Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7/iTunes updating issue along with hidden virus problem


  • Please log in to reply
76 replies to this topic

#1 nate0

nate0

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 19 May 2015 - 12:41 PM

Alright,

 

There is an issue that I am currently having with my Toshiba laptop. I am running Windows 7. Back in November when I attempted to update iTunes to the most current version was when things started acting strangely on my computer and when I began to notice that there was an issue. I am currently a college student and have been very busy with working and attending school that I am only now finding the time necessary to sit down and really figure this problem out. 

 

I have recently contacted Windows support and the only help they could give me after working with them for over two hours was that I could "possibly try rebooting my operating system, but it is not guaranteed to solve the issue" which would wipe my entire drive and who knows if it would even take care of the issue. I have only realized the magnitude of the issue that I am dealing with within the last month or two. What sketched me out the most was when the Windows tech assistant was remote controlling my computer and ran a scan and could not find a thing. The problem with what Windows suggested is that I prefer not to wipe my computer drive and wipe everything because I have nearly 300 gigs of music on my drive that I cannot be sure if I will be able to access again.

 

I had copied all of my music library onto an external WD hard drive before iTunes decided to take a hiatus on me. This sounds great and all but apparently I wrote my password down incorrectly to access my drive. (I have tried everything to get it correct.) I set my drive to automatically unlock when it connects to my Toshiba but I potentially will lose my music if I wipe my drive and this takes out my WD drivers set to remember my passwords. It would also be great to access my library on other computers. In regards to solving my WD issue, I have to restore my drive and re-copy everything back onto it but I cannot get onto iTunes to achieve this so I am currently stuck at an impasse.

 

Hopefully I have explained all of this adequately. Can someone please help me?

 

Nate



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:14 PM

Posted 25 May 2015 - 12:28 PM

Hello,

Let's see what is going on.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

Edited by Alexstrasza, 25 May 2015 - 12:29 PM.


#3 nate0

nate0
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 25 May 2015 - 12:41 PM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Nate (administrator) on 25-05-2015 at 13:34:14
Running from "C:\Users\Nate\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Satellite L755 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Nate-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 68-A3-C4-EE-29-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : E8-9A-8F-44-F7-4D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 68-A3-C4-EE-29-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7dfc:8bc8:87b4:abe8%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.254.8(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, May 25, 2015 1:15:16 PM
   Lease Expires . . . . . . . . . . : Tuesday, November 15, 2022 4:15:32 AM
   Default Gateway . . . . . . . . . : 192.168.254.254
   DHCP Server . . . . . . . . . . . : 192.168.254.254
   DHCPv6 IAID . . . . . . . . . . . : 241738692
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-77-D3-68-68-A3-C4-EE-29-85
   DNS Servers . . . . . . . . . . . : 192.168.254.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{05FB6CF7-1D57-472D-9346-9769429FD559}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.Home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  MyRouter.Home
Address:  192.168.254.254
 
Name:    google.com
Addresses:  2607:f8b0:4002:801::1001
 173.194.37.46
 173.194.37.41
 173.194.37.34
 173.194.37.39
 173.194.37.38
 173.194.37.36
 173.194.37.32
 173.194.37.40
 173.194.37.37
 173.194.37.35
 173.194.37.33
 
 
Pinging google.com [173.194.37.46] with 32 bytes of data:
Reply from 173.194.37.46: bytes=32 time=32ms TTL=49
Reply from 173.194.37.46: bytes=32 time=33ms TTL=49
 
Ping statistics for 173.194.37.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 33ms, Average = 32ms
Server:  MyRouter.Home
Address:  192.168.254.254
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=65ms TTL=52
Reply from 206.190.36.45: bytes=32 time=64ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 64ms, Maximum = 65ms, Average = 64ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...68 a3 c4 ee 29 85 ......Microsoft Virtual WiFi Miniport Adapter
 12...e8 9a 8f 44 f7 4d ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
 11...68 a3 c4 ee 29 85 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.254.254    192.168.254.8     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.254.0    255.255.255.0         On-link     192.168.254.8    281
    192.168.254.8  255.255.255.255         On-link     192.168.254.8    281
  192.168.254.255  255.255.255.255         On-link     192.168.254.8    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.254.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.254.8    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::7dfc:8bc8:87b4:abe8/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/25/2015 01:33:15 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.
 
