Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laggy slow pc


  • This topic is locked This topic is locked
9 replies to this topic

#1 steelkobra03

steelkobra03

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 22 November 2014 - 10:24 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16592  BrowserJavaVersion: 10.55.2
Run by Qp33zy at 16:00:18 on 2014-11-22
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.5110.3747 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AASP\1.00.78\aaCenter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GoogleChromeAutoLaunch_3FC39E16792D9C0756053BA2481F136D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6C72E840-A115-4CC9-AF59-6504A6776411} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C122C080-9004-4693-9A82-6DD994F88B50} : DHCPNameServer = 192.168.1.254
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-mStart Page = about:blank
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-11-11 26176]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-11-11 4816568]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-11-11 71472]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-11-11 57024]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2010-5-30 392192]
S2 0056841404852372mcinstcleanup;McAfee Application Installer Cleanup (0056841404852372);C:\Users\Qp33zy\AppData\Local\Temp\005684~1.EXE -cleanup -nolog --> C:\Users\Qp33zy\AppData\Local\Temp\005684~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-2 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-2 968504]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-2 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-2 64216]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2014-7-7 1900400]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\Windows\System32\drivers\yk60x64l.sys [2007-12-14 92160]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-13 90776]
S4 McAPExe;McAfee AP Service;"C:\Program Files\McAfee\MSC\McAPExe.exe" --> C:\Program Files\McAfee\MSC\McAPExe.exe [?]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1720608]
S4 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-4-11 460288]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-11-22 19:06:37 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-16 06:04:50 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-16 06:04:50 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 21:14:51 103374192 ----a-w- C:\Windows\System32\mrt.exe
2014-11-04 20:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-27 20:32:45 17870336 ----a-w- C:\Windows\System32\mshtml.dll
2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-27 20:12:24 10921472 ----a-w- C:\Windows\System32\ieframe.dll
2014-10-27 20:07:15 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-27 20:05:26 237056 ----a-w- C:\Windows\System32\url.dll
2014-10-27 20:05:13 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:38 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-27 20:04:29 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-10-27 20:04:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-10-27 20:04:09 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-10-27 20:03:59 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-10-27 20:03:57 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-10-27 20:03:54 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-10-27 20:03:41 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-10-27 20:03:05 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-10-27 19:10:22 12366848 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-27 19:02:37 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-10-27 18:59:41 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:57:36 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-10-27 18:57:18 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:56:15 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-10-27 18:56:10 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-10-27 18:56:08 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-10-27 18:55:50 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-10-27 18:55:44 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-10-27 18:55:39 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-10-27 18:55:32 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-10-27 18:55:28 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-10-27 18:54:43 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 00:46:22 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-12 23:52:40 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-10-10 01:10:24 548352 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-10 01:09:30 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-10 01:09:23 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-10 01:01:46 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-10 01:00:34 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-09 23:53:20 619520 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-09 23:22:16 619520 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 01:18:20 274432 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:17:16 396800 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:17:16 115712 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:03:12 313344 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 01:02:20 201728 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 01:01:59 474624 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 01:01:59 446976 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-02 23:49:01 88576 ----a-w- C:\Windows\SysWow64\audiodg.exe
2014-10-02 19:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 19:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-10-01 16:11:22 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 16:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-19 00:50:45 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 00:45:00 347136 ----a-w- C:\Windows\System32\schannel.dll
2014-09-09 06:40:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 06:24:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 23:38:10 198656 ----a-w- C:\Windows\System32\drivers\fastfat.sys
2014-08-27 00:55:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-08-27 00:55:39 1249280 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-08-27 00:41:56 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-08-27 00:41:56 1869824 ----a-w- C:\Windows\System32\msxml3.dll
.
============= FINISH: 16:00:41.20 ===============
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 27 November 2014 - 10:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/557297 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 28 November 2014 - 03:23 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16592  BrowserJavaVersion: 10.55.2
Run by Qp33zy at 14:19:17 on 2014-11-28
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.5110.3698 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\System32\dfrgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GoogleChromeAutoLaunch_3FC39E16792D9C0756053BA2481F136D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6C72E840-A115-4CC9-AF59-6504A6776411} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C122C080-9004-4693-9A82-6DD994F88B50} : DHCPNameServer = 192.168.1.254
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-mStart Page = about:blank
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-11-11 26176]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-11-11 4816568]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-2 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-2 968504]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-11-11 71472]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-11-11 57024]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-2 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-2 64216]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2010-5-30 392192]
S2 0056841404852372mcinstcleanup;McAfee Application Installer Cleanup (0056841404852372);C:\Users\Qp33zy\AppData\Local\Temp\005684~1.EXE -cleanup -nolog --> C:\Users\Qp33zy\AppData\Local\Temp\005684~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2014-7-7 1900400]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;C:\Windows\System32\drivers\yk60x64l.sys [2007-12-14 92160]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-13 90776]
S4 McAPExe;McAfee AP Service;"C:\Program Files\McAfee\MSC\McAPExe.exe" --> C:\Program Files\McAfee\MSC\McAPExe.exe [?]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1720608]
S4 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-4-11 460288]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-11-28 19:41:56 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-16 06:04:50 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-16 06:04:50 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 21:14:51 103374192 ----a-w- C:\Windows\System32\mrt.exe
2014-11-04 20:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-27 20:32:45 17870336 ----a-w- C:\Windows\System32\mshtml.dll
2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-27 20:12:24 10921472 ----a-w- C:\Windows\System32\ieframe.dll
2014-10-27 20:07:15 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-27 20:05:26 237056 ----a-w- C:\Windows\System32\url.dll
2014-10-27 20:05:13 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:38 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-27 20:04:29 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-10-27 20:04:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-10-27 20:04:09 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-10-27 20:03:59 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-10-27 20:03:57 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-10-27 20:03:54 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-10-27 20:03:41 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-10-27 20:03:05 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-10-27 19:10:22 12366848 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-27 19:02:37 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-10-27 18:59:41 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:57:36 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-10-27 18:57:18 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:56:15 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-10-27 18:56:10 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-10-27 18:56:08 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-10-27 18:55:50 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-10-27 18:55:44 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-10-27 18:55:39 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-10-27 18:55:32 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-10-27 18:55:28 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-10-27 18:54:43 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 00:46:22 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-12 23:52:40 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-10-10 01:10:24 548352 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-10 01:09:30 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-10 01:09:23 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-10 01:01:46 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-10 01:00:34 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-09 23:53:20 619520 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-09 23:22:16 619520 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 01:18:20 274432 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:17:16 396800 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:17:16 115712 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:03:12 313344 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 01:02:20 201728 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 01:01:59 474624 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 01:01:59 446976 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-02 23:49:01 88576 ----a-w- C:\Windows\SysWow64\audiodg.exe
2014-10-02 19:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 19:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-10-01 16:11:22 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 16:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-19 00:50:45 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 00:45:00 347136 ----a-w- C:\Windows\System32\schannel.dll
2014-09-09 06:40:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 06:24:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 23:38:10 198656 ----a-w- C:\Windows\System32\drivers\fastfat.sys
.
============= FINISH: 14:19:45.88 ===============
 

