Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

webwatcherlsp.dll, Ads by Sasa, malware infection


  • This topic is locked This topic is locked
16 replies to this topic

#1 warehelp

warehelp

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 11 April 2015 - 07:26 PM

Hi, thanks for your help!

I clicked on a link to update a shockwave plugin, and found my computer downloading and running a bunch of fake programs, including DriverScanner, SystemNotifier, MovieWizard, and many more. Also, I'm inundated with Ads by SASA and constant popups. I got an error message containing the file name webwatcherlsp.dll, googled that, and found a similar issue on a thread on bleeping computer. Malwarebytes didn't detect any problems, so I uninstalled it. That brings us to the present. Here are my logs:

Log 1

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2015
Ran by User (administrator) on USER-PC on 11-04-2015 16:55:36
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(globalUpdate) C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\DriverScanner\driverscanner.exe
(System NotifierV29.03) C:\Program Files\System NotifierV29.03\86f925c5-c377-4bee-9a34-86bcb4c29f27-10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files\ver2TheBestDeals\Z8TheBestDealsG80.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\LhwesCcs\LhwesCcs.exe
(WebWatcher) C:\Program Files\SysFiles\WebWatcherProxy.exe
(Small Island Development) C:\ProgramData\DDsDWI\BPguQTFy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\SafeGuard\SafeGuardApp.exe
() C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Alerts LLC) C:\Program Files\SafeGuard\SafeGuard.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
() C:\Windows\hmt.exe
() C:\Windows\mhmt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM\...\Run: [SafeGuard] => C:\Program Files\SafeGuard\SafeGuardApp.exe [1537040 2015-03-17] ()
HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Run: [Amazon Music] => C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SafeGuard.lnk
ShortcutTarget: SafeGuard.lnk -> C:\Program Files\SafeGuard\SafeGuard.exe (Alerts LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2511760245-2475643555-3299102179-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2511760245-2475643555-3299102179-1000] => http=127.0.0.1:9880
HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: TheBestDeals -> {25386E02-CD54-C5F9-8429-53BCCBED54D0} -> C:\Program Files\ver2TheBestDeals\190.dll [2015-03-29] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 02 C:\Windows\system32\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 03 C:\Windows\system32\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 04 C:\Windows\system32\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 16 C:\Windows\system32\WebWatcherLSP.dll [326000] (WebWatcher)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0j7rm10v.default
FF DefaultSearchEngine: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0j7rm10v.default\user.js [2015-03-29]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-02-25]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-02-25]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-13]
FF HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Firefox\Extensions: [{7809145C-A03A-C9FA-FBA0-27A9D3088B75}] - C:\Program Files\ver2TheBestDeals\190.xpi