Error: (05/25/2015 01:33:15 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.
 
Error: (05/25/2015 01:29:50 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.
 
Error: (05/25/2015 01:29:50 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.
 
Error: (05/25/2015 01:29:06 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.
 
Error: (05/25/2015 01:29:06 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.
 
Error: (05/25/2015 01:28:43 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
 
Error: (05/25/2015 01:28:43 PM) (Source: Windows Search Service) (User: )
Description: Error ID 1 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
 
Error: (05/25/2015 01:28:42 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.
 
Error: (05/25/2015 01:28:42 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.
 
 
System errors:
=============
Error: (05/25/2015 01:33:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 16 time(s).
 
Error: (05/25/2015 01:33:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%6801
 
Error: (05/25/2015 01:29:51 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 15 time(s).
 
Error: (05/25/2015 01:29:51 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%6801
 
Error: (05/25/2015 01:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 14 time(s).
 
Error: (05/25/2015 01:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%6801
 
Error: (05/25/2015 01:28:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 13 time(s).
 
Error: (05/25/2015 01:28:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%6801
 
Error: (05/25/2015 01:27:01 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 12 time(s).
 
Error: (05/25/2015 01:27:01 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%6801
 
 
Microsoft Office Sessions:
=========================
Error: (05/25/2015 01:33:15 PM) (Source: Windows Search Service)(User: )
Description: 100x80071a91Failed to save Crawl Scope Manager changes:
 
Error: (05/25/2015 01:33:15 PM) (Source: Windows Search Service)(User: )
Description: 200x80071a91
 
Error: (05/25/2015 01:29:50 PM) (Source: Windows Search Service)(User: )
Description: 100x80071a91Failed to save Crawl Scope Manager changes:
 
Error: (05/25/2015 01:29:50 PM) (Source: Windows Search Service)(User: )
Description: 200x80071a91
 
Error: (05/25/2015 01:29:06 PM) (Source: Windows Search Service)(User: )
Description: 100x80071a91Failed to save Crawl Scope Manager changes:
 
Error: (05/25/2015 01:29:06 PM) (Source: Windows Search Service)(User: )
Description: 200x80071a91
 
Error: (05/25/2015 01:28:43 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
Recovery phase failed
 
Error: (05/25/2015 01:28:43 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
1
 
Error: (05/25/2015 01:28:42 PM) (Source: Windows Search Service)(User: )
Description: 100x80071a91Failed to save Crawl Scope Manager changes:
 
Error: (05/25/2015 01:28:42 PM) (Source: Windows Search Service)(User: )
Description: 200x80071a91
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-20 10:05:49.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-20 10:05:49.624
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-20 10:05:14.601
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-20 10:05:14.502
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-20 10:02:14.503
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-20 10:02:14.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Ableton Live 9 Trial (HKLM-x32\...\{DD8B12B9-A6BD-4555-ADA9-FBE2B77BE49B}) (Version: 9.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Bejeweled 3 (HKLM-x32\...\WTA-d9def735-e8d2-4302-997b-b2be0bd89310) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (HKLM-x32\...\WTA-d4fab8b2-2888-4a8a-aca5-8253f8668bd9) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DriverBoost (HKLM-x32\...\{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}) (Version: 8.1 - DriverBoost)
Dropbox (HKCU\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
FATE - The Traitor Soul (HKLM-x32\...\WTA-65c5dfcd-fa53-4c16-8e8b-2ab1775e8726) (Version: 2.2.0.95 - WildTangent) Hidden
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Groove-Stream (HKLM-x32\...\groove_stream) (Version:  - Groove-Stream)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{33A06AC3-F20D-417A-B621-83A73771624E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{963EF6DD-DE6B-43D8-A2AC-9217FD39958F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Jewel Quest: The Sleepless Star - Collector's Edition (HKLM-x32\...\WTA-3200342c-726a-4cad-a6bf-cfa915658866) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
Media Player (HKCU\...\Media Player) (Version:  - )
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Penguins! (HKLM-x32\...\WTA-6a7c78a0-cd9c-4b26-a5a6-5bd443df9cd6) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-052e2433-c083-4186-a84d-7239737ac6d7) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WTA-414ff6fb-e454-4b86-b8ab-48af57650a62) (Version: 2.2.0.95 - WildTangent) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tom Clancy's Splinter Cell (HKLM-x32\...\WTA-b24cf3bf-9dd3-434d-9bef-91b0e8a6b1c9) (Version: 2.2.0.97 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UTILILAB SystemOPTIMIZER (HKLM-x32\...\{B80101BC-D0EE-45e3-AD9A-50AE7B834EB0}_is1) (Version: 3.5.1000.15467 - UTILILAB GmbH)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6ABA2F3-9759-48CD-B25B-A07A811E92E4}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (HKLM-x32\...\WTA-33e7da0c-fe0a-4e72-a14e-8c05cdd44403) (Version: 2.2.0.97 - WildTangent) Hidden
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 57%
Total physical RAM: 4043.86 MB
Available physical RAM: 1700.58 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 5291.06 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.52 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TI106139W0E) (Fixed) (Total:580.98 GB) (Free:322.21 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\NATE-PC
 
