1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Very Slow, Often get "Failed to load security options" and freezes

Discussion in 'Virus & Other Malware Removal' started by Elbiglou, Jun 7, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
    As of the last week, have been experiencing issues with extreme slowness. Reset Firefox to defaults, did not help. PC slows/freezes, when tried to launch task manager, CTRL-ALT-DEL, get message "Failed to load security options" then screen stays black with only that message. At times never unfreezes. After a hard re-boot, goes straight to recovery mode. I have noticed that there are certain error messages such as failed updates. And also, my security defaults have been "turned off" at least once without my doing......... Yikes! I have done a recovery to previous date, and that has helped, but then it starts all over again.... Certain start up items dont load and then the freeze comes again. And again the "Failed to load security options".....

    Here are the logs... I believe i got them all....

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:51:20 AM, on 6/7/2014
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16545)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Online Armor\OAui.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Online Armor\OAhlp.exe
    C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Users\zorobejar\Downloads\HijackThis(1).exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...home&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10446 bytes




    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.5.1
    Run by zorobejar at 10:56:18 on 2014-06-07
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.771 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Online Armor\OAcat.exe
    C:\Program Files\Online Armor\oasrv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\system32\lxbkcoms.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\System32\WUDFHost.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Online Armor\OAui.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Online Armor\OAhlp.exe
    C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
    uProxyOverride = <local>;*.local
    uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
    mRun: [lxbkbmgr.exe] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{04396276-A3C8-4A37-B1BB-C06D20AB24DD} : DHCPNameServer = 192.168.1.1
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\zorobejar\appdata\roaming\mozilla\firefox\profiles\o7p9sui8.default-1401420615191\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com/
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\1\NP_wtapp.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-2-11 210360]
    R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-2-11 44984]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-2-11 34856]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 21504]
    R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-26 1809720]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-26 860472]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104264]
    R2 OAcat;Online Armor Helper Service;c:\program files\online armor\OAcat.exe [2012-2-11 584864]
    R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\OAsrv.exe [2012-2-11 4457688]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-11 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-26 110296]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-26 51928]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
    R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2012-2-11 31760]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-9-5 19456]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-11 27192]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
    .
    =============== File Associations ===============
    .
    ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
    ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
    .
    =============== Created Last 30 ================
    .
    2014-06-06 23:36:57 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{716ed0a9-deb9-4f7e-a10f-8a1f166319f4}\mpengine.dll
    2014-06-06 04:52:53 -------- d-----w- c:\windows\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP
    2014-06-06 04:46:42 -------- d-----w- c:\windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP
    2014-06-05 17:56:22 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2014-06-05 16:34:51 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f38dbff-9ed8-496c-aec2-333ac86aeeca}\gapaengine.dll
    2014-06-03 05:14:57 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(7)
    2014-06-03 04:33:07 -------- d-----w- c:\users\zorobejar\appdata\local\HP
    2014-05-31 02:40:26 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-05-26 21:25:06 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-26 21:10:17 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-26 21:10:16 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-26 21:10:14 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-05-16 04:27:05 -------- d-----w- c:\users\zorobejar\appdata\roaming\SanDisk SecureAccess
    2014-05-14 10:04:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-05-10 17:53:50 1266800 ----a-w- c:\program files\mozilla firefox\icuin52.dll
    2014-05-10 17:53:50 10594416 ----a-w- c:\program files\mozilla firefox\icudt52.dll
    2014-05-10 17:53:49 965232 ----a-w- c:\program files\mozilla firefox\icuuc52.dll
    .
    ==================== Find3M ====================
    .
    2014-05-14 05:06:31 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-05-14 05:06:31 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-05-14 05:06:05 17938608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2014-05-12 14:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-11 16:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    .
    ============= FINISH: 11:00:07.19 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista&#8482; Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/31/2007 2:53:27 AM
    System Uptime: 6/7/2014 10:18:11 AM (1 hours ago)
    .
    Motherboard: ECS | | Nettle3
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 1000/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 326 GiB total, 216.884 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.257 GiB free.
    E: is CDROM ()
    F: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0004
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #2
    PNP Device ID: ROOT\*6TO4MP\0004
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0029
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #16
    PNP Device ID: ROOT\*6TO4MP\0029
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0050
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #36
    PNP Device ID: ROOT\*6TO4MP\0050
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter
    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #4
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0003
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #5
    PNP Device ID: ROOT\*ISATAP\0003
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0004
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0004
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0005
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #7
    PNP Device ID: ROOT\*ISATAP\0005
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0006
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #8
    PNP Device ID: ROOT\*ISATAP\0006
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0007
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #6
    PNP Device ID: ROOT\*ISATAP\0007
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0008
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #10
    PNP Device ID: ROOT\*ISATAP\0008
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0009
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #11
    PNP Device ID: ROOT\*ISATAP\0009
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0010
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #9
    PNP Device ID: ROOT\*ISATAP\0010
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0011
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #13
    PNP Device ID: ROOT\*ISATAP\0011
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0013
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #14
    PNP Device ID: ROOT\*ISATAP\0013
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 13 ActiveX
    Adobe Flash Player 13 Plugin
    Adobe Reader X (10.1.10)
    Adobe Shockwave Player 12.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Yahoo! Applications
    AT&T Yahoo! Music Jukebox
    ATT-AACE
    Avery Wizard 3.1
    Azureus Vuze
    Bonjour
    Compatibility Pack for the 2007 Office system
    Enhanced Multimedia Keyboard Solution
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Picasso Media Center Add-In
    HP Update
    iCloud
    iPod Access for Windows v4.1.3
    iPod for Windows 2005-10-12
    iTunes
    Java 7 Update 17
    Java Auto Updater
    JavaFX 2.1.1
    Lexmark X1100 Series
    LG USB Modem driver
    LightScribe 1.8.15.1
    Linksys EasyLink Advisor
    LiveUpdate Notice (Symantec Corporation)
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mobile Broadband Generic Drivers
    MobileMe Control Panel
    Mozilla Firefox 29.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSN
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.0
    My HP Games
    Norton Security Scan
    NVIDIA Drivers
    Online Armor 5.5
    PCLinq2 High-Speed USB Bridge Cable
    PL-2303 USB-to-Serial
    PSSWCORE
    Pure Networks Platform
    Python 2.5
    QuickTime 7
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Revo Uninstaller Pro 2.5.7
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Soft Data Fax Modem with SmartCP
    swMSM
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update Installer for WildTangent Games App
    Veetle TV 0.9.18
    VideoToolkit01
    VoiceOver Kit
    VZAccess Manager
    WeatherBug Gadget
    WebEx Support Manager for Internet Explorer
    WildTangent Games App (HP Games)
    Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    WinPatrol
    WinRAR archiver
    WOT for Internet Explorer
    Yahoo! Search Protection
    .
    ==== End Of File ===========================




    GMER 2.1.19357 - http://www.gmer.net
    Rootkit quick scan 2014-06-07 11:47:20
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000091 ST336032 rev.3.CH 335.35GB
    Running: r4muw9rc.exe; Driver: C:\Users\ZOROBE~1\AppData\Local\Temp\kxlyruog.sys


    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- Devices - GMER 2.1 ----

    Device \Driver\tdx \Device\Ip OAmon.sys
    Device \Driver\tdx \Device\Tcp OAmon.sys
    Device \Driver\tdx \Device\Udp OAmon.sys
    Device \Driver\tdx \Device\RawIp OAmon.sys

    ---- EOF - GMER 2.1 ----
     
  2. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
    87 views... Wondering if anything sticks out at all?
     