 


Edited by steelkobra03, 28 November 2014 - 03:26 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 29 November 2014 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 30 November 2014 - 09:11 PM

# AdwCleaner v4.102 - Report created 30/11/2014 at 19:36:51
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows ™ Vista Ultimate Service Pack 2 (64 bits)
# Username : Qp33zy - QP33ZY
# Running from : C:\Users\Qp33zy\Favorites\Downloads\adwcleaner_4.102 (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16592
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={E5E2AAFF-9DF8-4A02-8CFB-76ACBFD5BB91}&mid=ccd9eb3be3494a2590c79bd9480f7a48-32a20ceee2b69ede78af058111f3f7a8989da967&lang=en&ds=dw011&pr=sa&d=2012-05-04 17:09:29&v=11.1.0.12&sap=dsp&q={searchTerms}
[C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1702 octets] - [30/11/2014 19:33:39]
AdwCleaner[S0].txt - [1610 octets] - [30/11/2014 19:36:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1670 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014 01
Ran by Qp33zy (administrator) on QP33ZY on 30-11-2014 20:05:56
Running from C:\Users\Qp33zy\Documents\Desktop\FRST
Loaded Profile: Qp33zy (Available profiles: Qp33zy & Mcx1)
Platform: Windows Vista ™ Ultimate Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\ASUS\AASP\1.00.78\aaCenter.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\...\Run: [GoogleChromeAutoLaunch_3FC39E16792D9C0756053BA2481F136D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000 -> {27E813CB-099A-4A0E-B6FD-564DFCCA7BDE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=617686&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000 -> {FBD189DA-2979-4B39-9F87-0E6066E770A6} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US679&p={SearchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Qp33zy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Qp33zy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @talk.google.com/O3DPlugin -> C:\Users\Qp33zy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Qp33zy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Qp33zy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Qp33zy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Qp33zy\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF SearchPlugin: C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-01]
FF Extension: FlashGot - C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-01-24]
FF Extension: fcreward.100493.b - C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi [2012-05-05]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-30]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Drive) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01]
CHR Extension: (Google Search) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01]
CHR Extension: (Google Wallet) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Vine Client) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojohjpgmcfnholboljmkbcchbipcbci [2014-10-25]
CHR Extension: (Gmail) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [86016 2008-08-15] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts)
S4 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-02-25] (Alcatel-Lucent) [File not signed]
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 0056841404852372mcinstcleanup; C:\Users\Qp33zy\AppData\Local\Temp\005684~1.EXE -cleanup -nolog [X]
S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2010-05-30] ()
S1 Beep; No ImagePath
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SkLaggProtocol; C:\Windows\System32\DRIVERS\yk60x64l.sys [92160 2007-12-14] (Marvell)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 20:05 - 2014-11-30 20:06 - 00000000 ____D () C:\FRST
2014-11-30 19:38 - 2014-11-30 19:38 - 00000318 _____ () C:\Windows\PFRO.log
2014-11-30 19:33 - 2014-11-30 19:36 - 00000000 ____D () C:\AdwCleaner
2014-11-29 10:32 - 2014-11-29 10:32 - 485330589 _____ () C:\Windows\MEMORY.DMP
2014-11-24 14:14 - 2014-11-24 14:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-20 19:03 - 2014-11-20 19:03 - 00000639 _____ () C:\Users\Qp33zy\Desktop\JRT.txt
2014-11-19 07:08 - 2014-10-23 19:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:08 - 2014-10-23 18:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 15:29 - 2014-10-12 17:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 15:27 - 2014-09-18 18:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 15:27 - 2014-09-18 18:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 15:26 - 2014-08-11 20:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 15:26 - 2014-08-11 20:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 15:24 - 2014-10-17 19:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 15:24 - 2014-10-17 18:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 15:24 - 2014-10-09 19:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 15:24 - 2014-10-09 19:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 15:24 - 2014-10-09 19:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 15:24 - 2014-10-09 19:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 15:24 - 2014-10-09 19:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 15:24 - 2014-10-09 17:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 15:24 - 2014-10-09 17:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 15:24 - 2014-10-02 19:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 15:24 - 2014-10-02 19:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 15:24 - 2014-10-02 19:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 15:24 - 2014-10-02 19:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 15:24 - 2014-10-02 19:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 15:24 - 2014-10-02 19:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 15:24 - 2014-10-02 19:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 15:24 - 2014-10-02 17:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-12 15:14 - 2014-10-23 19:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 15:14 - 2014-10-23 18:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 15:13 - 2014-10-27 14:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 15:13 - 2014-10-27 14:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 