Administrator            Guest                    Nate                     
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
18-03-2015 16:31:25 Windows Update
30-04-2015 03:57:25 Removed QuickTime 7
30-04-2015 03:58:51 Removed Apple Software Update
30-04-2015 03:59:16 Removed Apple Mobile Device Support
30-04-2015 03:59:53 Removed Apple Mobile Device Support
30-04-2015 04:00:58 Removed Apple Mobile Device Support
30-04-2015 04:01:34 Removed Bonjour
30-04-2015 04:03:57 Removed Apple Application Support (32-bit)
30-04-2015 04:19:07 Installed iTunes
19-05-2015 16:36:30 Removed iTunes
20-05-2015 23:47:56 Windows Update
 
**** End of log ****
 
 

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:14 PM

Posted 25 May 2015 - 12:51 PM

Hi there,

See here on why you should not use a driver updater (in this case DriverBoost).

Please uninstall the following software from Programs and Features:

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
DriverBoost (HKLM-x32\...\{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}) (Version: 8.1 - DriverBoost)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

If you run into any issues, let me know.

Do you use these?

Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)

Do you play WildTangent games?

I will need your confirmation that you have uninstalled the software above, and your answers to the two questions.

Regards,
Alex

#5 nate0

nate0
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 25 May 2015 - 01:19 PM

The reason I turned to a driver updating program was because I was having trouble with my ipod and other usb accessories connecting to my computer. Is there another fix for this issue if I run into this again?

 

I ran into an issue when trying to remove the driverboost. The other two programs were successful but when I go to uninstall driverboost, there is not an option to uninstall like there was for the other two. Only an option to "change" and when I choose that, I receive an error that says "Error opening installation log file. Verify that the specified log file location exists and is writable." Then when I click OK, I receive another error that says the same thing again, just in a different font.

 

No, I do not play wildtangent games. I went ahead and uninstalled all of them.

 

I use the Amazon music and downloader for MP3s that I purchase through Amazon. I do not use the other two.



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:14 PM

Posted 25 May 2015 - 01:24 PM

Hi there,

Please download Revo Uninstaller from here and use it to remove DriverBoost.

If you do not use Amazon Links and Norton PC Checkup, go ahead and uninstall them.

After that please run this.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Full Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#7 nate0

nate0
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 25 May 2015 - 09:50 PM

It seems that the program you have showed me to use to uninstall the driverboost program has glitched out. There is a random bubble that is still floating on my computer that stays in the front of my windows that says "Uninstall or Remove... XX program"

 

Currently my scan has frozen at 75% and has detected 20 malicious issues. I will update if anything further transpires of the scan though.



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:14 PM

Posted 26 May 2015 - 08:17 AM

Keep me posted.

#9 nate0

nate0
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 26 May 2015 - 10:57 AM

What can be done about the random floating bubble?

 

Also, I must have been being impatient because of course as soon as I posted that, the program moves forward with the scan. Here are the results:

 

Emsisoft Emergency Kit - Version 9.0
Last update: 5/25/2015 10:41:08 PM
User account: Nate-PC\Nate
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 5/25/2015 10:42:46 PM
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard detected: Application.AdStart (A)
C:\Users\Nate\AppData\Roaming\drivercure detected: Application.AppInstall (A)
C:\Users\Nate\AppData\Roaming\pccustubinstaller detected: Application.AppInstall (A)
C:\Users\Nate\AppData\Roaming\performersoft detected: Application.AppInstall (A)
C:\Users\Nate\AppData\Roaming\speedypc software detected: Application.AppInstall (A)
C:\ProgramData\speedypc software detected: Application.AppInstall (A)
C:\Program Files (x86)\file scout detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESCORT.DLL detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESCORTAPP.DLL detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESCORTENG.DLL detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESCORTLBR.DLL detected: Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5} detected: Application.AdReg (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\IBUPDATERSERVICE detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\IBUPDATERSERVICE detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3570733744-542898301-3116952141-1001\SOFTWARE\SPEEDYPC SOFTWARE detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SPEEDYPC SOFTWARE detected: Application.InstallAd (A)
 