  3. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Hello Elbiglou, welcome to Tech Support Guy's Malware Removal forum!

    My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
    If you would allow me to call you by your first name I would prefer that. :)

    ======================================================

    Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.
    • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
    • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
    • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
    • Ensure you are subscribed to this topic to receive instant email notifications of my responses.
    • Please attempt to backup important documents before proceeding with my instructions.
    • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
    • While I'm in training, it's important that threads move along in a timely manner so as not to hinder my progress. Therefore, if no response is made within 5 days, I will have to unsubscribe from your thread and move on to helping others. Please inform me if you will require additional time to complete my instructions.
    ======================================================

    Please be advised that I am currently in training at WhattheTech.com. My responses will need to be approved by a teaching expert at WhattheTech.com before I post in order to ensure you are receiving accurate instructions. I will return as soon as possible.
     
  4. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Hello Elbiglou,

    Please carry out the following scans and post the logs generated.

    STEP 1
    [​IMG] Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) and save the file to your desktop.
    • Right-Click FRST.exe and select [​IMG] Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.

    STEP 2
    [​IMG] aswMBR
    • Please download aswMBR and save the file to your desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click aswMBR.exe and select [​IMG] Run as administrator to run the programme.
    • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
    • Click the AV Scan: drop down box and click C:\.
    • Click Scan.
    • Upon completion, you will see Scan finished successfully. Click Save log.
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.
    Note: Do NOT attempt to click Fix or FixMBR.
    Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.


    STEP 3
    [​IMG] Farbar Service Scanner (FSS)
    • Please download FSS and save the file to your desktop.
    • Right-Click FSS.exe and select [​IMG] Run as administrator to run the programme.
    • Ensure the following items are checked:

      • [​IMG].
      • [​IMG].
      • [​IMG].
      • [​IMG].
      • [​IMG].
      • [​IMG].

    • Click [​IMG].
    • A log (FSS.txt) will be created on your desktop. Copy the contents of the log and paste in your next reply.

    ======================================================

    STEP 4
    [​IMG] Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
    • FRST.txt
    • Addition.txt
    • aswMBR log
    • FSS.txt
     
  5. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
    Thank you. I will try to do this tonight. What time zone are you in? Just wondering. If I cannot get to this tonight, i will tomorrow or at the latest Sunday morning.

    Thank you again
     
  6. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Hi Elbiglou,

    My time zone is currently GMT+1. There is no rush to complete the instructions; please do not feel pressurised. :) I only request you inform me if you require longer than 3 days to complete the instructions.
     
  7. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
    Hello Adam - Here are the requested logs.... You can call me Luis by the way. Thanks. Hope to hear from you soon. Thanks!

    #1


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
    Ran by zorobejar (administrator) on ZOROBEJAR-PC on 14-06-2014 19:02:37
    Running from C:\Users\zorobejar\Desktop
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
    (Emsisoft GmbH) C:\Program Files\Online Armor\OAsrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\iPod Access for Windows\iPAHelper.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    ( ) C:\Windows\System32\lxbkcoms.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
    (OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
    (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    (Microsoft Corporation) C:\Windows\System32\schtasks.exe
    (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Emsisoft GmbH) C:\Program Files\Online Armor\OAui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    (Emsisoft GmbH) C:\Program Files\Online Armor\OAhlp.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\hp\KBD\kbd.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
    HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
    HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
    HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
    HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [74672 2007-04-26] (Lexmark International, Inc.)
    HKLM\...\Run: [Symantec PIF AlertEng] => C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
    HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
    HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13539872 2008-05-22] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-05-22] (NVIDIA Corporation)
    HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2012-09-19] (RealNetworks, Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [400480 2012-01-30] (BillP Studios)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
    HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-07-18] (Hewlett-Packard Company)
    HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
    ShortcutTarget: ymetray.lnk -> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...home&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM - DefaultScope {F630738B-7FF4-4E20-896C-ED4D6307FEFF} URL =
    SearchScopes: HKLM - {08509951-78FA-4720-BEA4-40B3602B8662} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM - {4A08F7A6-2B0E-4C55-A31A-193FD6A9EE18} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    SearchScopes: HKCU - DefaultScope {F630738B-7FF4-4E20-896C-ED4D6307FEFF} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKCU - {08509951-78FA-4720-BEA4-40B3602B8662} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKCU - {4A08F7A6-2B0E-4C55-A31A-193FD6A9EE18} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    SearchScopes: HKCU - {5AEBC260-3257-4C0E-9E7B-9D48D15135BB} URL = http://delicious.com/search?p={searchTerms}
    SearchScopes: HKCU - {6F217834-7CF7-474A-85DF-2027B3CA1332} URL = http://www.flickr.com/search/?q={searchTerms}
    SearchScopes: HKCU - {F630738B-7FF4-4E20-896C-ED4D6307FEFF} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
    Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
    Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
    Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
    Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\zorobejar\AppData\Roaming\Mozilla\Firefox\Profiles\o7p9sui8.default-1401420615191
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://att.yahoo.com/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin HKCU: @real.com/RhapsodyPlayerEngine - C:\Users\zorobejar\AppData\Roaming\nprhapengine.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF Extension: Yahoo! Toolbar - C:\Users\zorobejar\AppData\Roaming\Mozilla\Firefox\Profiles\o7p9sui8.default-1401420615191\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-12]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-19]

    ========================== Services (Whitelisted) =================

    R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 iPAHelper.exe; C:\Program Files\iPod Access for Windows\iPAHelper.exe [1543614 2007-04-05] () [File not signed]
    S2 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
    R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
    R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537520 2007-04-26] ( )
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-11-28] (Motive Communications, Inc.) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
    R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
    R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
    R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
    S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
    S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
    S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

