Very Slow, Often get "Failed to load security options" and freezes

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Elbiglou

Thread Starter
Joined
Jan 31, 2012
Messages
76
As of the last week, have been experiencing issues with extreme slowness. Reset Firefox to defaults, did not help. PC slows/freezes, when tried to launch task manager, CTRL-ALT-DEL, get message "Failed to load security options" then screen stays black with only that message. At times never unfreezes. After a hard re-boot, goes straight to recovery mode. I have noticed that there are certain error messages such as failed updates. And also, my security defaults have been "turned off" at least once without my doing......... Yikes! I have done a recovery to previous date, and that has helped, but then it starts all over again.... Certain start up items dont load and then the freeze comes again. And again the "Failed to load security options".....

Here are the logs... I believe i got them all....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:20 AM, on 6/7/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\zorobejar\Downloads\HijackThis(1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...home&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10446 bytes




DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.5.1
Run by zorobejar at 10:56:18 on 2014-06-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.771 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [lxbkbmgr.exe] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{04396276-A3C8-4A37-B1BB-C06D20AB24DD} : DHCPNameServer = 192.168.1.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\zorobejar\appdata\roaming\mozilla\firefox\profiles\o7p9sui8.default-1401420615191\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\1\NP_wtapp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-2-11 210360]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-2-11 44984]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-2-11 34856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 21504]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-26 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-26 860472]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104264]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\OAcat.exe [2012-2-11 584864]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\OAsrv.exe [2012-2-11 4457688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-11 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-26 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-26 51928]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2012-2-11 31760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-9-5 19456]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-11 27192]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
2014-06-06 23:36:57 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{716ed0a9-deb9-4f7e-a10f-8a1f166319f4}\mpengine.dll
2014-06-06 04:52:53 -------- d-----w- c:\windows\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP
2014-06-06 04:46:42 -------- d-----w- c:\windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP
2014-06-05 17:56:22 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-06-05 16:34:51 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f38dbff-9ed8-496c-aec2-333ac86aeeca}\gapaengine.dll
2014-06-03 05:14:57 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(7)
2014-06-03 04:33:07 -------- d-----w- c:\users\zorobejar\appdata\local\HP
2014-05-31 02:40:26 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-26 21:25:06 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-26 21:10:17 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-26 21:10:16 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-26 21:10:14 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-16 04:27:05 -------- d-----w- c:\users\zorobejar\appdata\roaming\SanDisk SecureAccess
2014-05-14 10:04:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-10 17:53:50 1266800 ----a-w- c:\program files\mozilla firefox\icuin52.dll
2014-05-10 17:53:50 10594416 ----a-w- c:\program files\mozilla firefox\icudt52.dll
2014-05-10 17:53:49 965232 ----a-w- c:\program files\mozilla firefox\icuuc52.dll
.
==================== Find3M ====================
.
2014-05-14 05:06:31 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 05:06:31 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 05:06:05 17938608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-05-12 14:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-11 16:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
============= FINISH: 11:00:07.19 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista&#8482; Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/31/2007 2:53:27 AM
System Uptime: 6/7/2014 10:18:11 AM (1 hours ago)
.
Motherboard: ECS | | Nettle3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 1000/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 326 GiB total, 216.884 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.257 GiB free.
E: is CDROM ()
F: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0029
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #16
PNP Device ID: ROOT\*6TO4MP\0029
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0050
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #36
PNP Device ID: ROOT\*6TO4MP\0050
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #5
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #7
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #8
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0007
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #6
PNP Device ID: ROOT\*ISATAP\0007
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0008
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #10
PNP Device ID: ROOT\*ISATAP\0008
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0009
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #11
PNP Device ID: ROOT\*ISATAP\0009
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0010
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #9
PNP Device ID: ROOT\*ISATAP\0010
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0011
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #13
PNP Device ID: ROOT\*ISATAP\0011
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0013
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #14
PNP Device ID: ROOT\*ISATAP\0013
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.10)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Applications
AT&T Yahoo! Music Jukebox
ATT-AACE
Avery Wizard 3.1
Azureus Vuze
Bonjour
Compatibility Pack for the 2007 Office system
Enhanced Multimedia Keyboard Solution
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Update
iCloud
iPod Access for Windows v4.1.3
iPod for Windows 2005-10-12
iTunes
Java 7 Update 17
Java Auto Updater
JavaFX 2.1.1
Lexmark X1100 Series
LG USB Modem driver
LightScribe 1.8.15.1
Linksys EasyLink Advisor
LiveUpdate Notice (Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mobile Broadband Generic Drivers
MobileMe Control Panel
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Norton Security Scan
NVIDIA Drivers
Online Armor 5.5
PCLinq2 High-Speed USB Bridge Cable
PL-2303 USB-to-Serial
PSSWCORE
Pure Networks Platform
Python 2.5
QuickTime 7
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.7
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Soft Data Fax Modem with SmartCP
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Installer for WildTangent Games App
Veetle TV 0.9.18
VideoToolkit01
VoiceOver Kit
VZAccess Manager
WeatherBug Gadget
WebEx Support Manager for Internet Explorer
WildTangent Games App (HP Games)
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
WinPatrol
WinRAR archiver
WOT for Internet Explorer
Yahoo! Search Protection
.
==== End Of File ===========================