15:13 - 2014-10-27 14:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 15:13 - 2014-10-27 14:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 15:13 - 2014-10-27 14:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 15:13 - 2014-10-27 14:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 15:13 - 2014-10-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 15:13 - 2014-10-27 13:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 15:13 - 2014-10-27 12:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 15:13 - 2014-10-27 12:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 15:13 - 2014-10-27 12:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 15:13 - 2014-10-27 12:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 15:13 - 2014-10-27 12:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 15:13 - 2014-10-27 12:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 15:13 - 2014-10-27 12:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 15:13 - 2014-10-27 12:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 15:13 - 2014-08-26 18:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 15:13 - 2014-08-26 18:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 15:13 - 2014-08-26 18:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 15:13 - 2014-08-26 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 15:12 - 2014-10-27 14:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 15:12 - 2014-10-27 14:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 15:12 - 2014-10-27 14:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 15:12 - 2014-10-27 14:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 15:12 - 2014-10-27 14:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 15:12 - 2014-10-27 14:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 15:12 - 2014-10-27 14:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 15:12 - 2014-10-27 14:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 15:12 - 2014-10-27 14:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 15:12 - 2014-10-27 14:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 15:12 - 2014-10-27 14:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 15:12 - 2014-10-27 14:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 15:12 - 2014-10-27 14:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 15:12 - 2014-10-27 14:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 15:12 - 2014-10-27 13:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 15:12 - 2014-10-27 13:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 15:12 - 2014-10-27 12:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 15:12 - 2014-10-27 12:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 15:12 - 2014-10-27 12:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 15:12 - 2014-10-27 12:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 15:12 - 2014-10-27 12:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 15:12 - 2014-10-27 12:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 15:12 - 2014-10-27 12:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 15:12 - 2014-10-27 12:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 15:12 - 2014-10-27 12:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 15:12 - 2014-10-27 12:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 15:38 - 2014-11-11 15:38 - 00000890 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-11-10 05:25 - 2014-11-30 19:44 - 01094138 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 22:39 - 2014-11-05 22:39 - 00000000 ____D () C:\Users\Qp33zy\AppData\Roaming\CrystalIdea Software
2014-11-05 21:01 - 2014-11-05 21:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-31 00:09 - 2014-10-31 00:09 - 00001985 _____ () C:\Users\Public\Desktop\The Sims™ 3 Seasons.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 20:02 - 2012-04-30 21:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 20:01 - 2014-04-02 13:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 19:41 - 2014-06-28 12:15 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-30 19:39 - 2014-02-28 06:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf348066bc43f0.job
2014-11-30 19:38 - 2006-11-02 09:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 19:38 - 2006-11-02 09:21 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 19:38 - 2006-11-02 09:21 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 19:37 - 2006-11-02 09:40 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-30 12:43 - 2014-07-07 15:32 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-26 15:00 - 2010-05-30 14:08 - 00030208 _____ () C:\Users\Qp33zy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-24 15:52 - 2014-02-28 06:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf3480682dfc60.job
2014-11-24 15:47 - 2014-02-28 06:27 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf3480682dfc60
2014-11-24 15:47 - 2014-02-28 06:27 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf348066bc43f0
2014-11-21 14:15 - 2012-09-04 11:40 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-16 02:47 - 2010-12-29 20:01 - 00000000 ____D () C:\Users\Mcx1
2014-11-16 00:05 - 2012-04-30 21:21 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-16 00:04 - 2012-04-30 21:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-16 00:04 - 2011-07-08 23:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-14 02:59 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\rescache
2014-11-14 02:22 - 2006-11-02 09:21 - 00241224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 15:49 - 2006-11-02 06:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 15:23 - 2013-07-10 17:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 15:14 - 2006-11-02 06:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-10 04:50 - 2013-03-13 04:47 - 00000000 ____D () C:\Users\Qp33zy\AppData\Roaming\QuickScan
2014-11-04 14:30 - 2010-05-30 16:53 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-01 15:01 - 2010-05-30 15:51 - 00000000 ____D () C:\Users\Qp33zy
2014-10-31 00:09 - 2010-05-30 16:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-31 00:00 - 2014-07-07 15:35 - 00000000 ____D () C:\Program Files (x86)\Origin Games
 