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BPguQTFy; C:\ProgramData\DDsDWI\BPguQTFy.exe [2733552 2015-03-29] (Small Island Development)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-03-29] (globalUpdate) [File not signed]
R2 hmt; c:\windows\hmt.exe [531456 2015-04-10] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 LhwesCcs; C:\Program Files\LhwesCcs\LhwesCcs.exe [256512 2015-03-25] () [File not signed] <==== ATTENTION
R2 mhmt; c:\windows\mhmt.exe [523264 2015-04-10] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SafeGuard Update Service; C:\Program Files\SafeGuard\SafeGuardSrv.exe [585744 2015-03-17] ()
R2 WebWatcherProxy; C:\Program Files\SysFiles\WebWatcherProxy.exe [1526000 2015-03-16] (WebWatcher)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [82560 2012-01-03] (Advanced Micro Devices, INC.)
S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [173184 2012-01-03] (Advanced Micro Devices, INC.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
R2 webTinstMKTN; C:\Windows\system32\Drivers\webTinstMKTN.sys [43560 2015-03-29] ()
R1 wwwd; C:\Windows\system32\Drivers\wwwd.sys [28592 2015-03-12] (WebWatcher)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 16:55 - 2015-04-11 16:58 - 00010344 _____ () C:\Users\User\Downloads\FRST.txt
2015-04-11 16:54 - 2015-04-11 16:55 - 00000000 ____D () C:\FRST
2015-04-11 16:52 - 2015-04-11 16:53 - 01135104 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-04-11 16:47 - 2015-04-11 16:47 - 00000000 ___HD () C:\ProgramData\hmt
2015-04-10 02:44 - 2015-04-10 02:44 - 00745984 _____ () C:\Windows\hmt.dat
2015-04-10 02:44 - 2015-04-10 02:44 - 00531456 _____ () C:\Windows\hmt.exe
2015-04-10 02:44 - 2015-04-10 02:44 - 00523264 _____ () C:\Windows\mhmt.exe
2015-03-30 20:38 - 2015-03-30 20:39 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\User\Downloads\cbSetup.exe
2015-03-30 20:02 - 2015-03-30 20:02 - 00000000 _____ () C:\end
2015-03-30 19:52 - 2015-03-30 19:52 - 00000000 __SHD () C:\Program Files\LhwesCcs
2015-03-30 19:50 - 2015-03-30 19:51 - 00000000 ____D () C:\Users\User\AppData\Local\MovieWizard
2015-03-30 19:49 - 2015-03-29 20:50 - 00043560 _____ () C:\Windows\system32\Drivers\webTinstMKTN.sys
2015-03-30 19:48 - 2015-03-30 19:48 - 00000000 ____D () C:\Users\User\AppData\Local\Alerts_LLC
2015-03-30 19:47 - 2015-04-11 16:45 - 00000000 ____D () C:\Users\User\AppData\Local\SafeGuard
2015-03-30 19:47 - 2015-03-30 19:47 - 00000000 __RSH () C:\MSDOS.SYS
2015-03-30 19:47 - 2015-03-30 19:47 - 00000000 __RSH () C:\IO.SYS
2015-03-30 19:46 - 2015-04-11 16:44 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-03-30 19:29 - 2015-03-30 19:29 - 00000037 _____ () C:\Users\User\Desktop\error.txt
2015-03-30 19:17 - 2015-03-30 19:17 - 00000000 ____D () C:\Users\User\Desktop\Old Firefox Data
2015-03-30 18:35 - 2015-03-30 18:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\ParetoLogic
2015-03-30 18:34 - 2015-03-30 19:08 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-03-30 17:36 - 2015-03-30 17:36 - 00002132 _____ () C:\Users\User\Desktop\bkmrks.txt
2015-03-30 13:35 - 2015-03-30 13:37 - 00000000 ____D () C:\AdwCleaner
2015-03-29 22:53 - 2015-03-30 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bazooka Scanner
2015-03-29 22:46 - 2015-03-29 22:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-29 20:53 - 2015-03-30 19:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Kreapixel
2015-03-29 20:52 - 2015-04-11 16:44 - 00002432 _____ () C:\Windows\Tasks\86f925c5-c377-4bee-9a34-86bcb4c29f27-5_user.job
2015-03-29 20:52 - 2015-04-11 16:44 - 00002432 _____ () C:\Windows\Tasks\86f925c5-c377-4bee-9a34-86bcb4c29f27-5.job
2015-03-29 20:52 - 2015-03-30 19:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\b3YIulL
2015-03-29 20:52 - 2015-03-29 20:52 - 00000000 ____D () C:\ProgramData\atjs
2015-03-29 20:51 - 2015-04-11 16:44 - 00002035 _____ () C:\Windows\patsearch.bin
2015-03-29 20:51 - 2015-04-11 16:44 - 00000398 _____ () C:\Windows\Tasks\TheBestDeals Update.job
2015-03-29 20:51 - 2015-04-11 16:44 - 00000266 _____ () C:\Windows\Tasks\DriverScanner.job
2015-03-29 20:51 - 2015-03-30 19:46 - 00000000 ____D () C:\ProgramData\DDsDWI
2015-03-29 20:51 - 2015-03-30 19:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\x8rA2Qv
2015-03-29 20:51 - 2015-03-30 19:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SafeGuard
2015-03-29 20:51 - 2015-03-30 19:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\18f2zsO
2015-03-29 20:51 - 2015-03-30 19:44 - 00000000 ____D () C:\Program Files\globalUpdate
2015-03-29 20:51 - 2015-03-29 20:51 - 00009736 _____ () C:\Windows\system32\WebWatcherProxyOff.ini
2015-03-29 20:51 - 2015-03-29 20:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
2015-03-29 20:51 - 2015-03-29 20:51 - 00000000 ____D () C:\Users\User\AppData\Local\WebWatcherProxy
2015-03-29 20:51 - 2015-03-12 15:50 - 00028592 _____ (WebWatcher) C:\Windows\system32\Drivers\wwwd.sys
2015-03-29 20:50 - 2015-04-11 16:54 - 00000326 _____ () C:\Windows\Tasks\dsmonitor.job
2015-03-29 20:50 - 2015-04-11 16:51 - 00002098 _____ () C:\Windows\Tasks\86f925c5-c377-4bee-9a34-86bcb4c29f27-10_user.job
2015-03-29 20:50 - 2015-03-30 19:45 - 00000000 ____D () C:\Program Files\SafeGuard
2015-03-29 20:50 - 2015-03-30 19:44 - 00000000 ____D () C:\Users\User\AppData\Local\Webplayer Remote
2015-03-29 20:50 - 2015-03-30 19:44 - 00000000 ____D () C:\ProgramData\MovieWizard
2015-03-29 20:50 - 2015-03-30 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-03-29 20:50 - 2015-03-30 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeGuard
2015-03-29 20:50 - 2015-03-30 19:44 - 00000000 ____D () C:\Program Files\ver2TheBestDeals
2015-03-29 20:50 - 2015-03-30 19:44 - 00000000 ____D () C:\Program Files\Uniblue
2015-03-29 20:50 - 2015-03-30 19:44 - 00000000 ____D () C:\Program Files\System NotifierV29.03
2015-03-29 20:50 - 2015-03-29 20:50 - 00001151 _____ () C:\Users\Public\Desktop\DriverScanner.lnk
2015-03-29 20:50 - 2015-03-29 20:50 - 00000000 ____D () C:\Windows\SysHealthController
2015-03-29 20:50 - 2015-03-29 20:50 - 00000000 ____D () C:\Windows\SysFilesController
2015-03-29 20:50 - 2015-03-12 15:50 - 00326000 _____ (WebWatcher) C:\Windows\system32\WebWatcherLSP.dll
2015-03-29 20:49 - 2015-03-30 19:44 - 00000000 ____D () C:\Program Files\SysFiles
2015-03-29 20:49 - 2015-03-30 19:44 - 00000000 ____D () C:\Program Files\MixVideoPlayer
2015-03-29 20:48 - 2015-03-29 20:48 - 00563088 _____ () C:\Users\User\Downloads\Setup.exe
2015-03-25 17:58 - 2015-03-25 17:58 - 00252568 _____ () C:\Windows\Minidump\032515-18189-01.dmp
2015-03-23 21:40 - 2015-03-23 21:40 - 00011066 _____ () C:\Users\User\Desktop\BUDGET2.xlsx
2015-03-22 14:40 - 2015-03-22 14:40 - 00252680 _____ () C:\Windows\Minidump\032215-21684-01.dmp
2015-03-22 00:05 - 2015-03-30 19:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 11:17 - 2015-03-20 11:17 - 00252712 _____ () C:\Windows\Minidump\032015-17269-01.dmp
2015-03-17 19:53 - 2015-03-17 19:54 - 00252568 _____ () C:\Windows\Minidump\031715-19344-01.dmp
2015-03-17 19:41 - 2015-03-17 19:41 - 00000165 ____H () C:\Users\User\Desktop\~$BUDGET.xlsx
2015-03-16 23:13 - 2015-03-16 23:13 - 00729888 _____ (Installer Technology Co) C:\Users\User\Downloads\SoftwareUpdater.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 16:56 - 2009-07-13 21:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 16:56 - 2009-07-13 21:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 16:54 - 2014-08-31 10:24 - 01406538 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 16:43 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 16:43 - 2009-07-13 21:39 - 00037630 _____ () C:\Windows\setupact.log
2015-03-30 20:12 - 2010-11-20 14:48 - 00011326 _____ () C:\Windows\PFRO.log
2015-03-30 19:45 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-30 19:44 - 2014-10-13 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-03-30 19:44 - 2014-10-13 11:55 - 00000000 ____D () C:\Program Files\Coupons
2015-03-30 19:44 - 2014-10-07 21:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-30 19:44 - 2014-10-07 21:38 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-30 19:44 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2015-03-30 19:44 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-30 19:36 - 2010-11-20 17:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-29 22:54 - 2014-08-31 10:43 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-03-29 20:31 - 2015-02-03 22:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 17:58 - 2014-10-08 23:53 - 272281986 _____ () C:\Windows\MEMORY.DMP
2015-03-25 17:58 - 2014-10-08 23:53 - 00000000 ____D () C:\Windows\Minidump
2015-03-23 14:20 - 2010-11-20 14:01 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 15:21 - 2015-02-03 22:07 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-20 15:21 - 2015-02-03 22:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-20 15:21 - 2014-10-07 22:32 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-03-14 01:08 - 2015-03-10 00:36 - 00030446 ____H () C:\Users\User\Desktop\~WRL1177.tmp
2015-03-13 08:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-03-13 08:19 - 2009-07-13 21:33 - 00414672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 20:31 - 2015-01-12 19:44 - 00001085 _____ () C:\Users\User\Desktop\Amazon Music.lnk
2015-03-12 19:34 - 2014-08-31 11:19 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2015-03-30 18:35 - 2015-03-30 19:08 - 0000115 _____ () C:\Users\User\AppData\Roaming\LogFile.txt
2014-10-13 11:46 - 2014-10-15 12:40 - 0001743 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\25B50D55-4894-BF5C-76A8-E121A392CC67.exe
C:\Users\User\AppData\Local\Temp\B4D162BF-8BB9-B9A5-C076-A3CAB2859443.dll
C:\Users\User\AppData\Local\Temp\B4D162BF-8BB9-B9A5-C076-A3CAB2859443.exe
C:\Users\User\AppData\Local\Temp\compete.exe
C:\Users\User\AppData\Local\Temp\cw.exe
C:\Users\User\AppData\Local\Temp\Installmanager.exe
C:\Users\User\AppData\Local\Temp\MSETUP4.EXE
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\SpOrder.dll
C:\Users\User\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 18:28

==================== End Of Log ============================

 

