E6EAA1-CF4D-414B-BD6C-8DF52218CA8D} - System32\Tasks\{06766DB3-FD06-4530-8C88-54C17D67998D} => C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe [2013-03-04] ()
Task: {6D016CEE-44A7-48D6-8FDD-5C9AA7E36A36} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {7E517A7C-FEFB-4219-B57E-E9DE4B7E8924} - System32\Tasks\{B582C7BB-285E-4360-B320-46D544AF6818} => C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe [2013-03-04] ()
Task: {A7ED22B3-1520-4186-9668-B606831476D5} - System32\Tasks\{5EB3D69E-3F26-4E42-8745-FB34BE2E2E77} => C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe [2013-03-04] ()
Task: {F0E5B25E-8576-4D54-A885-C559370C2922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-13 21:51 - 2013-09-13 21:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 21:51 - 2013-09-13 21:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-12 19:55 - 2013-11-05 15:07 - 00376608 _____ () C:\Program Files\Connectify\NativeLibrary.dll
2014-10-12 19:55 - 2013-11-05 15:07 - 03156256 _____ () C:\Program Files\Connectify\ConnectifyNAT.dll
2014-10-12 19:55 - 2013-11-05 15:07 - 00714016 _____ () C:\Program Files\Connectify\log4cplus.dll
2014-10-12 19:55 - 2013-11-05 15:07 - 00353056 _____ () C:\Program Files\Connectify\LibDispatch.dll
2014-07-14 15:21 - 2013-04-03 14:09 - 00756224 _____ () C:\Program Files\MyPublicWiFi\PublicWiFiService.exe
2014-07-19 20:53 - 2011-07-28 17:06 - 00297440 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
2014-07-19 20:53 - 2011-07-27 11:53 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
2014-10-29 14:53 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 14:53 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 14:53 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 14:53 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-29 14:53 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
0 (S-1-5-21-2541303647-2148132043-692123963-1003 - Administrator - Enabled)
Administrator (S-1-5-21-2541303647-2148132043-692123963-500 - Administrator - Disabled)
Guest (S-1-5-21-2541303647-2148132043-692123963-501 - Limited - Disabled)
McCraney Family (S-1-5-21-2541303647-2148132043-692123963-1001 - Administrator - Enabled) => C:\Users\McCraney Family
 
==================== Faulty Device Manager Devices =============
 
Name: Virtual CloneDrive
Description: Virtual CloneDrive
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Elaborate Bytes AG
Service: ElbyVCD
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/31/2014 03:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: WININET.dll, version: 11.0.9600.17207, time stamp: 0x53a20f0c
Exception code: 0xc0000005
Fault offset: 0x0012de4c
Faulting process id: 0x17b8
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (10/31/2014 02:53:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/31/2014 02:50:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/31/2014 01:49:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000024
Fault offset: 0x00081e77
Faulting process id: 0xa50
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (10/29/2014 02:03:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NoseRave.local already in use; will try NoseRave-2.local instead
 
Error: (10/29/2014 02:03:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 NoseRave.local. Addr 192.168.1.238
 
Error: (10/29/2014 02:03:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.236:5353    4 Noserave.local. Addr 192.168.1.236
 
Error: (10/29/2014 02:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NoseRave.local already in use; will try NoseRave-2.local instead
 
Error: (10/29/2014 02:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 NoseRave.local. Addr 192.168.1.238
 
Error: (10/29/2014 02:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.236:5353    4 Noserave.local. Addr 192.168.1.236
 
 
System errors:
=============
Error: (10/31/2014 02:48:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
Error: (10/31/2014 02:48:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
 
Error: (10/31/2014 02:47:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
Error: (10/31/2014 02:47:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
 
Error: (10/31/2014 02:47:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (10/31/2014 02:00:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ElbyVCD
 
Error: (10/31/2014 02:00:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KDUpdater service failed to start due to the following error: 
%%2
 
Error: (10/31/2014 00:30:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ElbyVCD
 
Error: (10/31/2014 00:30:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KDUpdater service failed to start due to the following error: 
%%2
 
Error: (10/31/2014 00:30:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (10/31/2014 03:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d6727a7WININET.dll11.0.9600.1720753a20f0cc00000050012de4c17b801cff53dc90e9db1C:\Windows\explorer.exeC:\Windows\system32\WININET.dll32bcd33f-6139-11e4-a849-206a8a194fd0
 
Error: (10/31/2014 02:53:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\NETGEAR\WNA1100\WPSAgt64.exe
 
Error: (10/31/2014 02:50:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe
 
Error: (10/31/2014 01:49:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ntdll.dll6.1.7601.18247521ea91cc000002400081e77a5001cff530676d2b0aC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dlla9c7dca4-612e-11e4-8326-206a8a194fd0
 
Error: (10/29/2014 02:03:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NoseRave.local already in use; will try NoseRave-2.local instead
 
Error: (10/29/2014 02:03:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 NoseRave.local. Addr 192.168.1.238
 
Error: (10/29/2014 02:03:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.236:5353    4 Noserave.local. Addr 192.168.1.236
 
Error: (10/29/2014 02:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NoseRave.local already in use; will try NoseRave-2.local instead
 
Error: (10/29/2014 02:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 NoseRave.local. Addr 192.168.1.238
 
Error: (10/29/2014 02:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.236:5353    4 Noserave.local. Addr 192.168.1.236
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 2804.39 MB
Available physical RAM: 1192.8 MB
Total Pagefile: 5607.08 MB
Available Pagefile: 3575.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.07 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:51.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6A0C0F92)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users