Some content of TEMP:
====================
C:\Users\Qp33zy\AppData\Local\Temp\Quarantine.exe
C:\Users\Qp33zy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-30 19:45
 
==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014 01
Ran by Qp33zy at 2014-11-30 20:06:50
Running from C:\Users\Qp33zy\Documents\Desktop\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACID Pro 7.0 (HKLM-x32\...\{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}) (Version: 7.0.713 - Sony)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AI Direct Link (HKLM-x32\...\{C312984C-E386-4C2D-B33E-7B54355FB16E}) (Version: 1.00.20 - )
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.04.28 - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{96334581-5554-3E5F-8BC9-924C3C3AC5BE}) (Version: 3.5.1.8982 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Image Magic Packages (HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\...\Image Magic Packages) (Version:  - ) <==== ATTENTION
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 10.60.6.3 - Marvell)
Marvell Network Configuration Utility (HKLM-x32\...\{7A351AAA-E651-41B1-89B6-972A676FF78B}) (Version: 2.11.5.3 - Marvell)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.58 - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
TurboV (HKLM-x32\...\{A31951C5-DCD8-4DFE-A525-CFC701F54792}) (Version: 1.00.15 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Cable Tester (HKLM-x32\...\{3D654496-9C3D-4565-858C-3E551ECDA4E2}) (Version: 2.16.3.3 - Marvell)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Qp33zy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Qp33zy\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Qp33zy\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Qp33zy\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Qp33zy\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe (Google Inc.)
 