Log 2

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2015
Ran by User at 2015-04-11 16:59:08
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
D110 (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DriverScanner (HKLM\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.14.0 - Uniblue Systems Ltd)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Movie Wizard (HKLM\...\MovieWizard) (Version: 2.7.63 - Small Island Development) <==== ATTENTION
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
SafeGuard (HKLM\...\SafeGuard) (Version: 1.0.2.25 - SafeGuard)
Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
System NotifierV29.03 (HKLM\...\System NotifierV29.03) (Version: 1.36.01.22 - System NotifierV29.03)
TheBestDeals (HKLM\...\886DAEB7-948E-3F9D-E985-6FFB796998F3) (Version:  - TheBestDeals-software) <==== ATTENTION
Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-03-2015 20:28:31 Windows Update
20-03-2015 11:29:23 Windows Update
23-03-2015 13:23:00 Windows Update
26-03-2015 21:25:00 Windows Update
29-03-2015 20:50:49 Uniblue DriverScanner installation
29-03-2015 21:02:57 Supprimé Webplayer Remote
29-03-2015 21:04:01 Supprimé Webplayer Remote
30-03-2015 08:07:11 Windows Update
30-03-2015 19:11:01 Restore Operation
30-03-2015 20:07:32 Windows Update
11-04-2015 16:51:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FBBAC4D-63ED-493C-8D14-32C19DEDDED3} - System32\Tasks\DriverScanner => C:\Program Files\Uniblue\DriverScanner\driverscanner.exe [2015-02-16] (Uniblue Systems Ltd)
Task: {1278BB4E-1967-4AC7-BB99-A3E64C23BDAF} - System32\Tasks\86f925c5-c377-4bee-9a34-86bcb4c29f27-5 => C:\Program Files\System NotifierV29.03\86f925c5-c377-4bee-9a34-86bcb4c29f27-5.exe [2015-03-29] (System NotifierV29.03) <==== ATTENTION
Task: {1B8212DB-2D23-43F0-90E2-D09805DF98B5} - System32\Tasks\ObronaCleanerUacSkip => C:\Users\User\AppData\Local\Obrona Cleaner\ObronaCleaner.exe
Task: {218EAC4E-E663-44A5-85E1-2CCBE64F97F7} - System32\Tasks\dsmonitor => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2015-02-16] (Uniblue Systems Ltd)
Task: {32EB210F-7A28-4107-9493-0AC02647E0CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6036CAFB-B523-4D1C-ACC3-9AD8F6E11B2F} - System32\Tasks\TheBestDeals Update => C:\Program Files\ver2TheBestDeals\Z8TheBestDealsG80.exe [2015-03-29] () <==== ATTENTION
Task: {6DE663C8-D6E8-4CF2-945D-7B2F937B30A5} - System32\Tasks\86f925c5-c377-4bee-9a34-86bcb4c29f27-5_user => C:\Program Files\System NotifierV29.03\86f925c5-c377-4bee-9a34-86bcb4c29f27-5.exe [2015-03-29] (System NotifierV29.03) <==== ATTENTION
Task: {7F3F2B3C-4B25-433E-ACC6-A9B793CF2FC1} - System32\Tasks\86f925c5-c377-4bee-9a34-86bcb4c29f27-10_user => C:\Program Files\System NotifierV29.03\86f925c5-c377-4bee-9a34-86bcb4c29f27-10.exe [2015-03-29] (System NotifierV29.03) <==== ATTENTION
Task: {8A276524-BEAA-4ABA-A14D-35D372CA9344} - System32\Tasks\Nd2XoUfWzuNGBWJ => C:\Users\User\AppData\Roaming\x8rA2Qv\ejHImlI.exe [2015-03-29] ( )
Task: {96A1037D-CC16-4656-B8DD-2344D82C139D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-20] (Adobe Systems Incorporated)
Task: {AD42CA84-8B97-40AE-8B36-5F40697462FD} - System32\Tasks\IWDLDabn4E7XdDo => C:\Users\User\AppData\Roaming\18f2zsO\R9GOuNX.exe [2015-03-29] ( )
Task: {F2380D0A-227D-401C-AB9B-4ABDD59F44EE} - System32\Tasks\LvxVSg7GzSNoQ0Q => C:\Users\User\AppData\Roaming\b3YIulL\RhwoQR8.exe [2015-03-29] ( )
Task: {F2583A19-43BB-4B75-98D7-11B58FC898B1} - System32\Tasks\{985094BC-ED7F-4A93-A70D-CBE8CF57DA0D} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\86f925c5-c377-4bee-9a34-86bcb4c29f27-10_user.job => C:\Program Files\System NotifierV29.03\86f925c5-c377-4bee-9a34-86bcb4c29f27-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\86f925c5-c377-4bee-9a34-86bcb4c29f27-5.job => C:\Program Files\System NotifierV29.03\86f925c5-c377-4bee-9a34-86bcb4c29f27-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\86f925c5-c377-4bee-9a34-86bcb4c29f27-5_user.job => C:\Program Files\System NotifierV29.03\86f925c5-c377-4bee-9a34-86bcb4c29f27-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverScanner.job => C:\Program Files\Uniblue\DriverScanner\driverscanner.exe
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\TheBestDeals Update.job => C:\Program Files\ver2TheBestDeals\Z8TheBestDealsG80.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-29 20:50 - 2015-03-29 20:50 - 00512000 _____ () C:\Program Files\ver2TheBestDeals\Z8TheBestDealsG80.exe
2015-03-30 19:52 - 2015-03-25 09:05 - 00256512 ___SH () C:\Program Files\LhwesCcs\LhwesCcs.exe
2015-03-17 11:06 - 2015-03-17 11:06 - 01537040 _____ () C:\Program Files\SafeGuard\SafeGuardApp.exe
2015-01-12 19:43 - 2015-03-02 15:44 - 05886272 _____ () C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-03-20 15:21 - 2015-03-20 15:21 - 16858288 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll
2015-04-10 02:44 - 2015-04-10 02:44 - 00531456 _____ () c:\windows\hmt.exe
2015-04-10 02:44 - 2015-04-10 02:44 - 00523264 _____ () c:\windows\mhmt.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wwwd.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2511760245-2475643555-3299102179-500 - Administrator - Disabled)
Guest (S-1-5-21-2511760245-2475643555-3299102179-501 - Limited - Disabled)
User (S-1-5-21-2511760245-2475643555-3299102179-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2015 04:45:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 03:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 03:34:07 PM) (Source: globalUpdate Update) (EventID: 1) (User: NT AUTHORITY)
Description: globalUpdate Update has encountered a fatal error.
ver=1.3.25.0.private;lang=en;id=;is_machine=1;upload=0;minidump=C:\Program Files\globalUpdate\CrashReports\3b8b2aff-de8f-4fe0-af50-66666fa9b501.dmp

Error: (03/30/2015 08:38:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 08:13:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 07:57:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 07:56:44 PM) (Source: globalUpdate Update) (EventID: 1) (User: NT AUTHORITY)
Description: globalUpdate Update has encountered a fatal error.
ver=1.3.25.0.private;lang=en;id=;is_machine=1;upload=0;minidump=C:\Program Files\globalUpdate\CrashReports\53873677-c3d1-4dc5-8191-420de1dc102b.dmp

Error: (03/30/2015 07:51:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 07:50:02 PM) (Source: globalUpdate Update) (EventID: 1) (User: NT AUTHORITY)
Description: globalUpdate Update has encountered a fatal error.
ver=1.3.25.0.private;lang=en;id=;is_machine=1;upload=0;minidump=C:\Program Files\globalUpdate\CrashReports\75f0afd9-8d42-483c-abce-213cd5284eb3.dmp

Error: (03/30/2015 07:46:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/11/2015 03:35:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.195.1024.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2015 03:35:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.195.1024.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/11/2015 03:33:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (04/11/2015 03:33:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (03/30/2015 08:31:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WebWatcherProxy-Service{2936C9CD-1297-403E-8C6D-15A5C7B8982E}

Error: (03/30/2015 08:12:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/30/2015 08:12:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/30/2015 08:12:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/30/2015 08:12:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (03/30/2015 08:12:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/14/2015 01:09:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36883 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (03/03/2015 11:38:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 103279 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/08/2015 03:18:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 61888 seconds with 1380 seconds of active time.  This session ended with a crash.

Error: (01/04/2015 11:04:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7748 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/28/2014 03:36:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 352 seconds with 240 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 62%
Total physical RAM: 3063.3 MB
Available physical RAM: 1153.65 MB
Total Pagefile: 6124.9 MB
Available Pagefile: 3943.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:81.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:13 AM

Posted 12 April 2015 - 07:33 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Movie Wizard
    TheBestDeals
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Edited by deeprybka, 12 April 2015 - 07:34 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 warehelp

warehelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 12 April 2015 - 11:40 PM

Hi! Thanks again for your help.

