Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found fbwuser file.


  • Please log in to reply
12 replies to this topic

#1 BCGronk

BCGronk

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 AM

Posted 25 December 2014 - 09:35 PM

Does this file allow access to my computer from outside sources?   How to remove  fbwuser  file?



BC AdBot (Login to Remove)

 


#2 DonnaB

DonnaB

    Bleepin' Ailurophile


  • Malware Response Instructor
  • 2,394 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The edge of reality
  • Local time:04:55 AM

Posted 25 December 2014 - 11:24 PM

Hi BCGronk,

Do you have a Virtual Private Network  (VPN) installed? When a VPN is installed, a user is created in the User's folder with that name.

To remove it you might have to uninstall the VPN.

Donna :)

A cat named ugly


Proud parent of a young Man who devotes his life to the U.S.Navy

Graduate of GeekU Malware Removal training program

"To achieve the impossible, it is precisely the unthinkable that must be thought." ~ Tom Robbins

"Once I knew only darkness and stillness... my life was without past or future... but a little word from the fingers of another fell into my hand that clutched at emptiness, and my heart leaped to the rapture of living." ~ Helen Keller

#3 BCGronk

BCGronk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 AM

Posted 25 December 2014 - 11:45 PM

No VPN installed.



#4 DonnaB

DonnaB

    Bleepin' Ailurophile


  • Malware Response Instructor
  • 2,394 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The edge of reality
  • Local time:04:55 AM

Posted 25 December 2014 - 11:53 PM

Ever have one installed that you recall.

Where is fbwuser found? File or Folder? What's inside the folder?

You asked how to remove it. Have you tried?

A cat named ugly


Proud parent of a young Man who devotes his life to the U.S.Navy

Graduate of GeekU Malware Removal training program

"To achieve the impossible, it is precisely the unthinkable that must be thought." ~ Tom Robbins

"Once I knew only darkness and stillness... my life was without past or future... but a little word from the fingers of another fell into my hand that clutched at emptiness, and my heart leaped to the rapture of living." ~ Helen Keller

#5 BCGronk

BCGronk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 AM

Posted 26 December 2014 - 12:06 AM

Never had a VPN installed.

 

It is a folder, listed under Users, under Dave-PC, under Network.

 

Within the  fbwuser  folder are:

 

       Desktop, Documents, Downloads, Favorites, Links, Music, Pictures, Saved Games, Videos.

 

I have not tried to remove it yet.



#6 BCGronk

BCGronk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 AM

Posted 26 December 2014 - 12:11 AM

Only two of the listed have anything in them:  Desktop has a folder called Play Games and within it are play Runescape and War of Legends.  The other folder is Favorites, and it is a folder named Links.  Within the Links folder are two files named; eBay and Play Free Games.

 

All other folders are empty.



#7 DonnaB

DonnaB

    Bleepin' Ailurophile


  • Malware Response Instructor
  • 2,394 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The edge of reality
  • Local time:04:55 AM

Posted 26 December 2014 - 01:15 AM

Ok. The description you provided of the file path certainly sounds like the fwbuser folder was created due to a VPN.

Let's see if this file/folder search will produce any results that may shed some light on it's existence.

YjhLJro.png SystemLook
  • Please download the appropriate version for your Operating System below and save the file to your Desktop.

    Systemlook (32-bit)

    Systemlook (64-bit)
  • Right-Click SystemLook.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.

    :filefind
    *fbwuser*
    
    :folderfind
    *fbwuser*
    
    :regfind
    *fbwuser*
    
    
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Attach the log in your next reply.
  • Click the OCFv7xc.png button.

A cat named ugly


Proud parent of a young Man who devotes his life to the U.S.Navy

Graduate of GeekU Malware Removal training program

"To achieve the impossible, it is precisely the unthinkable that must be thought." ~ Tom Robbins

"Once I knew only darkness and stillness... my life was without past or future... but a little word from the fingers of another fell into my hand that clutched at emptiness, and my heart leaped to the rapture of living." ~ Helen Keller

#8 BCGronk

BCGronk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 AM

Posted 26 December 2014 - 05:23 PM

SystemLook info:

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 14:07 on 26/12/2014 by Dave
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*fbwuser*"
No files found.
 
========== folderfind ==========
 
Searching for "*fbwuser*"
C:\Users\fbwuser d------ [22:13 10/09/2013]
 
========== regfind ==========
 
Searching for "*fbwuser*"
No data found.
 
-= EOF =-


#9 DonnaB

DonnaB

    Bleepin' Ailurophile


  • Malware Response Instructor
  • 2,394 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The edge of reality
  • Local time:04:55 AM

Posted 26 December 2014 - 06:15 PM

Well! Found the folder in question! :thumbup2:

I would like to view the installed programs. Please do the following:

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices - -------> (dial) All
  • List Users, Partitions and Memory size
  • List Minidump Files
Click Go and post the result.

A cat named ugly


Proud parent of a young Man who devotes his life to the U.S.Navy

Graduate of GeekU Malware Removal training program

"To achieve the impossible, it is precisely the unthinkable that must be thought." ~ Tom Robbins

"Once I knew only darkness and stillness... my life was without past or future... but a little word from the fingers of another fell into my hand that clutched at emptiness, and my heart leaped to the rapture of living." ~ Helen Keller

#10 BCGronk

BCGronk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 AM

Posted 26 December 2014 - 11:08 PM

And here is MiniToolBox results:          

 

  MiniToolBox by Farbar  Version: 30-11-2014

Ran by Dave (administrator) on 26-12-2014 at 20:00:41
Running from "C:\Users\Dave\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
DW1525 (802.11n) WLAN PCIe Card = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Hardware not present)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Dave-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : DW1525 (802.11n) WLAN PCIe Card
   Physical Address. . . . . . . . . : C0-CB-38-9E-20-05
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5cd1:daee:b19b:7445%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.16(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, December 26, 2014 7:34:28 PM
   Lease Expires . . . . . . . . . . : Saturday, December 27, 2014 7:58:23 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 331402040
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-2B-C5-5A-B8-AC-6F-E1-9E-4C
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{E0D6046A-0CA6-4388-AB14-FA82E33136B2}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24ef:13b1:b3f1:79b6(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::24ef:13b1:b3f1:79b6%12(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  2607:f8b0:4005:802::1002
 74.125.239.32
 74.125.239.39
 74.125.239.35
 74.125.239.46
 74.125.239.37
 74.125.239.34
 74.125.239.38
 74.125.239.33
 74.125.239.41
 74.125.239.40
 74.125.239.36
 
 
Pinging google.com [74.125.239.36] with 32 bytes of data:
Reply from 74.125.239.36: bytes=32 time=22ms TTL=54
Reply from 74.125.239.36: bytes=32 time=29ms TTL=54
 
Ping statistics for 74.125.239.36:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 29ms, Average = 25ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=106ms TTL=45
Reply from 98.139.183.24: bytes=32 time=116ms TTL=45
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 106ms, Maximum = 116ms, Average = 111ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...c0 cb 38 9e 20 05 ......DW1525 (802.11n) WLAN PCIe Card
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.16     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.16    281
     192.168.1.16  255.255.255.255         On-link      192.168.1.16    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.16    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.16    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.16    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:90d7:24ef:13b1:b3f1:79b6/128
                                    On-link
 13    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::24ef:13b1:b3f1:79b6/128
                                    On-link
 13    281 fe80::5cd1:daee:b19b:7445/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/26/2014 07:36:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/26/2014 02:58:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (12/26/2014 01:50:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 08:11:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 08:00:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 07:33:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 01:58:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 10:57:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (12/25/2014 10:05:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 09:46:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/25/2014 07:30:47 PM) (Source: Service Control Manager) (User: )
Description: The Server service terminated with the following error: 
%%1062
 
Error: (12/25/2014 07:30:47 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1115
 
Error: (12/25/2014 07:29:10 PM) (Source: Service Control Manager) (User: )
Description: The Server service terminated with the following error: 
%%1062
 
Error: (12/25/2014 07:29:10 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1115
 
Error: (12/25/2014 07:29:09 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%-2147467243
 
Error: (12/25/2014 07:29:07 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: 
%%1069
 
Error: (12/25/2014 07:29:07 PM) (Source: Service Control Manager) (User: )
Description: The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%1352
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/25/2014 07:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1069
 
Error: (12/25/2014 07:29:07 PM) (Source: Service Control Manager) (User: )
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%1352
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (12/25/2014 07:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1069
 
 
Microsoft Office Sessions:
=========================
Error: (12/26/2014 07:36:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/26/2014 02:58:15 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\GRECOM\ez scan digital\DelZip179.dllc:\program files (x86)\GRECOM\ez scan digital\DelZip179.dll8
 
Error: (12/26/2014 01:50:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 08:11:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 08:00:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 07:33:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 01:58:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 10:57:46 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\GRECOM\ez scan digital\DelZip179.dllc:\program files (x86)\GRECOM\ez scan digital\DelZip179.dll8
 
Error: (12/25/2014 10:05:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2014 09:46:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
 
=========================== Installed Programs ============================
2600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
2600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
2600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.356 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreeSCAN  (HKLM-x32\...\FreeSCAN) (Version:  - Sixspot Software)
Glary Utilities 5.15 (HKLM-x32\...\Glary Utilities 5) (Version: 5.15.0.28 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GRECOM PSR-800 EZ Scan Digital PC Application (HKLM-x32\...\EZ Scan Digital) (Version: 1.04 - GRE America, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HomePatrol Sentinel (HKLM-x32\...\{F6381DF9-4824-47D5-887C-65A24871B4D5}) (Version: 2.03.02 - Uniden)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScannerLive - 1  (HKCU\...\a1fe4e6ac2a4128c) (Version: 1.6.0.1 - Skywatch Services LLC)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unitrunker (HKLM-x32\...\{009277EF-5841-42AD-84B6-B6D9124B2624}) (Version: 11.29.2014 - Unitrunker.com)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
 
========================= Devices: ================================
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: nsiproxy
 
Name: F:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
 
Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: tcpipreg
 
Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
 
Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
 
Name: Intel® 82801 PCI Bridge - 244E
Description: Intel® 82801 PCI Bridge - 244E
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
 
Name: Intel® ICH10 Family USB Universal Host Controller - 3A35
Description: Intel® ICH10 Family USB Universal Host Controller - 3A35
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: Intel® ICH10 Family PCI Express Root Port 3 - 3A44
Description: Intel® ICH10 Family PCI Express Root Port 3 - 3A44
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: CLFS
 
Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: tdx
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Null
 
Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: CNG
 
Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
 
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
 
Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: pcw
 
Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
 
Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mountmgr
 
Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VgaSave
 
Name: Intel® 4 Series Chipset Processor to I/O Controller - 2E20
Description: Intel® 4 Series Chipset Processor to I/O Controller - 2E20
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
 
Name: Generic- SM/xD Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Intel® ICH10 Family USB Universal Host Controller - 3A36
Description: Intel® ICH10 Family USB Universal Host Controller - 3A36
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: PEAUTH
 
Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
 
Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: discache
 
Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
 
Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mpsdrv
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: volmgrx
 
Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot
 
Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Psched
 
Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: H:\
Description: MS/MS-Pro       
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
 
Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: DXGKrnl
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: volsnap
 
Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Pentium® Dual-Core  CPU      E5800  @ 3.20GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
 
Name: Privacyware Filter Driver
Description: Privacyware Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: pwipf6
 
Name: Intel® G45/G43 Express Chipset
Description: Intel® G45/G43 Express Chipset
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
 
Name: Intel® ICH10 Family USB Universal Host Controller - 3A37
Description: Intel® ICH10 Family USB Universal Host Controller - 3A37
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: vwififlt
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Wanarpv6
 
Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RDPCDD
 
Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
 
Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Intel® G45/G43 Express Chipset
Description: Intel® G45/G43 Express Chipset
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
 
Name: Intel® ICH10 Family USB Universal Host Controller - 3A38
Description: Intel® ICH10 Family USB Universal Host Controller - 3A38
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Wdf01000
 
Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive
 
Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RDPENCDD
 
Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: msisadrv
 
Name: TSSTcorp DVD+-RW TS-H653G ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
 
Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
 
Name: E:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
 
Name: Dell ST2321L_Analog
Description: Dell ST2321L_Analog
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: Dell Inc.
Service: monitor
 
Name: Pentium® Dual-Core  CPU      E5800  @ 3.20GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
 
Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: WfpLwf
 
Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RDPREFMP
 
Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: fvevol
 
Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: WudfPf
 
Name: Intel® ICH10R LPC Interface Controller - 3A16
Description: Intel® ICH10R LPC Interface Controller - 3A16
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv
 
Name: Intel® ICH10 Family USB Enhanced Host Controller - 3A3A
Description: Intel® ICH10 Family USB Enhanced Host Controller - 3A3A
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
 
Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: rspndr
 
Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: GUBootStartup
Description: GUBootStartup
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: GUBootStartup
 
Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NativeWifiP
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
 
Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
 
Name: WDC WD10EZEX-00BN5A0 ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
 
Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
 
Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NDIS
 
Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
 
Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
 
Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
 
Name: Standard AHCI 1.0 Serial ATA Controller
Description: Standard AHCI 1.0 Serial ATA Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Standard AHCI 1.0 Serial ATA Controller
Service: msahci
 
Name: Intel® ICH10 Family USB Enhanced Host Controller - 3A3C
Description: Intel® ICH10 Family USB Enhanced Host Controller - 3A3C
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Ndisuio
 
Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: hwpolicy
 
Name: Intel® 82802 Firmware Hub Device
Description: Intel® 82802 Firmware Hub Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
 
Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
 
Name: G:\
Description: SM/xD Picture   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
 
Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: secdrv
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
 
Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NDProxy
 
Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: KSecDD
 
Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
 
Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AFD
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
 
Name: Generic- Compact Flash USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: KSecPkg
 
Name: Intel® ICH10 Family SMBus Controller - 3A30
Description: Intel® ICH10 Family SMBus Controller - 3A30
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
 
Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
 
Name: IDE Channel
Description: IDE Channel
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: atapi
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: lltdio
 
Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NetBT
 
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
 
Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Beep
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NPF
 
Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Generic- MS/MS-Pro USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
 
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
 
Name: DW1525 (802.11n) WLAN PCIe Card
Description: DW1525 (802.11n) WLAN PCIe Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
 
Name: Intel® ICH10 Family USB Universal Host Controller - 3A34
Description: Intel® ICH10 Family USB Universal Host Controller - 3A34
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: Intel® ICH10 Family PCI Express Root Port 1 - 3A40
Description: Intel® ICH10 Family PCI Express Root Port 1 - 3A40
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Tcpip
 
Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
 
Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 27%
Total physical RAM: 6108.98 MB
Available physical RAM: 4399.17 MB
Total Pagefile: 12216.15 MB
Available Pagefile: 9908.57 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.49 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:917.96 GB) (Free:847.33 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DAVE-PC
 
Administrator            Dave                     Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
24-12-2014 03:08:09 Windows Update
24-12-2014 05:37:40 Installed Privatefirewall 7.0
24-12-2014 05:48:39 Checkpoint by HitmanPro
24-12-2014 06:49:05 Installed inSSIDer Home
24-12-2014 20:33:37 Installed Unitrunker
24-12-2014 22:36:32 Installed HomePatrol Sentinel
24-12-2014 22:43:26 Installed HomePatrol Sentinel
25-12-2014 00:42:33 Windows Update
25-12-2014 03:50:12 Windows Update
25-12-2014 17:50:39 Windows Update
25-12-2014 17:57:45 Windows Update
25-12-2014 22:11:42 Removed Unitrunker
25-12-2014 22:12:49 Installed Unitrunker
 
**** End of log ****


#11 DonnaB

DonnaB

    Bleepin' Ailurophile


  • Malware Response Instructor
  • 2,394 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The edge of reality
  • Local time:04:55 AM

Posted 27 December 2014 - 01:11 AM

Hi BCGronk,

Thank you for the logs. :)

In the System Look log, the folder is found as you pointed out. See below:

========== folderfind ==========
 
Searching for "*fbwuser*"
C:\Users\fbwuser d------ [22:13 10/09/2013]
It appears that the file was created on September 10, 2013. All my research points out that this user account folder was created by Hotspot Shield. One example:

fbwuser

If you don't have or ever recall installing Hotspot Shield, I can assure it would be safe to delete that folder.

Keep me informed.....

Donna :)

A cat named ugly


Proud parent of a young Man who devotes his life to the U.S.Navy

Graduate of GeekU Malware Removal training program

"To achieve the impossible, it is precisely the unthinkable that must be thought." ~ Tom Robbins

"Once I knew only darkness and stillness... my life was without past or future... but a little word from the fingers of another fell into my hand that clutched at emptiness, and my heart leaped to the rapture of living." ~ Helen Keller

#12 BCGronk

BCGronk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:55 AM

Posted 27 December 2014 - 08:37 PM

Donna:

 

I removed the fbwuser folder.  Everything seems to be working all OK.

 

 

Thank you for your assistance!



#13 DonnaB

DonnaB

    Bleepin' Ailurophile


  • Malware Response Instructor
  • 2,394 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The edge of reality
  • Local time:04:55 AM

Posted 27 December 2014 - 09:43 PM

You're welcome, BCGronk, truly a pleasure to help! :)

Thank you for keeping me informed.

Have a nice day!

Donna :)

A cat named ugly


Proud parent of a young Man who devotes his life to the U.S.Navy

Graduate of GeekU Malware Removal training program

"To achieve the impossible, it is precisely the unthinkable that must be thought." ~ Tom Robbins

"Once I knew only darkness and stillness... my life was without past or future... but a little word from the fingers of another fell into my hand that clutched at emptiness, and my heart leaped to the rapture of living." ~ Helen Keller




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users