    ==================== Drivers (Whitelisted) ====================

    S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2007-09-05] (LeapFrog) [File not signed]
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-13] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [20480 2008-07-07] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174336 2008-05-09] (Novatel Wireless Inc.)
    R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
    R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
    R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
    R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
    R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
    R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
    S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [32408 2009-03-20] (Smith Micro Inc.)
    S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S2 MCSTRM; No ImagePath
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-06-14 19:02 - 2014-06-14 19:03 - 00021989 _____ () C:\Users\zorobejar\Desktop\FRST.txt
    2014-06-14 19:02 - 2014-06-14 19:02 - 00000000 ____D () C:\FRST
    2014-06-14 18:58 - 2014-06-14 18:58 - 01073152 _____ (Farbar) C:\Users\zorobejar\Desktop\FRST.exe
    2014-06-11 16:49 - 2014-05-28 09:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-06-11 16:49 - 2014-05-28 09:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-06-11 16:49 - 2014-05-28 09:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-06-11 16:49 - 2014-05-28 09:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-06-11 16:49 - 2014-05-28 09:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-06-11 16:49 - 2014-05-28 09:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-06-11 16:49 - 2014-05-28 09:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-06-11 16:49 - 2014-05-28 09:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-06-11 16:49 - 2014-05-28 09:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-06-11 16:49 - 2014-05-28 09:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-06-11 16:49 - 2014-05-28 09:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-06-11 16:49 - 2014-05-28 09:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-06-11 16:49 - 2014-05-28 09:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-06-11 16:48 - 2014-05-28 09:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-06-11 16:48 - 2014-05-28 09:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-06-11 16:48 - 2014-05-28 09:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-06-11 16:48 - 2014-05-28 09:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-06-11 16:48 - 2014-05-28 09:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-06-11 16:48 - 2014-05-28 09:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-06-11 16:48 - 2014-05-28 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-06-11 16:48 - 2014-05-28 09:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-06-10 22:00 - 2014-06-10 22:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-06-10 21:54 - 2014-04-26 09:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-06-10 21:53 - 2014-04-04 20:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-06-10 21:53 - 2014-04-04 18:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2014-06-10 21:53 - 2014-03-09 18:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-06-10 21:53 - 2014-03-09 18:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-06-07 21:34 - 2014-06-08 17:58 - 00147456 _____ () C:\Users\zorobejar\Documents\Journeys Project.ppt
    2014-06-07 12:19 - 2014-06-07 12:19 - 00000602 _____ () C:\Users\zorobejar\Desktop\ark.txt
    2014-06-07 11:44 - 2014-06-07 11:44 - 00380416 _____ () C:\Users\zorobejar\Desktop\r4muw9rc.exe
    2014-06-07 11:05 - 2014-06-07 11:05 - 00380416 _____ () C:\Users\zorobejar\Downloads\cti0wltx.exe
    2014-06-07 11:03 - 2014-06-07 11:03 - 00007853 _____ () C:\Users\zorobejar\Desktop\attach.txt
    2014-06-07 11:03 - 2014-06-07 11:00 - 00015912 _____ () C:\Users\zorobejar\Desktop\dds.txt
    2014-06-07 10:55 - 2014-06-07 10:55 - 00688992 ____R (Swearware) C:\Users\zorobejar\Desktop\dds.scr
    2014-06-07 10:51 - 2014-06-07 10:51 - 00010448 _____ () C:\Users\zorobejar\Desktop\hijackthis.log
    2014-06-07 10:48 - 2014-06-07 10:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\zorobejar\Downloads\HijackThis(2).exe
    2014-06-07 10:47 - 2014-06-07 10:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\zorobejar\Downloads\HijackThis(1).exe
    2014-06-06 20:50 - 2014-06-06 20:50 - 00000000 ____D () C:\Users\Different User\AppData\Local\VS Revo Group
    2014-06-06 20:30 - 2014-06-06 20:30 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Adobe
    2014-06-06 20:30 - 2014-06-06 20:30 - 00000000 ____D () C:\Users\Different User\AppData\Local\Macromedia
    2014-06-06 20:29 - 2014-06-06 20:29 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Mozilla
    2014-06-06 20:29 - 2014-06-06 20:29 - 00000000 ____D () C:\Users\Different User\AppData\Local\Mozilla
    2014-06-06 20:00 - 2014-06-06 20:00 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\WinPatrol
    2014-06-06 19:59 - 2014-06-06 19:59 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Yahoo!
    2014-06-06 19:59 - 2014-06-06 19:59 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Hewlett-Packard
    2014-06-06 19:58 - 2014-06-06 19:58 - 00000000 ____D () C:\Users\Different User\AppData\Local\Hewlett-Packard
    2014-06-06 19:56 - 2014-06-06 19:56 - 00106752 _____ () C:\Users\Different User\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Real
    2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\OnlineArmor
    2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Apple Computer
    2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Local\Apple Computer
    2014-06-06 19:55 - 2014-06-06 20:15 - 00000946 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2014-06-06 19:55 - 2014-06-06 19:55 - 00000951 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-06-06 19:54 - 2014-06-06 19:54 - 00000917 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    2014-06-06 19:52 - 2014-06-06 20:45 - 00000000 ____D () C:\Users\Different User\AppData\Local\temp
    2014-06-06 19:52 - 2014-06-06 19:52 - 00000020 ___SH () C:\Users\Different User\ntuser.ini
    2014-06-06 19:52 - 2011-09-24 16:32 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Macromedia
    2014-06-06 19:52 - 2008-06-24 21:14 - 00000000 ___RD () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-06-06 19:52 - 2008-06-24 21:14 - 00000000 ___RD () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-06-06 19:51 - 2014-06-06 19:51 - 00000000 ____D () C:\Users\Different User\AppData\Local\VirtualStore
    2014-06-05 21:52 - 2014-06-05 21:53 - 00000000 ____D () C:\Windows\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP
    2014-06-05 21:46 - 2014-06-05 21:50 - 00000000 ____D () C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP
    2014-06-05 14:02 - 2014-06-05 14:02 - 00464384 _____ () C:\Users\zorobejar\Documents\President Lincoln.ppt
    2014-06-04 20:58 - 2014-06-10 20:33 - 00042892 _____ () C:\Users\zorobejar\Desktop\AreaPlayoffs.Game.Ref Schedule.xlsx
    2014-06-02 22:14 - 2014-06-02 22:15 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(7)
    2014-06-02 21:33 - 2014-06-02 21:33 - 00000000 ____D () C:\Users\zorobejar\AppData\Local\HP
    2014-05-30 19:42 - 2014-06-03 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-05-30 19:42 - 2014-05-30 19:42 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-05-30 19:40 - 2014-06-03 18:33 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-05-29 20:30 - 2014-05-29 20:30 - 00000000 ____D () C:\Users\zorobejar\Desktop\Old Firefox Data
    2014-05-28 22:12 - 2014-05-28 22:18 - 00042598 _____ () C:\Users\zorobejar\Desktop\RanchoCucamonga.Game.Ref Schedule.xlsx
    2014-05-28 21:53 - 2014-05-28 22:11 - 00042816 _____ () C:\Users\zorobejar\Desktop\Riverside.Game.Ref Schedule.xlsx
    2014-05-27 19:19 - 2014-05-27 19:19 - 00042893 _____ () C:\Users\zorobejar\Desktop\Fox.N.Hare.Game.Schedule.xlsx
    2014-05-26 14:25 - 2014-06-13 20:23 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-26 14:11 - 2014-05-26 14:11 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-26 14:11 - 2014-05-26 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-26 14:10 - 2014-05-26 14:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-26 14:10 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-26 14:10 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-23 07:39 - 2014-05-28 21:48 - 00042751 _____ () C:\Users\zorobejar\Desktop\Cypress.Game.Ref Schedule.xlsx
    2014-05-15 21:27 - 2014-05-15 21:27 - 00000000 ____D () C:\Users\zorobejar\AppData\Roaming\SanDisk SecureAccess