I have a question before I move on to the step of running Adware Cleaner.

1. When I used the uninstaller, BestDeals was removed. However, the Movie Wizard icon is still there in the Uninstaller Window. Is there a step I need to do?

2. Other programs associated with this malware also appear in the Uninstaller (Driver Scanner, SafeGuard and System Notifier). Should I uninstall them as well before running adware cleaner?

Thank you!



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:13 AM

Posted 13 April 2015 - 02:51 AM

Hi there,
please uninstall these programs as well and proceed with step 2 - even if it wasn't possible to uninstall all of them.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 warehelp

warehelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 13 April 2015 - 09:10 PM

Thank you!



#6 warehelp

warehelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 13 April 2015 - 09:48 PM

Ok, here is the Adware log:

 

 

# AdwCleaner v4.200 - Logfile created 30/03/2015 at 13:37:42
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Users\User\AppData\Local\globalUpdate
File Deleted : C:\END
File Deleted : C:\Users\User\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0j7rm10v.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : ObronaCleanerUacSkip

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Kreapixel
Key Deleted : HKCU\Software\AppDataLow\Software\TheBestDeals
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Uniblue
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:9880
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

*************************

AdwCleaner[R0].txt - [6122 bytes] - [30/03/2015 13:35:26]
AdwCleaner[S0].txt - [6199 bytes] - [30/03/2015 13:37:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6258  bytes] ##########
# AdwCleaner v4.201 - Logfile created 13/04/2015 at 19:29:36
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : globalUpdate
Service Deleted : WebWatcherProxy
[#] Service Deleted : BPguQTFy

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\MovieWizard
Folder Deleted : C:\ProgramData\DDsDWI
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Program Files\MixVideoPlayer
Folder Deleted : C:\Program Files\System NotifierV29.03
Folder Deleted : C:\Users\User\AppData\Local\MovieWizard
Folder Deleted : C:\Users\User\AppData\Local\Webplayer Remote
Folder Deleted : C:\Users\User\AppData\Roaming\Kreapixel
Folder Deleted : C:\Users\User\AppData\Roaming\ParetoLogic
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\driverscanner.lnk
File Deleted : C:\Windows\patsearch.bin
File Deleted : C:\Windows\system32\WebWatcherLSP.dll
File Deleted : C:\Windows\system32\WebWatcherProxyOff.ini
File Deleted : C:\Users\User\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\User\AppData\Local\Temp\WebWatcherLSP.ini.log
File Deleted : C:\Users\User\AppData\Local\Temp\WebWatcherProxyr.log
File Deleted : C:\Users\User\AppData\Local\Temp\WebWatcherProxy.log
File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0j7rm10v.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : driverscanner
Task Deleted : dsmonitor
Task Deleted : ObronaCleanerUacSkip
Task Deleted : 86f925c5-c377-4bee-9a34-86bcb4c29f27-10_user
Task Deleted : 86f925c5-c377-4bee-9a34-86bcb4c29f27-5
Task Deleted : 86f925c5-c377-4bee-9a34-86bcb4c29f27-5_user

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableFields
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog.1
Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\WebWatcherProxy.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28E46C93-A83E-4D7D-BB00-E5C371E65C8B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29554878-0746-47A9-9217-B9F57831CE32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{455B1D78-1FC1-4131-889D-35454FD7BFFC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4A690BA7-0428-4C60-8B64-BD448D90D16D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C7D53D5-33A8-4C92-8C90-D021A7B1217F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93BE68AB-DE96-4933-92F9-344694EDAD65}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFE33A6D-3087-418F-88C8-082B72D803CD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CC513FE0-7232-471B-B300-16780D81CE06}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{260EF2BF-62C5-4313-975E-591A7BFAFB2B}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\OBRONA
Key Deleted : HKCU\Software\System NotifierV29.03
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\System NotifierV29.03
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System NotifierV29.03
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:9880
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

*************************

AdwCleaner[R0].txt - [12365 bytes] - [30/03/2015 13:35:26]
AdwCleaner[S0].txt - [12176 bytes] - [30/03/2015 13:37:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12236  bytes] ##########



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:13 AM

Posted 14 April 2015 - 02:58 AM

:thumbup2:
 
Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 warehelp

warehelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 15 April 2015 - 03:37 PM

FYI, I get error messages similar to this a lot: R9GOuNX.exe has stopped working. or RhwoQr8.exe



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:13 AM

Posted 15 April 2015 - 03:41 PM

FYI, I get error messages similar to this a lot: R9GOuNX.exe has stopped working. or RhwoQr8.exe


Task: {AD42CA84-8B97-40AE-8B36-5F40697462FD} - System32\Tasks\IWDLDabn4E7XdDo => C:\Users\User\AppData\Roaming\18f2zsO\R9GOuNX.exe [2015-03-29] ( )

That's fine. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 warehelp

warehelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 15 April 2015 - 08:17 PM

First FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by User (administrator) on USER-PC on 15-04-2015 18:03:46
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\LhwesCcs\LhwesCcs.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Run: [Amazon Music] => C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2511760245-2475643555-3299102179-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2511760245-2475643555-3299102179-1000] => http=127.0.0.1:9880
HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0j7rm10v.default
FF DefaultSearchEngine: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-13]
FF HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 LhwesCcs; C:\Program Files\LhwesCcs\LhwesCcs.exe [256512 2015-03-25] () [File not signed] <==== ATTENTION
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [82560 2012-01-03] (Advanced Micro Devices, INC.)
S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [173184 2012-01-03] (Advanced Micro Devices, INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
S1 wwwd; \??\C:\Windows\system32\Drivers\wwwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 18:03 - 2015-04-15 18:03 - 00000000 ____D () C:\Users\User\Downloads\FRST-OlderVersion
2015-04-15 13:16 - 2015-04-15 13:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 13:16 - 2015-04-15 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-15 13:16 - 2015-04-15 13:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-15 13:16 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-15 13:16 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-15 13:16 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-15 13:15 - 2015-04-15 13:15 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.4.1018(1).exe
2015-04-15 13:14 - 2015-04-15 13:14 - 02276140 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-13 19:43 - 2015-04-13 19:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-13 19:26 - 2015-04-13 19:27 - 02217984 _____ () C:\Users\User\Downloads\adwcleaner_4.201.exe
2015-04-12 21:14 - 2015-04-12 21:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup.exe
2015-04-12 21:14 - 2015-04-12 21:14 - 00001226 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-04-12 21:14 - 2015-04-12 21:14 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-11 17:29 - 2015-04-11 17:29 - 00021178 _____ () C:\Users\User\Desktop\FRST.txt
2015-04-11 17:25 - 2015-04-11 17:25 - 00022435 _____ () C:\Users\User\Desktop\Addition.txt
2015-04-11 16:59 - 2015-04-11 17:00 - 00022435 _____ () C:\Users\User\Downloads\Addition.txt
2015-04-11 16:55 - 2015-04-15 18:04 - 00008256 _____ () C:\Users\User\Downloads\FRST.txt
2015-04-11 16:54 - 2015-04-15 18:03 - 00000000 ____D () C:\FRST
2015-04-11 16:52 - 2015-04-15 18:03 - 01137152 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-04-11 16:47 - 2015-04-11 16:47 - 00000000 ___HD () C:\ProgramData\hmt
2015-04-10 02:44 - 2015-04-10 02:44 - 00745984 _____ () C:\Windows\hmt.dat
2015-03-30 20:38 - 2015-03-30 20:39 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\User\Downloads\cbSetup.exe
2015-03-30 19:52 - 2015-03-30 19:52 - 00000000 __SHD () C:\Program Files\LhwesCcs
2015-03-30 19:47 - 2015-03-30 19:47 - 00000000 __RSH () C:\MSDOS.SYS
2015-03-30 19:47 - 2015-03-30 19:47 - 00000000 __RSH () C:\IO.SYS
2015-03-30 19:46 - 2015-04-13 19:14 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-03-30 19:29 - 2015-03-30 19:29 - 00000037 _____ () C:\Users\User\Desktop\error.txt
2015-03-30 19:17 - 2015-03-30 19:17 - 00000000 ____D () C:\Users\User\Desktop\Old Firefox Data
2015-03-30 17:36 - 2015-03-30 17:36 - 00002132 _____ () C:\Users\User\Desktop\bkmrks.txt
2015-03-30 13:35 - 2015-04-13 19:29 - 00000000 ____D () C:\AdwCleaner
2015-03-29 22:53 - 2015-03-30 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bazooka Scanner
2015-03-29 22:46 - 2015-03-29 22:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-29 20:52 - 2015-04-15 17:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\b3YIulL
2015-03-29 20:52 - 2015-03-29 20:52 - 00000000 ____D () C:\ProgramData\atjs
2015-03-29 20:51 - 2015-04-15 17:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\x8rA2Qv
2015-03-29 20:51 - 2015-04-15 17:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\18f2zsO
2015-03-29 20:48 - 2015-03-29 20:48 - 00563088 _____ () C:\Users\User\Downloads\Setup.exe
2015-03-25 17:58 - 2015-03-25 17:58 - 00252568 _____ () C:\Windows\Minidump\032515-18189-01.dmp
2015-03-23 21:40 - 2015-03-23 21:40 - 00011066 _____ () C:\Users\User\Desktop\BUDGET2.xlsx
2015-03-22 14:40 - 2015-03-22 14:40 - 00252680 _____ () C:\Windows\Minidump\032215-21684-01.dmp
2015-03-20 11:17 - 2015-03-20 11:17 - 00252712 _____ () C:\Windows\Minidump\032015-17269-01.dmp
2015-03-17 19:53 - 2015-03-17 19:54 - 00252568 _____ () C:\Windows\Minidump\031715-19344-01.dmp
2015-03-17 19:41 - 2015-03-17 19:41 - 00000165 ____H () C:\Users\User\Desktop\~$BUDGET.xlsx
2015-03-16 23:13 - 2015-03-16 23:13 - 00729888 _____ (Installer Technology Co) C:\Users\User\Downloads\SoftwareUpdater.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 18:02 - 2014-10-07 21:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-15 18:02 - 2010-11-20 14:48 - 00030944 _____ () C:\Windows\PFRO.log
2015-04-15 18:02 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 18:02 - 2009-07-13 21:39 - 00037966 _____ () C:\Windows\setupact.log
2015-04-15 18:02 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\tracing
2015-04-15 18:02 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-15 17:45 - 2014-08-31 10:24 - 01798870 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 17:42 - 2015-02-03 22:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 13:31 - 2015-02-03 22:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 13:31 - 2015-02-03 22:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 13:17 - 2009-07-13 21:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 13:17 - 2009-07-13 21:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 19:45 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-30 19:44 - 2014-10-07 21:38 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-30 19:44 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2015-03-30 19:44 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-30 19:36 - 2010-11-20 17:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-29 22:54 - 2014-08-31 10:43 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-03-25 17:58 - 2014-10-08 23:53 - 272281986 _____ () C:\Windows\MEMORY.DMP
2015-03-25 17:58 - 2014-10-08 23:53 - 00000000 ____D () C:\Windows\Minidump
2015-03-23 14:20 - 2010-11-20 14:01 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 15:21 - 2014-10-07 22:32 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-03-30 18:35 - 2015-03-30 19:08 - 0000115 _____ () C:\Users\User\AppData\Roaming\LogFile.txt
2014-10-13 11:46 - 2014-10-15 12:40 - 0001743 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\25B50D55-4894-BF5C-76A8-E121A392CC67.exe
C:\Users\User\AppData\Local\Temp\B4D162BF-8BB9-B9A5-C076-A3CAB2859443.dll
C:\Users\User\AppData\Local\Temp\B4D162BF-8BB9-B9A5-C076-A3CAB2859443.exe
C:\Users\User\AppData\Local\Temp\compete.exe
C:\Users\User\AppData\Local\Temp\cw.exe
C:\Users\User\AppData\Local\Temp\Installmanager.exe
C:\Users\User\AppData\Local\Temp\MSETUP4.EXE
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\SpOrder.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-15 14:09

==================== End Of Log ============================

 

 

Addition Log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by User at 2015-04-15 18:05:24
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
D110 (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Movie Wizard (HKLM\...\MovieWizard) (Version: 2.7.63 - Small Island Development) <==== ATTENTION
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

29-03-2015 20:50:49 Uniblue DriverScanner installation
29-03-2015 21:02:57 Supprimé Webplayer Remote
29-03-2015 21:04:01 Supprimé Webplayer Remote
30-03-2015 08:07:11 Windows Update
30-03-2015 19:11:01 Restore Operation
30-03-2015 20:07:32 Windows Update
11-04-2015 16:51:07 Windows Update
12-04-2015 21:16:23 Revo Uninstaller's restore point - Movie Wizard
12-04-2015 21:21:01 Revo Uninstaller's restore point - TheBestDeals
12-04-2015 21:23:32 Revo Uninstaller's restore point - TheBestDeals
12-04-2015 21:30:30 Revo Uninstaller's restore point - Movie Wizard
13-04-2015 19:15:52 Revo Uninstaller's restore point - System NotifierV29.03
13-04-2015 19:18:07 Revo Uninstaller's restore point - SafeGuard
13-04-2015 19:21:26 Revo Uninstaller's restore point - DriverScanner
15-04-2015 13:27:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {32EB210F-7A28-4107-9493-0AC02647E0CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8A276524-BEAA-4ABA-A14D-35D372CA9344} - System32\Tasks\Nd2XoUfWzuNGBWJ => C:\Users\User\AppData\Roaming\x8rA2Qv\ejHImlI.exe
Task: {96A1037D-CC16-4656-B8DD-2344D82C139D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {AD42CA84-8B97-40AE-8B36-5F40697462FD} - System32\Tasks\IWDLDabn4E7XdDo => C:\Users\User\AppData\Roaming\18f2zsO\R9GOuNX.exe
Task: {F2380D0A-227D-401C-AB9B-4ABDD59F44EE} - System32\Tasks\LvxVSg7GzSNoQ0Q => C:\Users\User\AppData\Roaming\b3YIulL\RhwoQR8.exe
Task: {F2583A19-43BB-4B75-98D7-11B58FC898B1} - System32\Tasks\{985094BC-ED7F-4A93-A70D-CBE8CF57DA0D} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-30 19:52 - 2015-03-25 09:05 - 00256512 ___SH () C:\Program Files\LhwesCcs\LhwesCcs.exe
2015-01-12 19:43 - 2015-03-02 15:44 - 05886272 _____ () C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wwwd.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2511760245-2475643555-3299102179-500 - Administrator - Disabled)
Guest (S-1-5-21-2511760245-2475643555-3299102179-501 - Limited - Disabled)
User (S-1-5-21-2511760245-2475643555-3299102179-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: wwwd service
Description: wwwd service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: wwwd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2015 06:04:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 01:27:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service hmt since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/15/2015 01:11:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 07:44:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 07:33:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 07:16:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 07:15:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {520e2c33-6ad4-444b-b812-76fdb1d4d5e2}

Error: (04/12/2015 09:16:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fbbec46a-cf2d-4ad6-b098-5117137737e1}

Error: (04/12/2015 09:13:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 04:45:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/15/2015 06:02:52 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (04/15/2015 06:02:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/15/2015 06:02:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
wwwd

Error: (04/13/2015 07:32:30 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (04/13/2015 07:32:24 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/13/2015 07:30:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/13/2015 07:29:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/13/2015 07:29:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The mhmt service terminated unexpectedly.  It has done this 2 time(s).