==================== Restore Points  =========================
 
07-11-2014 18:27:06 Scheduled Checkpoint
08-11-2014 21:13:06 Scheduled Checkpoint
09-11-2014 18:35:18 Scheduled Checkpoint
10-11-2014 11:00:50 Checkpoint by HitmanPro
11-11-2014 08:12:19 Windows Update
12-11-2014 02:25:36 Scheduled Checkpoint
12-11-2014 21:13:11 Windows Update
13-11-2014 11:05:35 Scheduled Checkpoint
14-11-2014 07:03:48 Windows Update
15-11-2014 03:14:52 Scheduled Checkpoint
15-11-2014 19:55:28 Scheduled Checkpoint
15-11-2014 22:11:46 Checkpoint by HitmanPro
16-11-2014 18:40:37 Scheduled Checkpoint
17-11-2014 21:33:05 Scheduled Checkpoint
18-11-2014 08:07:38 Windows Update
19-11-2014 13:08:18 Windows Update
20-11-2014 16:52:46 Scheduled Checkpoint
21-11-2014 10:34:50 Checkpoint by HitmanPro
21-11-2014 10:35:27 Checkpoint by HitmanPro
22-11-2014 03:14:22 Scheduled Checkpoint
23-11-2014 20:25:13 Scheduled Checkpoint
25-11-2014 01:47:50 Scheduled Checkpoint
25-11-2014 07:29:36 Windows Update
25-11-2014 20:21:22 Scheduled Checkpoint
26-11-2014 22:17:01 Scheduled Checkpoint
28-11-2014 11:07:22 Scheduled Checkpoint
29-11-2014 03:16:51 Scheduled Checkpoint
30-11-2014 00:45:39 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:34 - 2014-04-27 06:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BD35877-F6A6-450B-9BC6-F9C40EEE0D04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-16] (Adobe Systems Incorporated)
Task: {11B23BAA-9307-4B13-9C8D-AD288536BEC9} - System32\Tasks\HP Deskjet 1050 J410 series.exe => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HP Deskjet 1050 J410 series.exe
Task: {15393839-0F4D-4F0B-AF8D-A38E5A54D962} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {25964D44-0146-4BD9-A9A5-06F9A0FCFBB7} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.78\AsLoader.exe [2008-07-01] ()
Task: {2C689A57-1698-4EB2-B001-A3A3AFFB1BBF} - System32\Tasks\GoogleUpdateTaskMachineCore1cf348066bc43f0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.)
Task: {3D7277D9-1738-4918-ACCE-D70DB5AF78EA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {56BC90F6-CDEF-4B04-925D-179E7D7A4E4D} - System32\Tasks\{A50C5F21-C8FA-46A2-A5D9-48FF98483C43} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.11.0.102&amp;LastError=12002
Task: {67514B79-76F1-4ADF-A654-3015A6EF675A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6FDF007D-EAC8-4289-BDDB-5F519979A216} - System32\Tasks\ASUS\ASUS ACPI Service Provider => C:\Program Files (x86)\ASUS\AASP\1.00.78\aaCenter.exe [2008-10-02] ()
Task: {76822C6F-E547-4E86-A4EC-4F1D9B6E8409} - \AmiUpdXp No Task File <==== ATTENTION
Task: {A475BCF8-F559-4293-9BC2-5500D9DB2A28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {A6F70238-D581-4A1B-89CB-D8D3FDF44102} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
Task: {C274056A-F566-4A38-A257-27769EA54393} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HpWebReg.exe
Task: {C5F40CCD-D64E-43EC-B48D-D12B63D1DF1B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Qp33zy => C:\Program Files\Windows Calendar\wincal.exe [2008-01-20] (Microsoft Corporation)
Task: {C78F8F7C-AC83-4E65-863B-0FCD690B10C9} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {DBC698D7-3A06-4ECF-AD7F-FBB8BBC9D9FE} - System32\Tasks\GoogleUpdateTaskMachineUA1cf3480682dfc60 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.)
Task: {E0A17E23-8D15-4139-B167-C2D86F2422D4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3566799651-3591339517-3716990925-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E2956135-4F30-4CD8-9D75-3BF4402FA7D8} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {F6A5B8ED-1EDE-4F47-86C6-F2249366F4CC} - System32\Tasks\ASUS\Launch AI Direct Link => C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe [2008-06-17] ()
Task: {FE402FC0-600F-49C7-A0A0-E358FEC7A034} - System32\Tasks\{820C945B-2897-4016-A3EE-2545C902551B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf348066bc43f0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf3480682dfc60.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3566799651-3591339517-3716990925-1000Core1cd5f8ef9804633.job => C:\Users\Qp33zy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll
 