    ==================== One Month Modified Files and Folders =======

    2014-06-14 19:04 - 2012-09-26 18:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-06-14 19:03 - 2014-06-14 19:02 - 00021989 _____ () C:\Users\zorobejar\Desktop\FRST.txt
    2014-06-14 19:03 - 2012-02-08 19:35 - 00000000 ____D () C:\Users\zorobejar\AppData\Local\temp
    2014-06-14 19:02 - 2014-06-14 19:02 - 00000000 ____D () C:\FRST
    2014-06-14 18:58 - 2014-06-14 18:58 - 01073152 _____ (Farbar) C:\Users\zorobejar\Desktop\FRST.exe
    2014-06-14 18:53 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\tracing
    2014-06-14 18:45 - 2007-10-31 02:52 - 01074806 _____ () C:\Windows\WindowsUpdate.log
    2014-06-14 18:23 - 2006-11-02 05:47 - 00005728 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-06-14 18:23 - 2006-11-02 05:47 - 00005728 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-06-13 20:23 - 2014-05-26 14:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-12 19:05 - 2011-07-16 09:17 - 00000000 ____D () C:\Users\zorobejar\AppData\Roaming\HpUpdate
    2014-06-12 16:37 - 2009-04-25 15:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2014-06-12 16:37 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-06-12 16:36 - 2014-04-22 20:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-06-11 22:07 - 2006-11-02 06:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-06-10 23:10 - 2013-07-28 18:31 - 00000000 ____D () C:\Windows\system32\MRT
    2014-06-10 22:07 - 2006-11-02 03:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-06-10 22:01 - 2014-06-10 22:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-06-10 20:33 - 2014-06-04 20:58 - 00042892 _____ () C:\Users\zorobejar\Desktop\AreaPlayoffs.Game.Ref Schedule.xlsx
    2014-06-08 19:30 - 2007-12-25 14:14 - 00000946 _____ () C:\Users\zorobejar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2014-06-08 19:23 - 2006-11-02 03:33 - 00768350 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-06-08 17:58 - 2014-06-07 21:34 - 00147456 _____ () C:\Users\zorobejar\Documents\Journeys Project.ppt
    2014-06-08 17:44 - 2008-09-01 21:33 - 00000000 ____D () C:\temp
    2014-06-07 12:19 - 2014-06-07 12:19 - 00000602 _____ () C:\Users\zorobejar\Desktop\ark.txt
    2014-06-07 11:44 - 2014-06-07 11:44 - 00380416 _____ () C:\Users\zorobejar\Desktop\r4muw9rc.exe
    2014-06-07 11:05 - 2014-06-07 11:05 - 00380416 _____ () C:\Users\zorobejar\Downloads\cti0wltx.exe
    2014-06-07 11:03 - 2014-06-07 11:03 - 00007853 _____ () C:\Users\zorobejar\Desktop\attach.txt
    2014-06-07 11:00 - 2014-06-07 11:03 - 00015912 _____ () C:\Users\zorobejar\Desktop\dds.txt
    2014-06-07 10:55 - 2014-06-07 10:55 - 00688992 ____R (Swearware) C:\Users\zorobejar\Desktop\dds.scr
    2014-06-07 10:51 - 2014-06-07 10:51 - 00010448 _____ () C:\Users\zorobejar\Desktop\hijackthis.log
    2014-06-07 10:48 - 2014-06-07 10:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\zorobejar\Downloads\HijackThis(2).exe
    2014-06-07 10:47 - 2014-06-07 10:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\zorobejar\Downloads\HijackThis(1).exe
    2014-06-07 09:48 - 2007-10-20 05:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-06-06 20:50 - 2014-06-06 20:50 - 00000000 ____D () C:\Users\Different User\AppData\Local\VS Revo Group
    2014-06-06 20:45 - 2014-06-06 19:52 - 00000000 ____D () C:\Users\Different User\AppData\Local\temp
    2014-06-06 20:42 - 2008-07-14 20:59 - 00000376 _____ () C:\Windows\ODBC.INI
    2014-06-06 20:30 - 2014-06-06 20:30 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Adobe
    2014-06-06 20:30 - 2014-06-06 20:30 - 00000000 ____D () C:\Users\Different User\AppData\Local\Macromedia
    2014-06-06 20:29 - 2014-06-06 20:29 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Mozilla
    2014-06-06 20:29 - 2014-06-06 20:29 - 00000000 ____D () C:\Users\Different User\AppData\Local\Mozilla
    2014-06-06 20:15 - 2014-06-06 19:55 - 00000946 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2014-06-06 20:00 - 2014-06-06 20:00 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\WinPatrol
    2014-06-06 19:59 - 2014-06-06 19:59 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Yahoo!
    2014-06-06 19:59 - 2014-06-06 19:59 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Hewlett-Packard
    2014-06-06 19:58 - 2014-06-06 19:58 - 00000000 ____D () C:\Users\Different User\AppData\Local\Hewlett-Packard
    2014-06-06 19:57 - 2007-12-26 08:55 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-06-06 19:56 - 2014-06-06 19:56 - 00106752 _____ () C:\Users\Different User\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Real
    2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\OnlineArmor
    2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Apple Computer
    2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Local\Apple Computer
    2014-06-06 19:55 - 2014-06-06 19:55 - 00000951 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-06-06 19:54 - 2014-06-06 19:54 - 00000917 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    2014-06-06 19:52 - 2014-06-06 19:52 - 00000020 ___SH () C:\Users\Different User\ntuser.ini
    2014-06-06 19:51 - 2014-06-06 19:51 - 00000000 ____D () C:\Users\Different User\AppData\Local\VirtualStore
    2014-06-06 19:40 - 2011-12-03 10:57 - 00001356 _____ () C:\Users\zorobejar\AppData\Local\d3d9caps.dat
    2014-06-05 21:57 - 2007-10-20 05:33 - 00000000 ____D () C:\Program Files\Snapfish Picture Mover
    2014-06-05 21:53 - 2014-06-05 21:52 - 00000000 ____D () C:\Windows\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP
    2014-06-05 21:53 - 2007-12-27 18:30 - 00000000 ____D () C:\Program Files\LeapFrog
    2014-06-05 21:50 - 2014-06-05 21:46 - 00000000 ____D () C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP
    2014-06-05 21:46 - 2007-10-20 05:23 - 00001586 _____ () C:\ProgramData\hpzinstall.log
    2014-06-05 14:02 - 2014-06-05 14:02 - 00464384 _____ () C:\Users\zorobejar\Documents\President Lincoln.ppt
    2014-06-03 20:20 - 2011-09-26 19:22 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-06-03 20:20 - 2008-03-25 19:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-06-03 18:35 - 2007-12-25 14:03 - 00000000 ____D () C:\Users\zorobejar
    2014-06-03 18:35 - 2007-10-20 05:42 - 00000000 ____D () C:\ProgramData\Symantec
    2014-06-03 18:34 - 2007-12-28 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPod Access for Windows
    2014-06-03 18:34 - 2006-11-02 03:22 - 58720256 _____ () C:\Windows\system32\config\software_previous
    2014-06-03 18:34 - 2006-11-02 03:22 - 41418752 _____ () C:\Windows\system32\config\components_previous