Error: (04/13/2015 07:29:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The LhwesCcs service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/13/2015 07:29:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hmt service terminated unexpectedly.  It has done this 2 time(s).

Microsoft Office Sessions:
=========================
Error: (03/14/2015 01:09:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36883 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (03/03/2015 11:38:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 103279 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/08/2015 03:18:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 61888 seconds with 1380 seconds of active time.  This session ended with a crash.

Error: (01/04/2015 11:04:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7748 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/28/2014 03:36:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 352 seconds with 240 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 52%
Total physical RAM: 3063.3 MB
Available physical RAM: 1457.07 MB
Total Pagefile: 6124.9 MB
Available Pagefile: 4643.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:81.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:13 AM

Posted 16 April 2015 - 06:49 AM

Hi there,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    ProxyEnable: [S-1-5-21-2511760245-2475643555-3299102179-1000] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-2511760245-2475643555-3299102179-1000] => http=127.0.0.1:9880
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    R2 LhwesCcs; C:\Program Files\LhwesCcs\LhwesCcs.exe [256512 2015-03-25] () [File not signed] 
    C:\Program Files\LhwesCcs
    2015-03-29 20:52 - 2015-04-15 17:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\b3YIulL
    2015-03-29 20:52 - 2015-03-29 20:52 - 00000000 ____D () C:\ProgramData\atjs
    2015-03-29 20:51 - 2015-04-15 17:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\x8rA2Qv
    2015-03-29 20:51 - 2015-04-15 17:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\18f2zsO
    2015-03-29 20:48 - 2015-03-29 20:48 - 00563088 _____ () C:\Users\User\Downloads\Setup.exe
    Task: {8A276524-BEAA-4ABA-A14D-35D372CA9344} - System32\Tasks\Nd2XoUfWzuNGBWJ => C:\Users\User\AppData\Roaming\x8rA2Qv\ejHImlI.exe
    Task: {AD42CA84-8B97-40AE-8B36-5F40697462FD} - System32\Tasks\IWDLDabn4E7XdDo => C:\Users\User\AppData\Roaming\18f2zsO\R9GOuNX.exe
    Task: {F2380D0A-227D-401C-AB9B-4ABDD59F44EE} - System32\Tasks\LvxVSg7GzSNoQ0Q => C:\Users\User\AppData\Roaming\b3YIulL\RhwoQR8.exe
    Task: {F2583A19-43BB-4B75-98D7-11B58FC898B1} - System32\Tasks\{985094BC-ED7F-4A93-A70D-CBE8CF57DA0D} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 warehelp

warehelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 17 April 2015 - 10:42 PM

I tried to save the first notepad in the same file folder where the FRST program is located. I hope that's what was necessary.

Fix log is here

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by User at 2015-04-17 20:20:34 Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [] => [X]
ProxyEnable: [S-1-5-21-2511760245-2475643555-3299102179-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2511760245-2475643555-3299102179-1000] => http=127.0.0.1:9880
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 LhwesCcs; C:\Program Files\LhwesCcs\LhwesCcs.exe [256512 2015-03-25] () [File not signed]
C:\Program Files\LhwesCcs
2015-03-29 20:52 - 2015-04-15 17:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\b3YIulL
2015-03-29 20:52 - 2015-03-29 20:52 - 00000000 ____D () C:\ProgramData\atjs
2015-03-29 20:51 - 2015-04-15 17:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\x8rA2Qv
2015-03-29 20:51 - 2015-04-15 17:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\18f2zsO
2015-03-29 20:48 - 2015-03-29 20:48 - 00563088 _____ () C:\Users\User\Downloads\Setup.exe
Task: {8A276524-BEAA-4ABA-A14D-35D372CA9344} - System32\Tasks\Nd2XoUfWzuNGBWJ => C:\Users\User\AppData\Roaming\x8rA2Qv\ejHImlI.exe
Task: {AD42CA84-8B97-40AE-8B36-5F40697462FD} - System32\Tasks\IWDLDabn4E7XdDo => C:\Users\User\AppData\Roaming\18f2zsO\R9GOuNX.exe
Task: {F2380D0A-227D-401C-AB9B-4ABDD59F44EE} - System32\Tasks\LvxVSg7GzSNoQ0Q => C:\Users\User\AppData\Roaming\b3YIulL\RhwoQR8.exe
Task: {F2583A19-43BB-4B75-98D7-11B58FC898B1} - System32\Tasks\{985094BC-ED7F-4A93-A70D-CBE8CF57DA0D} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
LhwesCcs => Service deleted successfully.
C:\Program Files\LhwesCcs => Moved successfully.
C:\Users\User\AppData\Roaming\b3YIulL => Moved successfully.
C:\ProgramData\atjs => Moved successfully.
C:\Users\User\AppData\Roaming\x8rA2Qv => Moved successfully.
C:\Users\User\AppData\Roaming\18f2zsO => Moved successfully.
C:\Users\User\Downloads\Setup.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A276524-BEAA-4ABA-A14D-35D372CA9344}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A276524-BEAA-4ABA-A14D-35D372CA9344}" => Key deleted successfully.
C:\Windows\System32\Tasks\Nd2XoUfWzuNGBWJ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nd2XoUfWzuNGBWJ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD42CA84-8B97-40AE-8B36-5F40697462FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD42CA84-8B97-40AE-8B36-5F40697462FD}" => Key deleted successfully.
C:\Windows\System32\Tasks\IWDLDabn4E7XdDo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IWDLDabn4E7XdDo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2380D0A-227D-401C-AB9B-4ABDD59F44EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2380D0A-227D-401C-AB9B-4ABDD59F44EE}" => Key deleted successfully.
C:\Windows\System32\Tasks\LvxVSg7GzSNoQ0Q => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LvxVSg7GzSNoQ0Q" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2583A19-43BB-4B75-98D7-11B58FC898B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2583A19-43BB-4B75-98D7-11B58FC898B1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{985094BC-ED7F-4A93-A70D-CBE8CF57DA0D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{985094BC-ED7F-4A93-A70D-CBE8CF57DA0D}" => Key deleted successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 20:22:20 ====



#13 warehelp

warehelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 17 April 2015 - 11:03 PM

So, just to double-check, is it ok that I told the ESET scanner not to fix the threats (by not checking the box)?



#14 warehelp

warehelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 17 April 2015 - 11:26 PM