==================== Loaded Modules (whitelisted) =============
 
2008-10-02 19:32 - 2008-10-02 19:32 - 00622080 ____R () C:\Program Files (x86)\ASUS\AASP\1.00.78\aaCenter.exe
2014-11-11 15:37 - 2014-10-06 17:43 - 00775400 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-30 16:35 - 2005-06-22 03:39 - 00204851 ____R () C:\Program Files (x86)\ASUS\AASP\1.00.78\PowerDll.dll
2010-05-30 16:35 - 2008-01-17 02:46 - 00053248 ____R () C:\Program Files (x86)\ASUS\AASP\1.00.78\cpuutil.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAPExe => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: pcCMService64 => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Ai Nap => "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Corel Photo Downloader => 
MSCONFIG\startupreg: Cpu Level Up => "C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe" -r
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: emsisoft anti-malware => "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QFan Help => "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RunDLLEntry => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
MSCONFIG\startupreg: SearchProtection => "C:\Users\Qp33zy\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TurboV => "C:\Program Files\ASUS\TurboV\TurboV.exe"
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdSync.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3566799651-3591339517-3716990925-500 - Administrator - Disabled)
Guest (S-1-5-21-3566799651-3591339517-3716990925-501 - Limited - Enabled)
Mcx1 (S-1-5-21-3566799651-3591339517-3716990925-1001 - Administrator - Enabled) => C:\Users\Mcx1
Qp33zy (S-1-5-21-3566799651-3591339517-3716990925-1000 - Administrator - Enabled) => C:\Users\Qp33zy
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/30/2014 07:40:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2014 04:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.0.1.26, time stamp 0x543e558b, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00047456,
process id 0x1100, application start time 0xiTunes.exe0.
 
Error: (11/30/2014 01:11:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\QP33ZY\DOCUMENTS\ELECTRONIC ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/30/2014 00:54:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\QP33ZY\DOCUMENTS\ELECTRONIC ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/29/2014 08:01:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.0.1.26, time stamp 0x543e558b, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00047456,
process id 0x924, application start time 0xiTunes.exe0.
 
Error: (11/29/2014 10:54:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\QP33ZY\DOCUMENTS\ELECTRONIC ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/29/2014 10:33:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 09:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.0.1.26, time stamp 0x543e558b, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00047456,
process id 0xd58, application start time 0xiTunes.exe0.
 
Error: (11/28/2014 05:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 05:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.0.1.26, time stamp 0x543e558b, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00047456,
process id 0x628, application start time 0xiTunes.exe0.
 
 
System errors:
=============
Error: (11/30/2014 07:40:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (11/30/2014 07:38:50 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147549183
 
Error: (11/30/2014 03:07:52 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer Q-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6C72E840-A115-4CC9-AF59-6504A6776411}.
The master browser is stopping or an election is being forced.
 
Error: (11/29/2014 03:48:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman
 
Error: (11/29/2014 10:33:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (11/29/2014 10:32:27 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147549183
 
Error: (11/29/2014 10:32:23 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:53:43 AM on 11/29/2014 was unexpected.
 
Error: (11/28/2014 11:28:06 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer Q-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6C72E840-A115-4CC9-AF59-6504A6776411}.
The master browser is stopping or an election is being forced.
 