    2014-06-03 18:34 - 2006-11-02 03:22 - 28311552 _____ () C:\Windows\system32\config\system_previous
    2014-06-03 18:34 - 2006-11-02 03:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
    2014-06-03 18:34 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
    2014-06-03 18:34 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
    2014-06-03 18:33 - 2014-05-30 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-06-03 18:33 - 2014-05-30 19:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-06-03 18:33 - 2012-03-15 16:08 - 00000000 ____D () C:\Program Files\LG Electronics
    2014-06-03 18:33 - 2012-02-12 14:07 - 00000000 ____D () C:\Program Files\WOT
    2014-06-03 18:33 - 2011-12-04 06:53 - 00000000 ____D () C:\Program Files\Verizon Wireless
    2014-06-03 18:33 - 2011-10-23 00:05 - 00000000 ____D () C:\Program Files\Bonjour
    2014-06-03 18:33 - 2009-11-26 17:21 - 00000000 ____D () C:\ProgramData\Real
    2014-06-03 18:33 - 2009-07-22 18:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
    2014-06-03 18:33 - 2009-07-22 18:03 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
    2014-06-03 18:33 - 2009-07-22 18:03 - 00000000 ____D () C:\ProgramData\Norton
    2014-06-03 18:33 - 2008-07-06 14:16 - 00000000 ____D () C:\Program Files\Norton Security Scan
    2014-06-03 18:33 - 2008-02-14 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate Notice
    2014-06-03 18:33 - 2008-02-03 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2014-06-03 18:33 - 2007-12-28 20:28 - 00000000 ____D () C:\ProgramData\Findley Designs
    2014-06-03 18:33 - 2007-12-28 20:28 - 00000000 ____D () C:\Program Files\iPod Access for Windows
    2014-06-03 18:33 - 2007-10-20 05:42 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-06-03 18:33 - 2007-10-20 05:24 - 00000000 ____D () C:\Program Files\Roxio
    2014-06-03 18:33 - 2007-10-20 05:24 - 00000000 ____D () C:\Program Files\Common Files\SureThing Shared
    2014-06-03 18:33 - 2007-10-20 05:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
    2014-06-03 18:33 - 2007-10-20 05:23 - 00000000 ____D () C:\ProgramData\HP
    2014-06-03 18:33 - 2007-10-20 05:23 - 00000000 ____D () C:\Program Files\Common Files\HP
    2014-06-03 18:33 - 2007-10-20 05:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-06-03 18:33 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\spool
    2014-06-03 18:33 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\Msdtc
    2014-06-03 18:33 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration
    2014-06-03 16:41 - 2007-10-20 05:17 - 00446780 _____ () C:\Windows\PFRO.log
    2014-06-02 22:15 - 2014-06-02 22:14 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(7)
    2014-06-02 21:58 - 2007-12-27 18:43 - 00020774 _____ () C:\Windows\DPINST.LOG
    2014-06-02 21:33 - 2014-06-02 21:33 - 00000000 ____D () C:\Users\zorobejar\AppData\Local\HP
    2014-05-30 19:42 - 2014-05-30 19:42 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-05-30 19:42 - 2008-12-01 22:31 - 00000000 ____D () C:\Program Files\iTunes
    2014-05-30 19:40 - 2008-01-14 22:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-05-30 19:40 - 2007-12-25 19:35 - 00000000 ____D () C:\Program Files\iPod
    2014-05-29 20:30 - 2014-05-29 20:30 - 00000000 ____D () C:\Users\zorobejar\Desktop\Old Firefox Data
    2014-05-28 22:18 - 2014-05-28 22:12 - 00042598 _____ () C:\Users\zorobejar\Desktop\RanchoCucamonga.Game.Ref Schedule.xlsx
    2014-05-28 22:11 - 2014-05-28 21:53 - 00042816 _____ () C:\Users\zorobejar\Desktop\Riverside.Game.Ref Schedule.xlsx
    2014-05-28 21:51 - 2014-03-09 20:37 - 00168960 _____ () C:\Users\zorobejar\Desktop\Area schedule.xls
    2014-05-28 21:48 - 2014-05-23 07:39 - 00042751 _____ () C:\Users\zorobejar\Desktop\Cypress.Game.Ref Schedule.xlsx
    2014-05-28 21:47 - 2014-05-13 20:27 - 00043178 _____ () C:\Users\zorobejar\Desktop\Game.Ref Schedule QH.xlsx
    2014-05-28 09:48 - 2014-06-11 16:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-28 09:39 - 2014-06-11 16:49 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-05-28 09:38 - 2014-06-11 16:48 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-05-28 09:33 - 2014-06-11 16:49 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-05-28 09:32 - 2014-06-11 16:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-05-28 09:32 - 2014-06-11 16:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-05-28 09:31 - 2014-06-11 16:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-05-28 09:31 - 2014-06-11 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-05-28 09:30 - 2014-06-11 16:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-05-28 09:30 - 2014-06-11 16:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-05-28 09:30 - 2014-06-11 16:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-05-28 09:30 - 2014-06-11 16:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-05-28 09:30 - 2014-06-11 16:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-05-28 09:30 - 2014-06-11 16:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-05-28 09:30 - 2014-06-11 16:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-05-28 09:29 - 2014-06-11 16:49 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-05-28 09:29 - 2014-06-11 16:49 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-05-28 09:29 - 2014-06-11 16:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-28 09:29 - 2014-06-11 16:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-05-28 09:29 - 2014-06-11 16:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-28 09:28 - 2014-06-11 16:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-05-27 19:19 - 2014-05-27 19:19 - 00042893 _____ () C:\Users\zorobejar\Desktop\Fox.N.Hare.Game.Schedule.xlsx
    2014-05-26 14:11 - 2014-05-26 14:11 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-26 14:11 - 2014-05-26 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-26 14:11 - 2012-02-11 16:52 - 00000000 ____D () C:\Users\zorobejar\AppData\Roaming\Malwarebytes
    2014-05-26 14:10 - 2014-05-26 14:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-05-26 14:10 - 2012-02-11 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-26 14:10 - 2012-02-11 16:52 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-05-15 21:27 - 2014-05-15 21:27 - 00000000 ____D () C:\Users\zorobejar\AppData\Roaming\SanDisk SecureAccess
    2014-05-15 21:25 - 2014-04-28 16:19 - 00000795 _____ () C:\Windows\setupact.log
    2014-05-15 18:28 - 2014-05-14 16:11 - 00857088 _____ () C:\Users\zorobejar\Documents\UC San Diego-Home of the tritons.ppt