ESET log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f3dd94290af774eb49bf0b343746622
# engine=23441
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-18 04:24:07
# local_time=2015-04-17 09:24:07 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5313517 51361041 0 0
# scanned=84422
# found=29
# cleaned=0
# scan_time=1805
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\GoogleUpdate.exe.vir"
sh=0E7CC420B0BE38296EF8516DC3786361119F1F5F ft=1 fh=02f58beb2edcfbd2 vn="Win32/AlteredSoftware.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir"
sh=A565AA91F7873179776579995E9F4D2B2894AE5A ft=1 fh=22e3a81795d8fb05 vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir"
sh=F1A0D0D29F924A24AF0F0521CF6F9A9150A10ECC ft=1 fh=22e3a817befc6b5a vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir"
sh=47362111DD20769D9C44485A710121F39EC3722E ft=1 fh=c71c001192caf50d vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll.vir"
sh=DE4653DB98CE3832D7C0ABE1DB2014C36FA26C3B ft=1 fh=d9cdf1c8ff17595a vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir"
sh=27B0A28D703ED0F4E286C4284C61BE373DC550DE ft=1 fh=c71c0011fea7552e vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir"
sh=EDB4A6C7E75E18ACB805418EFFD78267BB2F37C4 ft=1 fh=c71c001126306ac8 vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll.vir"
sh=399CE73FBD27EABB303FD899656E3C66C55B3F29 ft=1 fh=c71c001160921a34 vn="a variant of Win32/AlteredSoftware.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll.vir"
sh=20E6AF645A1627CD90367439BC8738345FF898AC ft=1 fh=96bcfd39bc5a3d9f vn="a variant of MSIL/NewPlayer.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixVideoPlayer\BrowserWeb.exe.vir"
sh=AE156E941FFF31589A1EFEABC06D823FC7CCA6D0 ft=1 fh=4f54c1f28e5583eb vn="a variant of MSIL/NewPlayer.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixVideoPlayer\mixUpdater.exe.vir"
sh=42ED4CCA9D03FA249B1DEA950B8B4F24E6D68EAD ft=1 fh=9c77a71308565319 vn="a variant of MSIL/Packed.Confuser.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixVideoPlayer\MixVideoPlayer.exe.vir"
sh=A4D38A0D69FA52978C72940ED2624F69ECE8EA6E ft=1 fh=ccef3118b94dd4af vn="a variant of MSIL/NewPlayer.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixVideoPlayer\MixVideoPlayerUpdaterService.exe.vir"
sh=4D00EC342171F09E433408E75FEA6463410D3385 ft=1 fh=c71c00112e984067 vn="a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\System NotifierV29.03\86f925c5-c377-4bee-9a34-86bcb4c29f27-10.exe.vir"
sh=5CF260B1543840AFD9EA15298F315C58D1A6AD25 ft=1 fh=857a404ffa89e9ab vn="a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\System NotifierV29.03\86f925c5-c377-4bee-9a34-86bcb4c29f27-5.exe.vir"
sh=4D00EC342171F09E433408E75FEA6463410D3385 ft=1 fh=c71c00112e984067 vn="a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\System NotifierV29.03\UninstallBrw.exe.vir"
sh=4E13DC601EB8B4814D710D5CF41C01D103971CA6 ft=1 fh=22e2982aadff0672 vn="Win32/Packed.VMDetector.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\System NotifierV29.03\utils.exe.vir"
sh=8162C721C1F0167CF297447C2C27F04C86599147 ft=1 fh=32b30c28aded1165 vn="a variant of MSIL/Adware.PullUpdate.G.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DDsDWI\BPguQTFy.exe.vir"
sh=AB9FD34CD6ABFB1C6AF4D53D5864102EE6CA1659 ft=1 fh=beb078f7c492e759 vn="a variant of MSIL/Adware.PullUpdate.G.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DDsDWI\dat\QRIVRrU.exe.vir"
sh=A42DF0A8EFE5359276115F88E3F768853B7F8479 ft=1 fh=589d75b7f927d90f vn="a variant of MSIL/Adware.PullUpdate.K.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DDsDWI\dat\wKLAQy.dll.vir"
sh=F1893318F8909B1AEC97D739D48B187356F3F7BA ft=1 fh=b04b530982f2eb8c vn="MSIL/Adware.WinuSecu.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Webplayer Remote\boite.exe.vir"
sh=3A384C1819D38053261559824A6F584CD6813DDC ft=1 fh=192b316a35d85b7e vn="MSIL/Adware.WinuSecu.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Webplayer Remote\Kommun.dll.vir"
sh=912716D7D73C000C919AC3C737838FC7A193559B ft=1 fh=47743b6d79dd2deb vn="a variant of Win32/Komodia.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WebWatcherLSP.dll.vir"
sh=D72E8CDA0A17B9014A41A00ACCB89E845D9822E6 ft=1 fh=2e6a73bc1aa9c52f vn="a variant of Win32/Adware.ObronaAds.G application" ac=I fn="C:\FRST\Quarantine\C\Program Files\LhwesCcs\LhwesCcs.exe"
sh=EE5D3C11E365140EE51062BBE7A657560674CEBB ft=1 fh=85b0f9a7e01c0d8c vn="MSIL/Adware.ObronaAds.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files\LhwesCcs\LoopbackForWin8.exe"
sh=3A384C1819D38053261559824A6F584CD6813DDC ft=1 fh=192b316a35d85b7e vn="MSIL/Adware.WinuSecu.B application" ac=I fn="C:\FRST\Quarantine\C\Users\User\AppData\Roaming\18f2zsO\Kommun.dll"
sh=3A384C1819D38053261559824A6F584CD6813DDC ft=1 fh=192b316a35d85b7e vn="MSIL/Adware.WinuSecu.B application" ac=I fn="C:\FRST\Quarantine\C\Users\User\AppData\Roaming\b3YIulL\Kommun.dll"
sh=B272201944516BF015BA1E5F10474766EFDB8761 ft=1 fh=2f337902121674c4 vn="Win32/Packed.VMDetector.S potentially unwanted application" ac=I fn="C:\Users\User\Downloads\SoftwareUpdater.exe"
 