Scanned 370592
Found 20
 
Scan end: 5/26/2015 11:55:56 AM
Scan time: 13:13:10
 
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SPEEDYPC SOFTWARE Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3570733744-542898301-3116952141-1001\SOFTWARE\SPEEDYPC SOFTWARE Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\IBUPDATERSERVICE Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESCORTLBR.DLL Quarantined Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESCORTENG.DLL Quarantined Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESCORTAPP.DLL Quarantined Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESCORT.DLL Quarantined Application.Win32.WSearch (A)
C:\Program Files (x86)\file scout Quarantined Application.AppInstall (A)
C:\ProgramData\speedypc software Quarantined Application.AppInstall (A)
C:\Users\Nate\AppData\Roaming\speedypc software Quarantined Application.AppInstall (A)
C:\Users\Nate\AppData\Roaming\performersoft Quarantined Application.AppInstall (A)
C:\Users\Nate\AppData\Roaming\pccustubinstaller Quarantined Application.AppInstall (A)
C:\Users\Nate\AppData\Roaming\drivercure Quarantined Application.AppInstall (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard Quarantined Application.AdStart (A)
 
Quarantined 19


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:14 PM

Posted 26 May 2015 - 11:06 AM

Hi there,

Can you take a screenshot of the "bubble" and post it here? You can upload the screenshot to an external hosting image like Imgur, then copy the link into your post.

Alex

#11 nate0

nate0
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 26 May 2015 - 11:11 AM

http://i.imgur.com/wxYQm7S.png?1



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:14 PM

Posted 26 May 2015 - 11:15 AM

Hi there,

Please exit Revo Uninstaller by using Task Manager to kill Revouninstaller.exe and see if the bubble disappears.

After that please run this.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#13 nate0

nate0
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 26 May 2015 - 02:35 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/26/2015
Scan Time: 12:27:45 PM
Logfile: scanMay2015.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.26.04
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nate
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374554
Time Elapsed: 34 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}, Quarantined, [bd7fedabee9c0f27fd69f5ea10f3ee12], 
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}, Quarantined, [f04c2e6a4f3bbe78b3b3914e4fb455ab], 
PUP.Optional.FunMoods.A, HKU\S-1-5-21-3570733744-542898301-3116952141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B29410E8-D696-4636-B31F-040835D251B5}, Quarantined, [9d9fb7e1bcce999dca9b409f5da67d83], 
 
Registry Values: 16
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|URL, http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyE0FyByE0DyBtDyCzztN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1170512337, Quarantined, [bd7fedabee9c0f27fd69f5ea10f3ee12]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|TopResultURLFallback, http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyE0FyByE0DyBtDyCzztN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1170512337, Quarantined, [8ab288105337a69014523ea138cb46ba]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [0e2e82160981181e31353da207fca957]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [24189afe71191a1cc1a50ed153b06799]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [40fca4f46a207fb76df99c43887b48b8]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}, Funmoods, Quarantined, [78c49503a6e42511da8ca53a5ea50cf4]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|DisplayName, Funmoods, Quarantined, [75c75f393f4bce68b5b13aa5bb488878]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|DisplayName, Funmoods, Quarantined, [f04c2e6a4f3bbe78b3b3914e4fb455ab]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|URL, http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyE0FyByE0DyBtDyCzztN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1170512337, Quarantined, [97a52e6a3159c96de6805f802dd6aa56]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [0735a1f70b7f1f17c79f4996f60de719]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|TopResultURLFallback, http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyE0FyByE0DyBtDyCzztN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1170512337, Quarantined, [d468197f45457abcb4b209d6689b25db]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [ea524751593161d59cca9d42bd46827e]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [63d9bddb701ac17514525e81768de51b]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}, Funmoods, Quarantined, [e458eeaa018959ddaabc6f7021e238c8]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-3570733744-542898301-3116952141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B29410E8-D696-4636-B31F-040835D251B5}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [9d9fb7e1bcce999dca9b409f5da67d83]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-3570733744-542898301-3116952141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B29410E8-D696-4636-B31F-040835D251B5}, Funmoods, Quarantined, [b48832666e1ce650b2b3429dee15966a]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.AZLyrics.A, C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [36062b6dc2c891a518368173897aeb15], 
PUP.Optional.AZLyrics.A, C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [d06cb0e8f89220168bc3be3654af5ba5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/26/2015
Scan Time: 12:27:45 PM
Logfile: scanMay2015.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.26.04
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nate
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374554
Time Elapsed: 34 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}, Quarantined, [bd7fedabee9c0f27fd69f5ea10f3ee12], 
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}, Quarantined, [f04c2e6a4f3bbe78b3b3914e4fb455ab], 
PUP.Optional.FunMoods.A, HKU\S-1-5-21-3570733744-542898301-3116952141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B29410E8-D696-4636-B31F-040835D251B5}, Quarantined, [9d9fb7e1bcce999dca9b409f5da67d83], 
 
Registry Values: 16
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|URL, http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyE0FyByE0DyBtDyCzztN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1170512337, Quarantined, [bd7fedabee9c0f27fd69f5ea10f3ee12]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|TopResultURLFallback, http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyE0FyByE0DyBtDyCzztN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1170512337, Quarantined, [8ab288105337a69014523ea138cb46ba]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [0e2e82160981181e31353da207fca957]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [24189afe71191a1cc1a50ed153b06799]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [40fca4f46a207fb76df99c43887b48b8]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}, Funmoods, Quarantined, [78c49503a6e42511da8ca53a5ea50cf4]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|DisplayName, Funmoods, Quarantined, [75c75f393f4bce68b5b13aa5bb488878]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|DisplayName, Funmoods, Quarantined, [f04c2e6a4f3bbe78b3b3914e4fb455ab]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|URL, http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyE0FyByE0DyBtDyCzztN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1170512337, Quarantined, [97a52e6a3159c96de6805f802dd6aa56]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [0735a1f70b7f1f17c79f4996f60de719]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|TopResultURLFallback, http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyE0FyByE0DyBtDyCzztN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1170512337, Quarantined, [d468197f45457abcb4b209d6689b25db]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [ea524751593161d59cca9d42bd46827e]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [63d9bddb701ac17514525e81768de51b]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BF691E59-95B3-4C4E-9535-B77EAABA0FC0}, Funmoods, Quarantined, [e458eeaa018959ddaabc6f7021e238c8]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-3570733744-542898301-3116952141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B29410E8-D696-4636-B31F-040835D251B5}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [9d9fb7e1bcce999dca9b409f5da67d83]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-3570733744-542898301-3116952141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B29410E8-D696-4636-B31F-040835D251B5}, Funmoods, Quarantined, [b48832666e1ce650b2b3429dee15966a]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.AZLyrics.A, C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [36062b6dc2c891a518368173897aeb15], 
PUP.Optional.AZLyrics.A, C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [d06cb0e8f89220168bc3be3654af5ba5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:14 PM

Posted 26 May 2015 - 02:41 PM

Hi there,

Please post the log from ESET Online Scanner when it is finished. Thank you :)

Regards,
Alex

#15 nate0

nate0
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 27 May 2015 - 01:59 AM

My apologies. I tried to have my Mom take over for the second scan because I had to go to work. Here are the results:

 

C:\Program Files (x86)\FLVPlayer\Uninstall\Uninstall.exe a variant of Win32/InstallCore.BH potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\GOHelper.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\Network.dll a variant of Win32/Systweak.M potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USO.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOBackupManager.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOCheckUpdate.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USODiskDoctor.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USODiskExplorer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USODiskOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USODriverUpdater.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USODuplicateFilesRemover.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOGameOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOHelper.dll a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOMemoryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USONewScheduler.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOPCFixer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USORegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USORegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOSecureDelete.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOSecureEncryptor.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOStartupManager.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOSysFileBakRes.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOSystemAnalyzerAndAdvisor.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOUndelete.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USOUninstallManager.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Users\Nate\Downloads\flstudio-10.0.9c.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Nate\Downloads\usosetup.exe a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users