    Some content of TEMP:
    ====================
    C:\Users\Different User\AppData\Local\temp\rtdrvmon.exe
    C:\Users\zorobejar\AppData\Local\temp\rtdrvmon.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-06-12 16:42

    ==================== End Of Log ============================


    #2



    Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02
    Ran by zorobejar at 2014-06-14 19:04:56
    Running from C:\Users\zorobejar\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

    ==================== Installed Programs ======================

    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0.1 - Microsoft Corporation) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
    Adobe AIR (Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AT&T Yahoo! Applications (HKLM\...\Yahoo! Applications) (Version: - AT&T Yahoo!)
    AT&T Yahoo! Music Jukebox (Version: 2.2.1.037 - Yahoo!) Hidden
    ATT-AACE (HKLM\...\ATT-AACE) (Version: - )
    Avery Wizard 3.1 (HKLM\...\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}) (Version: 3.1.5 - Avery)
    Azureus Vuze (HKLM\...\Azureus Vuze) (Version: - Azureus, Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard)
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4558.05 - PC-Doctor, Inc.)
    Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
    Hewlett-Packard Asset Agent for Health Check (Version: 2.0.64.0 - HP) Hidden
    HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden
    HP Active Support Library 32 bit components (Version: 2.1.0 - Hewlett-Packard) Hidden
    HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.2.0.2296 - Hewlett-Packard)
    HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
    HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.2.0.2304 - Hewlett-Packard)
    HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)
    HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
    HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
    HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
    HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
    iPod Access for Windows v4.1.3 (HKLM\...\iPod Access for Windows_is1) (Version: - Findley Designs)
    iPod for Windows 2005-10-12 (HKLM\...\InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}) (Version: 4.3.0 - Apple Computer, Inc.)
    iPod for Windows 2005-10-12 (Version: 4.3.0 - Apple Computer, Inc.) Hidden
    iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
    Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
    Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.)
    LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
    LightScribe 1.8.15.1 (Version: 1.8.15.1 - http://www.lightscribe.com) Hidden
    Linksys EasyLink Advisor (HKLM\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems)
    Linksys EasyLink Advisor (Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
    LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Mobile Broadband Generic Drivers (HKLM\...\Mobile Broadband Generic Drivers) (Version: 2.02.11.001.14 - Novatel Wireless)
    Mobile Broadband Generic Drivers (Version: 2.02.11.001.14 - Novatel Wireless) Hidden
    MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
    Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version: - )
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    muvee autoProducer 6.0 (HKLM\...\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}) (Version: 6.00.050 - muvee Technologies)
    My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1804 - WildTangent)
    Norton Security Scan (HKLM\...\NSS) (Version: 2.3.0.44 - Symantec Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
    Online Armor 5.5 (HKLM\...\OnlineArmor_is1) (Version: 5.5 - Emsi Software GmbH)
    PCLinq2 High-Speed USB Bridge Cable (HKLM\...\{95381165-5D16-4CD4-9162-57799A3F3AB5}) (Version: - )
    PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
    PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
    Pure Networks Platform (Version: 11.1.9051.0 - Pure Networks) Hidden
    Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
    Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
    Roxio Activation Module (Version: 1.0 - Roxio) Hidden
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
    Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
    Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
    Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
    Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.572 - Roxio)
    Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
    Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
    VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
    VZAccess Manager (HKLM\...\{7641FD7D-E94E-424E-A95C-0593C84DC0C0}) (Version: 7.0.1.8 - Smith Micro Software Inc.)
    WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
    WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
    WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.12 - WildTangent)
    Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6) (HKLM\...\8F1A19F8168CB0908127999D4F53773EAF35C31E) (Version: 06/15/2007 1.0.0.6 - LeapFrog)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    WinPatrol (HKLM\...\{007811BF-E310-4285-BFC6-55DB29B3EDDE}) (Version: 24.1.2012 - BillP Studios)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
    WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
    Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version: - ) <==== ATTENTION