#15 warehelp

warehelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 PM

Posted 17 April 2015 - 11:36 PM

First FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by User (administrator) on USER-PC on 17-04-2015 21:31:49
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Run: [Amazon Music] => C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0j7rm10v.default
FF DefaultSearchEngine: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-13]
FF HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [82560 2012-01-03] (Advanced Micro Devices, INC.)
S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [173184 2012-01-03] (Advanced Micro Devices, INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
S1 wwwd; \??\C:\Windows\system32\Drivers\wwwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 20:50 - 2015-04-17 20:50 - 00000000 ____D () C:\Program Files\ESET
2015-04-17 20:42 - 2015-04-17 20:42 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_enu.exe
2015-04-17 20:05 - 2015-04-17 20:05 - 00000000 ____D () C:\Users\User\Desktop\FIX
2015-04-15 18:03 - 2015-04-15 18:03 - 00000000 ____D () C:\Users\User\Downloads\FRST-OlderVersion
2015-04-15 13:22 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 13:22 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 13:22 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 13:22 - 2015-03-16 22:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 13:22 - 2015-03-16 22:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 13:22 - 2015-03-16 21:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 13:22 - 2015-03-16 21:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 13:22 - 2015-03-16 21:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 13:22 - 2015-03-16 21:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 13:22 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 13:22 - 2015-03-16 21:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 13:22 - 2015-03-16 21:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 13:22 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 13:22 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 13:22 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 13:22 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 13:22 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 13:22 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 13:22 - 2015-03-12 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 13:22 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 13:22 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 13:22 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 13:22 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 13:22 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 13:22 - 2015-03-12 20:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 13:22 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 13:22 - 2015-03-12 20:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 13:22 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 13:22 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 13:22 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 13:22 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 13:22 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 13:22 - 2015-03-12 19:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 13:22 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 13:22 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 13:22 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 13:22 - 2015-03-04 21:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 13:22 - 2015-03-03 21:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 13:22 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 13:21 - 2015-03-24 20:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 13:21 - 2015-03-24 20:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 13:21 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 13:21 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 13:21 - 2015-03-24 20:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 13:21 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 13:21 - 2015-03-24 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 13:21 - 2015-03-24 20:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 13:21 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 13:21 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 13:21 - 2015-03-24 20:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 13:21 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 13:21 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 13:21 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 13:21 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 13:21 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 13:21 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 13:21 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 13:21 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 13:21 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 13:21 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 13:21 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 13:21 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 13:21 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 13:21 - 2015-02-24 20:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 13:16 - 2015-04-17 20:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 13:16 - 2015-04-15 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-15 13:16 - 2015-04-15 13:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-15 13:16 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-15 13:16 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-15 13:16 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-15 13:15 - 2015-04-15 13:15 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.4.1018(1).exe
2015-04-15 13:14 - 2015-04-15 13:14 - 02276140 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-13 19:43 - 2015-04-13 19:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-13 19:26 - 2015-04-13 19:27 - 02217984 _____ () C:\Users\User\Downloads\adwcleaner_4.201.exe
2015-04-12 21:14 - 2015-04-12 21:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup.exe
2015-04-12 21:14 - 2015-04-12 21:14 - 00001226 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-04-12 21:14 - 2015-04-12 21:14 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-11 17:29 - 2015-04-11 17:29 - 00021178 _____ () C:\Users\User\Desktop\FRST.txt
2015-04-11 17:25 - 2015-04-11 17:25 - 00022435 _____ () C:\Users\User\Desktop\Addition.txt
2015-04-11 16:59 - 2015-04-15 18:06 - 00020085 _____ () C:\Users\User\Downloads\Addition.txt
2015-04-11 16:55 - 2015-04-17 21:32 - 00007895 _____ () C:\Users\User\Downloads\FRST.txt
2015-04-11 16:54 - 2015-04-17 21:31 - 00000000 ____D () C:\FRST
2015-04-11 16:52 - 2015-04-15 18:03 - 01137152 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-04-11 16:47 - 2015-04-11 16:47 - 00000000 ___HD () C:\ProgramData\hmt
2015-04-10 02:44 - 2015-04-10 02:44 - 00745984 _____ () C:\Windows\hmt.dat
2015-03-30 20:38 - 2015-03-30 20:39 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\User\Downloads\cbSetup.exe
2015-03-30 19:47 - 2015-03-30 19:47 - 00000000 __RSH () C:\MSDOS.SYS
2015-03-30 19:47 - 2015-03-30 19:47 - 00000000 __RSH () C:\IO.SYS
2015-03-30 19:46 - 2015-04-13 19:14 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-03-30 19:29 - 2015-03-30 19:29 - 00000037 _____ () C:\Users\User\Desktop\error.txt
2015-03-30 19:17 - 2015-03-30 19:17 - 00000000 ____D () C:\Users\User\Desktop\Old Firefox Data
2015-03-30 17:36 - 2015-03-30 17:36 - 00002132 _____ () C:\Users\User\Desktop\bkmrks.txt
2015-03-30 13:35 - 2015-04-13 19:29 - 00000000 ____D () C:\AdwCleaner
2015-03-29 22:53 - 2015-03-30 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bazooka Scanner
2015-03-29 22:46 - 2015-03-29 22:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-25 17:58 - 2015-03-25 17:58 - 00252568 _____ () C:\Windows\Minidump\032515-18189-01.dmp
2015-03-23 21:40 - 2015-03-23 21:40 - 00011066 _____ () C:\Users\User\Desktop\BUDGET2.xlsx
2015-03-22 14:40 - 2015-03-22 14:40 - 00252680 _____ () C:\Windows\Minidump\032215-21684-01.dmp
2015-03-20 11:17 - 2015-03-20 11:17 - 00252712 _____ () C:\Windows\Minidump\032015-17269-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 21:31 - 2015-02-03 22:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-17 20:35 - 2009-07-13 21:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 20:35 - 2009-07-13 21:34 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 20:32 - 2014-08-31 10:24 - 01993244 _____ () C:\Windows\WindowsUpdate.log
2015-04-17 20:27 - 2010-11-20 14:48 - 00032156 _____ () C:\Windows\PFRO.log
2015-04-17 20:27 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-17 20:27 - 2009-07-13 21:39 - 00038134 _____ () C:\Windows\setupact.log
2015-04-17 20:02 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-16 22:59 - 2014-08-31 11:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 22:58 - 2010-11-20 14:01 - 00740374 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 18:02 - 2014-10-07 21:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-15 18:02 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\tracing
2015-04-15 18:02 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-15 13:31 - 2015-02-03 22:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 13:31 - 2015-02-03 22:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-30 19:45 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-30 19:44 - 2014-10-07 21:38 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-30 19:44 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2015-03-30 19:44 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-30 19:36 - 2010-11-20 17:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-29 22:54 - 2014-08-31 10:43 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-03-25 17:58 - 2014-10-08 23:53 - 272281986 _____ () C:\Windows\MEMORY.DMP
2015-03-25 17:58 - 2014-10-08 23:53 - 00000000 ____D () C:\Windows\Minidump
2015-03-20 15:21 - 2014-10-07 22:32 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-03-30 18:35 - 2015-03-30 19:08 - 0000115 _____ () C:\Users\User\AppData\Roaming\LogFile.txt
2014-10-13 11:46 - 2014-10-15 12:40 - 0001743 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-15 14:09

==================== End Of Log ============================

 

 

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by User at 2015-04-17 21:32:34
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
D110 (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Movie Wizard (HKLM\...\MovieWizard) (Version: 2.7.63 - Small Island Development) <==== ATTENTION
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.104 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-03-2015 20:50:49 Uniblue DriverScanner installation
29-03-2015 21:02:57 Supprimé Webplayer Remote
29-03-2015 21:04:01 Supprimé Webplayer Remote
30-03-2015 08:07:11 Windows Update
30-03-2015 19:11:01 Restore Operation
30-03-2015 20:07:32 Windows Update
11-04-2015 16:51:07 Windows Update
12-04-2015 21:16:23 Revo Uninstaller's restore point - Movie Wizard
12-04-2015 21:21:01 Revo Uninstaller's restore point - TheBestDeals
12-04-2015 21:23:32 Revo Uninstaller's restore point - TheBestDeals
12-04-2015 21:30:30 Revo Uninstaller's restore point - Movie Wizard
13-04-2015 19:15:52 Revo Uninstaller's restore point - System NotifierV29.03
13-04-2015 19:18:07 Revo Uninstaller's restore point - SafeGuard
13-04-2015 19:21:26 Revo Uninstaller's restore point - DriverScanner
15-04-2015 13:27:30 Windows Update
16-04-2015 22:51:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {32EB210F-7A28-4107-9493-0AC02647E0CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {96A1037D-CC16-4656-B8DD-2344D82C139D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-12 19:43 - 2015-03-02 15:44 - 05886272 _____ () C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-04-15 13:31 - 2015-04-15 13:31 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wwwd.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2511760245-2475643555-3299102179-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2511760245-2475643555-3299102179-500 - Administrator - Disabled)
Guest (S-1-5-21-2511760245-2475643555-3299102179-501 - Limited - Disabled)
User (S-1-5-21-2511760245-2475643555-3299102179-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: wwwd service
Description: wwwd service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: wwwd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2015 08:28:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2015 07:58:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 06:04:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2015 01:27:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service hmt since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/15/2015 01:11:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 07:44:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 07:33:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 07:16:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 07:15:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {520e2c33-6ad4-444b-b812-76fdb1d4d5e2}

Error: (04/12/2015 09:16:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fbbec46a-cf2d-4ad6-b098-5117137737e1}


System errors:
=============
Error: (04/17/2015 08:27:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
wwwd

Error: (04/17/2015 08:21:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/17/2015 08:20:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LhwesCcs service failed to start due to the following error:
%%3

Error: (04/17/2015 08:20:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/17/2015 08:20:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/17/2015 08:20:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/17/2015 08:20:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The LhwesCcs service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/17/2015 08:20:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/17/2015 08:20:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/17/2015 08:20:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (03/14/2015 01:09:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36883 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (03/03/2015 11:38:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 103279 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/08/2015 03:18:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 61888 seconds with 1380 seconds of active time.  This session ended with a crash.

Error: (01/04/2015 11:04:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7748 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/28/2014 03:36:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 352 seconds with 240 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 42%
Total physical RAM: 3063.3 MB
Available physical RAM: 1752.86 MB
Total Pagefile: 6124.91 MB
Available Pagefile: 4773.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:81.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users