Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected


  • This topic is locked This topic is locked
43 replies to this topic

#1 Lonewolf68

Lonewolf68

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 01 March 2015 - 03:24 PM

Hello all,

 

I am a newbie on here, so a warm hello to everyone one,

 

I have trouble with my computer, believe I have been infected by spyware. I am running Windows 7. I keep getting lots of different pop ups and messages at bottom of screen telling me to click here to fix errors. When I logged on I had annoying nokia music playing, I can't tell you exactly what the pop ups all say. There is one now at bottom of screen, "This content require flash player update. would you like to install it now?".

I have run spybot search and destroy it found 751 errors and deleted most but couldn't do all.

 

Another message "This content required Media Player 12.2 Update, would you like to install it now?"

 

Please can advise me what steps I need to take to fix it.

 

Kind regards

Tania

 

 

 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:56 PM

Posted 01 March 2015 - 03:33 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Lonewolf68

Lonewolf68
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 01 March 2015 - 03:47 PM

Hello Jurgen,

Thank you for helping, here is my report:-

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-02-2015
Ran by User at 2015-03-01 20:45:38
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
BIAS SoundSoap SE 2.4 (HKLM\...\{84D35251-965C-471B-A1FA-0926179A95AB}) (Version: 2.4.0 - BIAS)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{EB041636-9CD5-4D65-9604-37432FCAED91}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Easy Photo Print (HKLM\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{D02F30FB-0BC4-419A-9B9C-ADC610029B50}) (Version: 1.3.2.0 - )
EPSON PRINT Image Framer Tool (HKLM\...\{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}) (Version: 3.2.1.0 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
High-Definition Video Playback (Version: 7.1.13900.47.0 - Nero AG) Hidden
Huawei modem (HKLM\...\Huawei Modems) (Version:  - )
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Muiltmedia keyboard utility 1.3 (HKLM\...\Muiltmedia keyboard utility 1.3) (Version:  - )
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.2.10700.9.100 - Nero AG)
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12400.25.100 - Nero AG)
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.12900.31.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM\...\{7E21FC0E-E116-44BD-A38E-3149F5E14496}) (Version: 10.5.10400 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.8.10400.3.100 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11300.12.100 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.2.15500.17.100 - Nero AG)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Studio 12 (HKLM\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.0.0.6163 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
Qmee (HKLM\...\{7DF13A39-2F55-4461-9EBB-8DC681A6341F}) (Version: 0.9.14 - KangoExtensions) <==== ATTENTION
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Roxio Creator 2011 Pro (HKLM\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
Roxio PhotoShow (HKLM\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SketchUp Import for AutoCAD 2014 (HKLM\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.7 - SmartSound Software Inc.) Hidden
SmartSound Sonicfire Pro 5 (HKLM\...\{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.5.2 - SmartSound Software Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME (HKLM\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.2 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TSST OEM Content (HKLM\...\{885AFEC2-0809-47CE-8B3F-00AEC19DDD5F}) (Version: 10.0.10300.0.0 - Nero AG)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WSE_Binkiland (HKLM\...\WSE_Binkiland) (Version:  - WSE_Binkiland) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443484386-2261686530-4094112083-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points  =========================