    ==================== Restore Points =========================

    14-05-2014 10:00:56 Windows Update
    16-05-2014 01:57:51 Scheduled Checkpoint
    19-05-2014 03:49:57 Windows Update
    20-05-2014 00:50:50 Scheduled Checkpoint
    21-05-2014 02:10:13 Scheduled Checkpoint
    22-05-2014 00:45:23 Scheduled Checkpoint
    22-05-2014 15:55:23 Windows Update
    23-05-2014 15:44:12 Scheduled Checkpoint
    24-05-2014 17:03:21 Scheduled Checkpoint
    26-05-2014 04:33:54 Windows Update
    27-05-2014 16:15:09 Scheduled Checkpoint
    30-05-2014 01:01:30 Windows Update
    31-05-2014 04:18:33 Scheduled Checkpoint
    01-06-2014 07:00:21 Scheduled Checkpoint
    02-06-2014 23:22:49 Windows Update
    03-06-2014 03:32:27 Windows Update
    03-06-2014 04:43:32 Removed LG USB Modem driver
    03-06-2014 04:51:17 Removed VZAccess Manager.
    03-06-2014 04:59:16 Removed Snapfish Picture Mover
    03-06-2014 05:07:49 Removed WOT for Internet Explorer
    03-06-2014 05:08:38 Removed WOT for Internet Explorer
    03-06-2014 05:18:51 Removed LiveUpdate Notice (Symantec Corporation)
    04-06-2014 02:05:45 Windows Update
    05-06-2014 17:15:16 Scheduled Checkpoint
    06-06-2014 04:56:16 Removed Snapfish Picture Mover
    06-06-2014 04:58:51 Removed VZAccess Manager.
    07-06-2014 04:52:07 Scheduled Checkpoint
    07-06-2014 21:19:31 Scheduled Checkpoint
    08-06-2014 00:30:30 Windows Update
    09-06-2014 07:00:27 Scheduled Checkpoint
    10-06-2014 03:51:59 Scheduled Checkpoint
    11-06-2014 05:04:55 Windows Update
    12-06-2014 04:42:58 Scheduled Checkpoint
    12-06-2014 05:04:25 Windows Update
    13-06-2014 01:56:10 Scheduled Checkpoint
    14-06-2014 04:15:25 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    2006-11-02 03:23 - 2012-02-08 19:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {1E2BD2D7-6D17-4E33-99BB-040B28E8E059} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1759747925-34736268-1556840103-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
    Task: {5229179F-BE62-4526-83B6-38A835DF0FB4} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe
    Task: {52720035-204E-4A6F-B856-72392ADFEAEE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {9B1D45F9-4587-4EBE-B1F0-0900A1834538} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {9F807809-A120-40ED-84B6-0E8497EC751F} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
    Task: {A04D04F4-1342-42CE-936E-EE76832A6348} - System32\Tasks\Microsoft\Windows\RestartManager\{1697B477-605B-4ba7-A610-53F8C4D4E5BD} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {AAAC8BCA-AF34-4A33-9963-A7546D3EC34B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
    Task: {CE0AC70A-DC13-4D84-9B45-10D5379A45B9} - System32\Tasks\JavaUpdateDifferent User => C:\Windows\system32\jusched.exe
    Task: {DD8B7A8D-1831-48C4-9810-20C43A94DD1A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {E447C2C8-2DE4-47BD-A9E0-DA5F1A966B3B} - System32\Tasks\JavaUpdatezorobejar => C:\Windows\system32\jusched.exe
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
    Task: {EF50AA3F-DE37-4AC9-AAF2-7B60072647CB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1759747925-34736268-1556840103-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2007-12-28 20:28 - 2007-04-05 22:35 - 01543614 _____ () C:\Program Files\iPod Access for Windows\iPAHelper.exe
    2005-09-13 18:27 - 2005-09-13 18:27 - 00061440 _____ () C:\Windows\system32\lxbkcnv4.dll
    2008-12-12 19:11 - 2008-12-12 19:11 - 00148480 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    2008-12-12 19:11 - 2008-12-12 19:11 - 00097280 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
    2012-02-12 14:01 - 2011-04-14 18:01 - 00548854 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    2009-08-05 11:26 - 2009-08-05 11:26 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2009-08-05 11:26 - 2009-08-05 11:26 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    2009-08-05 11:25 - 2009-08-05 11:25 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    2009-08-05 11:26 - 2009-08-05 11:26 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2009-08-05 11:26 - 2009-08-05 11:26 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2009-08-05 11:26 - 2009-08-05 11:26 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2009-08-05 11:26 - 2009-08-05 11:26 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2009-08-05 11:26 - 2009-08-05 11:26 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
    2007-02-16 17:40 - 2007-02-16 17:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
    2007-02-16 17:40 - 2007-02-16 17:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
    2007-08-17 14:28 - 2007-08-17 14:28 - 00061440 _____ () C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Lang\att-en-us\ymetray-att-en-us.dll
    2012-12-26 08:32 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
    2014-06-10 22:00 - 2014-06-10 22:00 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2008-04-04 21:08 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:7838B9E0

    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========


    ==================== Faulty Device Manager Devices =============

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft 6to4 Adapter #16
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft 6to4 Adapter #36
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #4
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #5
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #3
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #7
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #8
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #6
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #10
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #11
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #9
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #13
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft ISATAP Adapter #14
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/14/2014 06:59:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 480
    Start Time: 01cf869a38677d5f
    Termination Time: 3859

    Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 61486952

    Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 61486952

    Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 61485719

    Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 61485719

    Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 61484487

    Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 61484487

    Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (06/14/2014 06:14:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000stisvc

    Error: (06/14/2014 06:13:07 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.1.5 for the Network Card with network address 002197AAEFB7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    Error: (06/14/2014 06:13:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman

    Error: (06/13/2014 04:31:04 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.1.5 for the Network Card with network address 002197AAEFB7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    Error: (06/12/2014 04:39:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Linksys Updater1

    Error: (06/12/2014 04:39:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: MCSTRM%%2

    Error: (06/12/2014 04:39:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Automatic LiveUpdate Scheduler%%2

    Error: (06/12/2014 04:37:16 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.1.6 for the Network Card with network address 002197AAEFB7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    Error: (06/11/2014 04:04:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Linksys Updater1

    Error: (06/11/2014 04:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: MCSTRM%%2


    Microsoft Office Sessions:
    =========================
    Error: (06/14/2014 06:59:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Explorer.EXE6.0.6002.1800548001cf869a38677d5f3859

    Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 61486952

    Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 61486952

    Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 61485719

    Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 61485719

    Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 61484487

    Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 61484487

    Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    CodeIntegrity Errors:
    ===================================
    Date: 2014-06-14 19:04:21.897
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 19:04:20.508
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 19:04:19.120
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 19:04:17.731
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 19:04:16.031
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 19:04:14.658
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 19:04:13.254
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 19:04:11.881
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 19:03:15.954
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 19:03:14.566
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 68%
    Total physical RAM: 1917.64 MB
    Available physical RAM: 609.46 MB
    Total Pagefile: 4085.8 MB
    Available Pagefile: 2017.61 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1913.2 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:326.37 GB) (Free:216.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.98 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 335 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=326 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    #3