Error: (11/28/2014 05:31:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (11/28/2014 05:29:59 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147549183
 
 
Microsoft Office Sessions:
=========================
Error: (11/30/2014 07:40:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2014 04:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec000000500047456110001d00c4454d597d0
 
Error: (11/30/2014 01:11:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\QP33ZY\DOCUMENTS\ELECTRONIC ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE
 
Error: (11/30/2014 00:54:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\QP33ZY\DOCUMENTS\ELECTRONIC ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE
 
Error: (11/29/2014 08:01:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec00000050004745692401d00c3f84380080
 
Error: (11/29/2014 10:54:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\QP33ZY\DOCUMENTS\ELECTRONIC ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE
 
Error: (11/29/2014 10:33:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 09:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec000000500047456d5801d00b77f7c93841
 
Error: (11/28/2014 05:31:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/28/2014 05:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec00000050004745662801d00b50644c4690
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-30 19:41:18.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-30 12:11:34.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-30 12:11:33.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-30 12:11:31.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-30 12:11:30.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-30 11:31:46.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-30 11:31:46.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-30 11:31:46.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-30 11:31:46.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-29 12:10:36.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 965 @ 3.20GHz
Percentage of memory in use: 26%
Total physical RAM: 5110.17 MB
Available physical RAM: 3779.21 MB
Total Pagefile: 10446.85 MB
Available Pagefile: 8649.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:305.09 GB) NTFS
Drive d: () (Fixed) (Total:29.84 GB) (Free:0.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 29.8 GB) (Disk ID: AE525A56)
Partition 1: (Active) - (Size=29.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 471C5C87)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 01 December 2014 - 09:50 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Qp33zy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Extension: fcreward.100493.b - C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi [2012-05-05]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (Google Wallet) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
S2 0056841404852372mcinstcleanup; C:\Users\Qp33zy\AppData\Local\Temp\005684~1.EXE -cleanup -nolog [X]
S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {76822C6F-E547-4E86-A4EC-4F1D9B6E8409} - \AmiUpdXp No Task File <==== ATTENTION
C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 01 December 2014 - 03:29 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2014 01
Ran by Qp33zy at 2014-12-01 14:18:47 Run:1
Running from C:\Users\Qp33zy\Documents\Desktop\FRST
Loaded Profile: Qp33zy (Available profiles: Qp33zy & Mcx1)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3566799651-3591339517-3716990925-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKU\S-1-5-21-3566799651-3591339517-3716990925-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Qp33zy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Extension: fcreward.100493.b - C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi [2012-05-05]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (Google Wallet) - C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
S2 0056841404852372mcinstcleanup; C:\Users\Qp33zy\AppData\Local\Temp\005684~1.EXE -cleanup -nolog [X]
S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {76822C6F-E547-4E86-A4EC-4F1D9B6E8409} - \AmiUpdXp No Task File <==== ATTENTION
C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
*****************
 
"HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => value deleted successfully.
"HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\Software\MozillaPlugins\@doubletwist.com/NPPodcast" => Key deleted successfully.
C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll not found.
"HKU\S-1-5-21-3566799651-3591339517-3716990925-1000\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3" => Key deleted successfully.
C:\Users\Qp33zy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll not found.
C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi => Moved successfully.
C:\Program Files (x86)\McAfee\SiteAdvisor not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
C:\Users\Qp33zy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
0056841404852372mcinstcleanup => Service deleted successfully.
McAPExe => Service deleted successfully.
Beep => Service deleted successfully.
catchme => Service deleted successfully.
HTCAND64 => Service deleted successfully.
IpInIp => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76822C6F-E547-4E86-A4EC-4F1D9B6E8409}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76822C6F-E547-4E86-A4EC-4F1D9B6E8409}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully.
"C:\Users\Qp33zy\AppData\Roaming\Mozilla\Firefox\Profiles\xitb790a.default\Extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi" => File/Directory not found.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.91  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 2.0.3.1025  
 JavaFX 2.1.1    
 Java 7 Update 55  
 Java version 32-bit out of Date! 
  Adobe Flash Player 14.0.0.125 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome 38.0.2125.104 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 02 December 2014 - 07:57 AM


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

JavaFX 2.1.1
Java 7 Update 55


===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 02 December 2014 - 09:53 PM

I've completed the above steps! Thanks!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 08 December 2014 - 08:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users