10-02-2015 05:54:13 Windows Update
17-02-2015 07:07:14 Scheduled Checkpoint
24-02-2015 07:59:30 Scheduled Checkpoint
28-02-2015 16:43:24 Device Driver Package Install: EPSON Printers
28-02-2015 16:49:14 Device Driver Package Install: EPSON Printers
28-02-2015 17:28:29 Device Driver Package Install: EPSON Printers
01-03-2015 05:06:16 Windows Update
01-03-2015 17:36:32 Installed EPSON PRINT Image Framer Tool
01-03-2015 17:38:54 Installed EPSON Attach To Email
01-03-2015 17:39:21 Installed EPSON Scan Assistant
01-03-2015 17:39:48 Installed EPSON File Manager
01-03-2015 17:40:10 Installed EPSON File Manager
01-03-2015 17:57:35 Installed Camera RAW Plug-In for EPSON Creativity Suite
01-03-2015 17:57:52 Installed Camera RAW Plug-In for EPSON Creativity Suite
01-03-2015 18:06:14 Configured EPSON Attach To Email
01-03-2015 18:06:48 Installed EPSON File Manager
01-03-2015 18:08:33 Installed EPSON Easy Photo Print
01-03-2015 18:08:51 Installed EPSON Easy Photo Print
01-03-2015 19:53:18 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
01-03-2015 20:06:42 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2013-03-17 13:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02941952-ED59-413C-BC09-14457416F5E2} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {12D8B299-45D1-4755-9D78-019FC46C896E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {139B0829-E58D-498A-BD7F-3163E3465C34} - System32\Tasks\{893E16E3-11D9-4B5D-ADDB-A59B51C6B2FE} => pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRIG32IS\epson327610eu.exe" -d C:\Users\User\Desktop
Task: {3193A4B7-E612-4C2D-9820-2534B5F11376} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {33DD5D47-A2FB-4E70-9B14-003BE0007E35} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {45581F13-FDAE-4A55-A330-B819D7C07F2B} - System32\Tasks\Binkiland => C:\Users\User\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe [2015-03-01] () <==== ATTENTION
Task: {484BF30E-04E7-432F-8B82-DA2A487E983A} - System32\Tasks\{34762595-07F1-43B4-A36A-4CE37CE32AA6} => pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I3ZNZHG\epson375768eu.exe" -d C:\Users\User\Desktop
Task: {6F21DE30-EF17-4C78-B988-33E74EE82E4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {80806E46-4B6D-42D2-A383-9009C87948BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {81BF37C2-F2ED-42E3-9535-7FC07D94BEAA} - System32\Tasks\{4D7EC994-75E9-4D99-98A0-5C0E5F294D1D} => pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFAHX8Z6\epson324702eu.exe" -d C:\Users\User\Desktop
Task: {8311BC05-6BC3-4A2B-991C-833F714C49DD} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {93E4EC74-12F0-47D6-BF52-3354C16C66C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {C583A7EB-6E4E-4677-98E5-B12830E799B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C69F7B69-F0CB-4EA6-99EF-B21060BA02C1} - System32\Tasks\{E6DFB8D2-E68E-42E1-BC43-41CB480304CB} => pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFAHX8Z6\epson375769eu.exe" -d C:\Users\User\Desktop
Task: {C80F26D5-F996-44C4-9FBF-086ED4C58D88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C9851041-13BB-4FDD-9EE2-CCAC84445F10} - System32\Tasks\{1C490C84-B08F-45FC-84F0-0D91C1BBD540} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {CB452BE8-F4D8-4154-9317-DB6DA2F7855D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-25] (Adobe Systems Incorporated)
Task: {DD1FD8AE-B3D1-4C8A-820F-1CED820D5DAC} - System32\Tasks\{A56D0EBA-DA2F-401D-B558-5A9FFA198376} => pcalua.exe -a D:\EPSetup.exe -d D:\
Task: {E51B26A9-D016-423C-B1A8-619DA424D0A0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FA327032-2AC9-42D7-BFD5-9A5B83232782} - System32\Tasks\4596 => Wscript.exe C:\Users\User\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Binkiland.job => C:\Users\User\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2009-06-02 18:05 - 2009-06-02 18:05 - 00457200 _____ () C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-13 20:23 - 2010-07-13 20:23 - 00084464 _____ () C:\Program Files\Roxio 2011\5.0\CPMonitor.exe
2010-06-30 08:10 - 2010-06-30 08:10 - 00477680 _____ () C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
2014-08-06 16:24 - 2014-08-05 09:22 - 01489408 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2014-08-06 16:24 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2015-03-01 19:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-01 19:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-01 19:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-01 12:09 - 2014-05-01 12:09 - 00375296 _____ () C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
2014-05-01 12:09 - 2014-05-01 12:09 - 00053248 _____ () C:\Program Files\Muiltmedia keyboard utility\1.3\KBDDL32A.DLL
2014-05-01 12:09 - 2014-05-01 12:09 - 00049152 _____ () C:\Program Files\Muiltmedia keyboard utility\1.3\KBDMDLLA.DLL
2014-05-01 12:09 - 2014-05-01 12:09 - 00012288 _____ () C:\Program Files\Muiltmedia keyboard utility\1.3\KBD32S.DLL
2014-05-01 12:09 - 2014-05-01 12:09 - 00032768 _____ () C:\Program Files\Muiltmedia keyboard utility\1.3\KBD32G.DLL
2010-07-14 03:00 - 2010-07-14 03:00 - 00032240 _____ () C:\Program Files\Roxio\BackOnTrack\App\BService.exe
2010-07-14 03:00 - 2010-07-14 03:00 - 01587696 _____ () C:\Program Files\Roxio\BackOnTrack\App\BEngine.dll
2010-07-14 03:00 - 2010-07-14 03:00 - 00107504 _____ () C:\Program Files\Roxio\BackOnTrack\App\Logging.dll
2015-03-01 17:59 - 2015-03-01 17:59 - 00092160 _____ () C:\Users\User\AppData\Local\A568B500-1425232744-11E0-91A1-5404A61D2780\cnsf72E3.tmp
2015-03-01 17:56 - 2015-03-01 17:56 - 00113664 _____ () C:\Users\User\AppData\Roaming\A568B500-1425232555-11E0-91A1-5404A61D2780\nse8511.tmpfs
2015-03-01 17:56 - 2015-03-01 17:56 - 00174592 _____ () C:\Users\User\AppData\Roaming\A568B500-1425232555-11E0-91A1-5404A61D2780\jnsuB107.tmp
2015-03-01 18:27 - 2015-03-01 18:27 - 00099840 _____ () C:\Users\User\AppData\Local\A568B500-1425234423-11E0-91A1-5404A61D2780\insqF857.tmp
2015-03-01 19:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-01 19:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-01 17:59 - 2015-03-01 17:59 - 00142336 _____ () C:\Users\User\AppData\Local\A568B500-1425232761-11E0-91A1-5404A61D2780\snsf9B19.tmp