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-06-14 19:41:08
    -----------------------------
    19:41:08.576 OS Version: Windows 6.0.6002 Service Pack 2
    19:41:08.576 Number of processors: 2 586 0x6B02
    19:41:08.576 ComputerName: ZOROBEJAR-PC UserName: zorobejar
    19:41:22.494 Initialize success
    20:00:13.504 AVAST engine defs: 14061401
    20:06:00.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000090
    20:06:00.562 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
    20:06:00.766 Disk 0 MBR read successfully
    20:06:00.782 Disk 0 MBR scan
    20:06:00.860 Disk 0 unknown MBR code
    20:06:00.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 334203 MB offset 63
    20:06:00.922 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9193 MB offset 684449325
    20:06:00.953 Disk 0 scanning sectors +703277505
    20:06:01.109 Disk 0 scanning C:\Windows\system32\drivers
    20:06:21.171 Service scanning
    20:07:36.083 Modules scanning
    20:07:59.987 Disk 0 trace - called modules:
    20:08:00.112 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    20:08:00.112 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ccaac8]
    20:08:00.127 3 CLASSPNP.SYS[807318b3] -> nt!IofCallDriver -> [0x8533b970]
    20:08:00.143 5 acpi.sys[806166bc] -> nt!IofCallDriver -> \Device\00000090[0x8536c850]
    20:08:10.882 AVAST engine scan C:\
    09:05:18.114 Scan finished successfully
    09:22:40.375 Disk 0 MBR has been saved successfully to "C:\Users\zorobejar\Desktop\MBR.dat"
    09:22:40.422 The log file has been saved successfully to "C:\Users\zorobejar\Desktop\aswMBR.txt"



    #4

    Farbar Service Scanner Version: 10-06-2014
    Ran by zorobejar (administrator) on 15-06-2014 at 11:44:18
    Running from "C:\Users\zorobejar\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Attempt to access Google.com returned error: Google.com is unreachable
    Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  8. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Hello Luis,

    Before proceeding with the following instructions, I would like you to disable WinPatrol. The programme may interfere with the removal process, which is why I require you to temporarily disable it.

    STEP 1
    [​IMG] WinPatrol (Disable)
    • Open WinPatrol.
    • Click Options.
    • Remove the checkmark next to Automatically run WinPatrol when computer starts.
    • Click the X to close the window.
    • Right-click the dog icon [​IMG] in the system tray.
    • Click Exit Programme.

    ======================================================

    Please consider and carry out the following:

    [​IMG] P2P WARNING

    ------------------------------

    I see you have peer-to-peer (P2P) file sharing software installed on your computer (Azureus Vuze). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

    - Risks of File-Sharing Technology
    - P2P Software User Advisories
    - More malware is traveling on P2P networks these days

    I suggest you remove any trace of file sharing software from your computer. You can uninstall your P2P file sharing software by:
    • Press the Windows Key [​IMG] + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for Azureus Vuze, right-click and click Uninstall one at a time.
    • Please inform if you decide to uninstall your P2P file sharing software. I will script out any remaining entries not removed.
    If you decide against removing your P2P file sharing software, please ensure you refrain from P2P filesharing whilst your computer is being cleaned. Please be aware you may be denied assistance in future if you return with an infected machine having decided against removing your P2P file sharing software.

    ======================================================

    Do you use Yahoo! software?
    I recommend removing the following, which we can do later if you so wish.
    • AT&T Yahoo! Applications
    • AT&T Yahoo! Music Jukebox
    • Yahoo! Search Protection
    • Yahoo! browser extensions, add-ons, searchscopes, etc

    ======================================================

    STEP 2
    [​IMG] VirusTotal Upload
    • Please go to VirusTotal.com.
    • Click Choose File and locate the following file:

      • C:\Users\zorobejar\Desktop\MBR.dat

    • &#8203;Click Scan it!.
    • If you receive the following notification: File already analysed click Reanalyse.
    • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.

    STEP 3
    [​IMG] Batch File
    • Press the Windows Key [​IMG] + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the quotebox below and paste into the Notepad document (do not include the word "Quote").
    • Click Format. Ensure Wordwrap is unchecked.
    • Click File, Save As and name the file query.bat.
    • Select All Files as the Save as type.
    • Save the file to your desktop.
    • Locate query.bat [​IMG] (W8/7/Vista) on your desktop. Right-click the icon and select Run as Administrator.
    • Your computer should reboot. If not, please manually reboot.
    • Please re-run Farbar Service Scanner (FSS) as you did before. Copy the contents of the log and paste in your next reply.

    • Note: You may find certain Apple software (Bonjour) do not function correctly. This software can be reinstalled later.

    ======================================================

    STEP 4
    [​IMG] Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
    • Have you disabled WinPatrol?
    • Have you uninstalled Vuze?
    • Do you use Yahoo! software?
    • VirusTotal result
    • Did the batch file run successfully?
    • FSS.txt
     
  9. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
    Adam,

    I have no idea what the Azures app is. No problem. Will delete all recommended items.

    I use yahoo e-mail. That is the only yahoo app I use. Will any of those items affect Yahoo mail?

    Also, I am getting an error message when trying to un-install Azures

    "No JVM could be found on your system.
    Please define EXE4J_JAVA_HOME
    to point to an installed JDK or JRE or download a JRE from www.java.com

    Thanks
     
  10. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
    Uninstalled yahoo jukebox and Messenger. Did not see the others you mentioned, we can do later as you recommend. no problem. Cant say I use any of them. Other than Yahoo mail as I mentioned.
     
  11. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
    • Have you disabled WinPatrol? Yes.
    • Have you uninstalled Vuze? Could not. See prior response.
    • Do you use Yahoo! software? Yes, uninstalled jukebox and messenger which we dont use, could not find other yahoo softare you mentioned.
    • Stuck at Vuze uninstall
    • VirusTotal result
    • Did the batch file run successfully?
    • FSS.txt
     
  12. LiquidTension

    LiquidTension Malware Specialist

    Joined:
    May 28, 2014
    Messages:
    553
    Hi Luis,

    Do not worry about uninstalling Vuze; we will take care of that later. Please proceed with VirusTotal, and the rest of the instructions.

    Thanks!
     
  13. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
  14. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
    • Have you disabled WinPatrol? Yes.
    • Have you uninstalled Vuze? Could not. See prior response.
    • Do you use Yahoo! software? Yes, uninstalled jukebox and messenger which we dont use, could not find other yahoo softare you mentioned.
    • VirusTotal result: https://www.virustotal.com/en/file/d...is/1403027510/

    • Did the batch file run successfully? Yes, PC re-footed afterwards
    • FSS.txt
    Farbar Service Scanner Version: 10-06-2014
    Ran by zorobejar (administrator) on 17-06-2014 at 13:07:41
    Running from "C:\Users\zorobejar\Desktop"
    Microsoft® Windows Vista&#8482; Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Attempt to access Google.com returned error: Google.com is unreachable
    Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  15. Elbiglou

    Elbiglou Thread Starter

    Joined:
    Jan 31, 2012
    Messages:
    76
    Hey Adam - Thanks for looking at the logs....

    Luis
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1127447

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice