Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

External Hard Disk Infected


  • Please log in to reply
5 replies to this topic

#1 han8

han8

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 29 December 2014 - 01:27 AM

Help needed!

 

I scanned my external hard disk using avast! and from the scan results there's some folders (with severity level high) with the status "Threat: LNK:FakeFolder-B[Trj]" and folder (RECYCLER\0xFFD12566.exe) (with severity level high) with the status "Threat: Win32:Downloader-IWT [Trj]". The action recommended is "Move to Chest".

 

How do I go about from here? Please help!  :(


Edited by han8, 29 December 2014 - 01:28 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:01 AM

Posted 29 December 2014 - 03:45 PM

Hi.. Did you move them to the Chest? Do that.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    • Double-click on the renamed file to install, then follow these instructions
    • for doing a Quick Scan in normal mode.
    • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
    • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • After completing the scan, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab .
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 han8

han8
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 30 December 2014 - 06:37 PM

Hi..

This is the log generated from MiniToolBox:-

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by use (administrator) on 30-12-2014 at 22:11:32
Running from "C:\Users\use\Downloads"
Microsoft Windows 7 Home Premium   (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : use-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : E8-39-DF-16-1C-BC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 88-AE-1D-4A-D1-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : E8-39-DF-16-1C-BC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a533:621c:23dc:2386%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, 30 December, 2014 8:09:15 PM
   Lease Expires . . . . . . . . . . : Wednesday, 31 December, 2014 8:09:15 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 250100191
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-3C-06-E3-E8-39-DF-16-1C-BC
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{9517A6C7-027D-48F6-9D64-36724615D0E1}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 40:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2cfc:36d5:8c79:688(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2cfc:36d5:8c79:688%48(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2404:6800:4001:801::1005
 58.27.61.34
 58.27.61.24
 58.27.61.45
 58.27.61.25
 58.27.61.20
 58.27.61.39
 58.27.61.44
 58.27.61.54
 58.27.61.50
 58.27.61.59
 58.27.61.49
 58.27.61.40
 58.27.61.55
 58.27.61.30
 58.27.61.29
 58.27.61.35
 
 
Pinging google.com [58.27.61.24] with 32 bytes of data:
Reply from 58.27.61.24: bytes=32 time=104ms TTL=60
Reply from 58.27.61.24: bytes=32 time=177ms TTL=60
 
Ping statistics for 58.27.61.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 104ms, Maximum = 177ms, Average = 140ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=389ms TTL=52
Reply from 206.190.36.45: bytes=32 time=390ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 389ms, Maximum = 390ms, Average = 389ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...e8 39 df 16 1c bc ......Microsoft Virtual WiFi Miniport Adapter
 12...88 ae 1d 4a d1 65 ......Realtek PCIe FE Family Controller
 11...e8 39 df 16 1c bc ......Broadcom 802.11n Network Adapter
  1...........................Software Loopback Interface 1
 49...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 48...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.7    286
      192.168.1.7  255.255.255.255         On-link       192.168.1.7    286
    192.168.1.255  255.255.255.255         On-link       192.168.1.7    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.7    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.7    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 48     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 48     58 2001::/32                On-link
 48    306 2001:0:5ef5:79fb:2cfc:36d5:8c79:688/128
                                    On-link
 11    286 fe80::/64                On-link
 48    306 fe80::/64                On-link
 48    306 fe80::2cfc:36d5:8c79:688/128
                                    On-link
 11    286 fe80::a533:621c:23dc:2386/128
                                    On-link
  1    306 ff00::/8                 On-link
 48    306 ff00::/8                 On-link
 11    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\windows\system32\mswsock.dll [232448] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/29/2014 09:49:09 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3be6b349-c2ec-4cd1-b0e2-f65b6cedb542}
 
Error: (12/27/2014 04:33:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/27/2014 04:33:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (12/27/2014 04:33:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/27/2014 04:32:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/26/2014 09:23:33 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {585c0bfb-d9f5-4c07-b7ec-3c5cfa48c018}
 
Error: (12/26/2014 09:22:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: wuauclt.exe, version: 7.6.7600.256, time stamp: 0x4fca8fc1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1be4
Faulting application start time: 0xwuauclt.exe0
Faulting application path: wuauclt.exe1
Faulting module path: wuauclt.exe2
Report Id: wuauclt.exe3
 
Error: (12/24/2014 08:53:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/24/2014 08:53:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (12/24/2014 08:53:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (12/30/2014 08:56:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows 7 Service Pack 1 (KB976932).
 
Error: (12/30/2014 08:09:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
PxHelp20
 
Error: (12/29/2014 10:25:44 PM) (Source: DCOM) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error: (12/29/2014 10:25:12 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated with the following error: 
%%-2147417831
 
Error: (12/29/2014 10:25:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
PxHelp20
 
Error: (12/29/2014 08:25:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
PxHelp20
 
Error: (12/28/2014 11:01:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows 7 Service Pack 1 (KB976932).
 
Error: (12/28/2014 10:14:11 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
PxHelp20
 
Error: (12/28/2014 01:30:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows 7 Service Pack 1 (KB976932).
 
Error: (12/27/2014 11:45:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
PxHelp20
 
 
Microsoft Office Sessions:
=========================
Error: (05/26/2014 06:28:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5723 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error: (02/14/2012 09:27:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/14/2012 09:27:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1176 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (01/29/2012 08:28:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 140 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2012 00:19:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1507 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (01/26/2012 11:54:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3337 seconds with 2520 seconds of active time.  This session ended with a crash.
 
 
 
=========================== Installed Programs ============================
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)
Any Video Converter 3.4.0 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.2.0.7 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.10(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.42 - Broadcom Corporation)
Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version:  - )
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Delicious - Emily's Tea Garden 1.00 (HKLM\...\Delicious - Emily's Tea Garden 1.00) (Version:  - )
Farm Craft FINAL 1.00 (HKLM\...\Farm Craft FINAL 1.00) (Version:  - )
FilesFrog Update Checker (HKLM\...\FilesFrog Update Checker) (Version:  - )
Fitness Dash FINAL 1.0.0.127 (HKLM\...\Fitness Dash FINAL 1.0.0.127) (Version:  - )
Fix-it-up - Kate's Adventure 1.00 (HKLM\...\Fix-it-up - Kate's Adventure 1.00) (Version:  - )
FLV Player (HKCU\...\FLV Player) (Version: 1.0 - Somoto Ltd.)
Free Ride Games Player (HKLM\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - )
Garden Dash 1.00 (HKLM\...\Garden Dash 1.00) (Version:  - )
Gemini Lost (HKLM\...\Gemini Lost1.0.0.125) (Version: 1.0.0.125 - Adnan_Boy 2008)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hotel Dash Suite Success (HKLM\...\Hotel Dash Suite Success1.0) (Version: 1.0 - AllSmartGames)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{51BA435B-D119-4A1B-966C-673D382B260A}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java™ 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.42.3 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Karaoke Anything! (HKLM\...\Karaoke Anything!1.0) (Version:  - )
Kelly Green Garden Queen 1.00 (HKLM\...\Kelly Green Garden Queen 1.00) (Version:  - )
K-Lite Codec Pack 7.1.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Magic Farm Ultimate Flower 1.00 (HKLM\...\Magic Farm Ultimate Flower 1.00) (Version:  - )
Marine Park Empire (HKLM\...\InstallShield_{977CD9E4-2CE7-46AC-BBEC-FC2B9696464B}) (Version: 1.00 - Enlight Software)
Marine Park Empire (Version: 1.00 - Enlight Software) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Language Interface Pack 2007 - bahasa Melayu (HKLM\...\{95120000-00FF-043E-0000-0000000FF1CE}) (Version: 12.0.4518.1082 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Mystery Case Files: Ravenhearst &reg; (HKLM\...\BFG-Mystery Case Files - Ravenhearst) (Version:  - )
Nanny Mania 2 Hollywood 1.00 (HKLM\...\Nanny Mania 2 Hollywood 1.00) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}) (Version: 7.1.27.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.1.0.87 - Nokia)
Nokia Ovi Suite (Version: 2.1.0.87 - Nokia) Hidden
Norton Internet Security (Version: 17.5.0.127 - Symantec Corporation) Hidden
Opera Stable 26.0.1656.60 (HKLM\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Ovi Desktop Sync Engine (Version: 1.2.254.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.86.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{481C9A00-91AC-4065-870C-BD4E28186E5A}) (Version: 10.5.1.0 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 2.0.0.1412161531 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1412161531 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Soap Opera Dash (HKLM\...\Soap Opera Dash1.0) (Version: 1.0 - AllSmartGames)
Speedial (HKLM\...\Speedial) (Version:  - Speedial)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Top Chef 1.00 (HKLM\...\Top Chef 1.00) (Version:  - )
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.13 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}) (Version: 1.6.07.32 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.07.32 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.2.11.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.0 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.32 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (Version: 1.63.0.22C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.1.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}) (Version: 1.6.06.32 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.32 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.3 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Turtle Odyssey 1.00 (HKLM\...\Turtle Odyssey 1.00) (Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Utility Common Driver (Version: 1.0.52.1C - TOSHIBA) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 55%
Total physical RAM: 2930.67 MB
Available physical RAM: 1305.16 MB
Total Pagefile: 5859.62 MB
Available Pagefile: 4015.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.67 MB
 
========================= Partitions: =====================================
 
1 Drive c: (S3A8859D002) (Fixed) (Total:285.93 GB) (Free:175.81 GB) NTFS
2 Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:727.24 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USE-PC
 
Administrator            Guest                    use                      
 
 
**** End of log ****
 
There wasn't any log that pop out after finish scanning with MalwareBytes though.. Is there a way to retrieve it?
 
This the log generated from ESET:-
 
C:\Users\All Users\Bcool\uninstall.exe Win32/Adware.MultiPlug.A application
C:\ProgramData\Bcool\uninstall.exe Win32/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\Users\use\AppData\Local\Installer\Install_14788\dap10i_ya1b_setup[1].exe a variant of Win32/SpeedBit.C potentially unwanted application deleted - quarantined
C:\Users\use\AppData\Local\Installer\Install_6002\dap10i_ya1b_setup[1].exe a variant of Win32/SpeedBit.C potentially unwanted application deleted - quarantined
C:\Users\use\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_0\js\background.js JS/Astromenda.A potentially unwanted application deleted - quarantined
C:\Users\use\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_0\js\bootstrap.js JS/Astromenda.A potentially unwanted application deleted - quarantined
C:\Users\use\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_0\js\newtab.js JS/Astromenda.A potentially unwanted application deleted - quarantined
C:\Users\use\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_0\js\opentab.js JS/Astromenda.A potentially unwanted application deleted - quarantined
C:\Users\use\AppData\Local\Temp\{3D024406-E9B7-2959-CBB2-A195E6E166F0}\_Setupx.dll Win32/InstalleRex.U potentially unwanted application deleted - quarantined
C:\Users\use\AppData\Roaming\BabSolution\Shared\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80C2J9E5\update[1] a variant of Win32/Toolbar.Perion.A potentially unwanted application deleted - quarantined
 
 
 
 
 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:01 AM

Posted 30 December 2014 - 09:36 PM

That may have occurred as it was an external drive.
They may be here

C:\Users\<username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs.


I see you also have Norton Internet Security, having 2 Antivirus will make for several issue including slowness and false positives.You should remove one and reboot
Also uninstall Adobe reader and old versions of Java,Java™ 6 Update 17 ..reboot.
If needed install new and latest.


Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

Edited by boopme, 30 December 2014 - 09:36 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 han8

han8
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 31 December 2014 - 08:52 AM

Okay i have a few problems now.

 

1) The only Malwarebytes Log that I could find is basically empty.. Do I have to perform this process again?

 

2) I couldn't find Norton Internet Security to uninstall.

 

3) I've uninstalled Adobe Reader and Java 6 Update 17.. Do I need to uninstall Java 7 Update 5 and JavaFX 2.1.1 too?

 

4) All my folders in my external hard disk is gone! Can I retrieve it back?

 

Sorry, I'm a dummy on computer stuff. Please forgive my ignorance  :mellow:



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:01 AM

Posted 07 January 2015 - 10:50 AM

Ok, we need a new topic about ,, All my folders in my external hard disk is gone

We need specialized tools to find out what happened.
Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users