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news964078814
AlternateDataStreams: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages523453257
AlternateDataStreams: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-954496249
AlternateDataStreams: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends2073392651
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.co.uk Low Prices in Electronics, Books, Sports Equipment & more.website:DESTICON_favicon-1280777702
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.co.uk Low Prices in Electronics, Books, Sports Equipment & more.website:DESTICON_favicon-1832937330
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.co.uk Low Prices in Electronics, Books, Sports Equipment & more.website:DESTICON_favicon-305398699
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.co.uk Low Prices in Electronics, Books, Sports Equipment & more.website:DESTICON_favicon1921853446
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.co.uk Low Prices in Electronics, Books, Sports Equipment & more.website:DESTICON_favicon706749981
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.co.uk Low Prices in Electronics, Books, Sports Equipment & more.website:DESTICON_Goldbox16._V200960310_2023149401
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news964078814
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages523453257
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-954496249
AlternateDataStreams: C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends2073392651
AlternateDataStreams: C:\Users\User\Downloads\Coke Cola London 2012 games song [LoudTronix.me].mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\User\Downloads\The Olympic Heartbeat ( London 2012 TV Commercial) [LoudTronix.me].mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\User\Documents\Slideshow.dmsm:Roxio EMC Stream
AlternateDataStreams: C:\Users\User\Documents\Slideshow0.dmsm:Roxio EMC Stream
AlternateDataStreams: C:\Users\User\Documents\Slideshow1.dmsm:Roxio EMC Stream
AlternateDataStreams: C:\Users\User\Documents\Slideshow2.dmsm:Roxio EMC Stream
AlternateDataStreams: C:\Users\User\Documents\Slideshow3.dmsm:Roxio EMC Stream
AlternateDataStreams: C:\Users\User\Documents\Slideshow4.dmsm:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasementDuster => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1443484386-2261686530-4094112083-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1443484386-2261686530-4094112083-500 - Administrator - Disabled)
Becky (S-1-5-21-1443484386-2261686530-4094112083-1004 - Limited - Enabled) => C:\Users\Becky
Buddy (S-1-5-21-1443484386-2261686530-4094112083-1005 - Administrator - Enabled) => C:\Users\Buddy
Guest (S-1-5-21-1443484386-2261686530-4094112083-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1443484386-2261686530-4094112083-1003 - Limited - Enabled)
Marky (S-1-5-21-1443484386-2261686530-4094112083-1006 - Limited - Enabled) => C:\Users\Marky
UpdatusUser (S-1-5-21-1443484386-2261686530-4094112083-1001 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-1443484386-2261686530-4094112083-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2015 08:38:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 08:10:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 07:57:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 06:18:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x50545448
Faulting process id: 0x804
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/01/2015 05:36:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b02f4d4b-db51-4f6b-b0fc-d979904d0503}

Error: (03/01/2015 04:38:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 04:19:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 08:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: nvd3dum.dll, version: 9.18.13.623, time stamp: 0x503f78d0
Exception code: 0xc0000005
Fault offset: 0x007415d9
Faulting process id: 0xe14
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (02/28/2015 06:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: nvd3dum.dll, version: 9.18.13.623, time stamp: 0x503f78d0
Exception code: 0xc0000005
Fault offset: 0x007415d9
Faulting process id: 0x1740
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (02/28/2015 05:32:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/01/2015 08:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Error: (03/01/2015 08:45:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Error: (03/01/2015 08:45:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Error: (03/01/2015 08:45:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Error: (03/01/2015 08:45:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Error: (03/01/2015 08:45:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Error: (03/01/2015 08:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Error: (03/01/2015 08:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Error: (03/01/2015 08:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Error: (03/01/2015 08:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BasementDuster service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (03/01/2015 08:38:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 08:10:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 07:57:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 06:18:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1652153114399unknown0.0.0.000000000c00000055054544880401d0544a07c6b9c3C:\Program Files\Internet Explorer\iexplore.exeunknown5f076738-c03f-11e4-9504-5404a61d2780

Error: (03/01/2015 05:36:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b02f4d4b-db51-4f6b-b0fc-d979904d0503}

Error: (03/01/2015 04:38:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 04:19:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 08:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1652153114399nvd3dum.dll9.18.13.623503f78d0c0000005007415d9e1401d0538c65726d8fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\nvd3dum.dll3ae5d35f-bf85-11e4-b125-5404a61d2780

Error: (02/28/2015 06:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1652153114399nvd3dum.dll9.18.13.623503f78d0c0000005007415d9174001d05382090f1bb6C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\nvd3dum.dllb341b9e5-bf77-11e4-b125-5404a61d2780

Error: (02/28/2015 05:32:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-09-10 11:50:57.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 11:07:19.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 11:07:19.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 11:07:17.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 11:07:13.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 11:07:13.633
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 11:06:19.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 11:04:02.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 11:03:58.774
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 10:44:16.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\PROGRA~1\McAfee\SITEAD~1\sahook.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 43%
Total physical RAM: 3573.25 MB
Available physical RAM: 2025.47 MB
Total Pagefile: 7144.78 MB
Available Pagefile: 5230.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1870.66 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:931.51 GB) (Free:844.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5D96E3B9)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:56 PM

Posted 01 March 2015 - 03:52 PM

Please post FRST.txt as well. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Lonewolf68

Lonewolf68
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 01 March 2015 - 03:54 PM

It doesn't seem to let me copy and paste the first scan.


I copied it and trying to paste, but it is greyed out



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:56 PM

Posted 01 March 2015 - 03:55 PM

Try to attach it...

post-155276-0-19034800-1406371428.png


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Lonewolf68

Lonewolf68
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 01 March 2015 - 03:58 PM

Hopefully this will work



#8 Lonewolf68

Lonewolf68
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 01 March 2015 - 04:03 PM

Wasn't sure if previous one attached, so trying again.

Attached File  frst1.txt   39KB   6 downloadsAttached File  frst1.txt   39KB   6 downloadsAttached File  frst1.txt   39KB   6 downloads



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:56 PM

Posted 01 March 2015 - 04:27 PM

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall: Qmee, WSE_Binkiland
  • Reboot your computer.

Step 2

Scan with adwcleaner.png AdwCleaner (by Xplode).

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

 

Download and install mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

mbameng.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Lonewolf68

Lonewolf68
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 01 March 2015 - 05:00 PM

Attached File  AdwCleanerS1.txt   2.97KB   3 downloads

 

I couldn't copy and paste so attached, hope this ok!



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:56 PM

Posted 01 March 2015 - 05:26 PM

Please proceed with the next steps. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Lonewolf68

Lonewolf68
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 01 March 2015 - 05:30 PM

Attached File  malware.txt   2.04KB   3 downloads

 

I couldn't copy to clipboard, so exported, hope this comes out ok!



#13 Lonewolf68

Lonewolf68
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 01 March 2015 - 05:31 PM

Here is another part of the log.

 

Attached Files



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:56 PM

Posted 01 March 2015 - 05:33 PM

:thumbup2:  and step 4 please...


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Lonewolf68

Lonewolf68
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 01 March 2015 - 05:38 PM

Attached is first, again i couldnt copy and paste

 


and here is Addition one.

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users