GMER 2.1.19357 - http://www.gmer.net
Rootkit quick scan 2014-06-07 11:47:20
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000091 ST336032 rev.3.CH 335.35GB
Running: r4muw9rc.exe; Driver: C:\Users\ZOROBE~1\AppData\Local\Temp\kxlyruog.sys


---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Devices - GMER 2.1 ----

Device \Driver\tdx \Device\Ip OAmon.sys
Device \Driver\tdx \Device\Tcp OAmon.sys
Device \Driver\tdx \Device\Udp OAmon.sys
Device \Driver\tdx \Device\RawIp OAmon.sys

---- EOF - GMER 2.1 ----
 

LiquidTension

Malware Specialist
Joined
May 28, 2014
Messages
553
Hello Elbiglou, welcome to Tech Support Guy's Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)

======================================================

Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.
  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Ensure you are subscribed to this topic to receive instant email notifications of my responses.
  • Please attempt to backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • While I'm in training, it's important that threads move along in a timely manner so as not to hinder my progress. Therefore, if no response is made within 5 days, I will have to unsubscribe from your thread and move on to helping others. Please inform me if you will require additional time to complete my instructions.
======================================================

Please be advised that I am currently in training at WhattheTech.com. My responses will need to be approved by a teaching expert at WhattheTech.com before I post in order to ensure you are receiving accurate instructions. I will return as soon as possible.
 

LiquidTension

Malware Specialist
Joined
May 28, 2014
Messages
553
Hello Elbiglou,

Please carry out the following scans and post the logs generated.

STEP 1
Farbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool (x32) and save the file to your desktop.
  • Right-Click FRST.exe and select
    Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.

STEP 2
aswMBR
  • Please download aswMBR and save the file to your desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click aswMBR.exe and select
    Run as administrator to run the programme.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
Note: Do NOT attempt to click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.


STEP 3
Farbar Service Scanner (FSS)
  • Please download FSS and save the file to your desktop.
  • Right-Click FSS.exe and select
    Run as administrator to run the programme.
  • Ensure the following items are checked:

    • .
    • .
    • .
    • .
    • .
    • .

  • Click
    .
  • A log (FSS.txt) will be created on your desktop. Copy the contents of the log and paste in your next reply.

======================================================

STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • FRST.txt
  • Addition.txt
  • aswMBR log
  • FSS.txt
 

Elbiglou

Thread Starter
Joined
Jan 31, 2012
Messages
76
Thank you. I will try to do this tonight. What time zone are you in? Just wondering. If I cannot get to this tonight, i will tomorrow or at the latest Sunday morning.

Thank you again
 

LiquidTension

Malware Specialist
Joined
May 28, 2014
Messages
553
Hi Elbiglou,

My time zone is currently GMT+1. There is no rush to complete the instructions; please do not feel pressurised. :) I only request you inform me if you require longer than 3 days to complete the instructions.
 

Elbiglou

Thread Starter
Joined
Jan 31, 2012
Messages
76
Hello Adam - Here are the requested logs.... You can call me Luis by the way. Thanks. Hope to hear from you soon. Thanks!

#1


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by zorobejar (administrator) on ZOROBEJAR-PC on 14-06-2014 19:02:37
Running from C:\Users\zorobejar\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\iPod Access for Windows\iPAHelper.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAhlp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [74672 2007-04-26] (Lexmark International, Inc.)
HKLM\...\Run: [Symantec PIF AlertEng] => C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13539872 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296096 2012-09-19] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [400480 2012-01-30] (BillP Studios)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [451872 2007-07-18] (Hewlett-Packard Company)
HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1759747925-34736268-1556840103-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
ShortcutTarget: ymetray.lnk -> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...home&locale=EN_US&c=74&bd=Pavilion&pf=desktop
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {F630738B-7FF4-4E20-896C-ED4D6307FEFF} URL =
SearchScopes: HKLM - {08509951-78FA-4720-BEA4-40B3602B8662} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {4A08F7A6-2B0E-4C55-A31A-193FD6A9EE18} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKCU - DefaultScope {F630738B-7FF4-4E20-896C-ED4D6307FEFF} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {08509951-78FA-4720-BEA4-40B3602B8662} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {4A08F7A6-2B0E-4C55-A31A-193FD6A9EE18} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKCU - {5AEBC260-3257-4C0E-9E7B-9D48D15135BB} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {6F217834-7CF7-474A-85DF-2027B3CA1332} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {F630738B-7FF4-4E20-896C-ED4D6307FEFF} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [223232] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\zorobejar\AppData\Roaming\Mozilla\Firefox\Profiles\o7p9sui8.default-1401420615191
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://att.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKCU: @real.com/RhapsodyPlayerEngine - C:\Users\zorobejar\AppData\Roaming\nprhapengine.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Yahoo! Toolbar - C:\Users\zorobejar\AppData\Roaming\Mozilla\Firefox\Profiles\o7p9sui8.default-1401420615191\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-19]

========================== Services (Whitelisted) =================

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iPAHelper.exe; C:\Program Files\iPod Access for Windows\iPAHelper.exe [1543614 2007-04-05] () [File not signed]
S2 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537520 2007-04-26] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-11-28] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2007-09-05] (LeapFrog) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [19712 2007-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [18304 2007-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [20480 2008-07-07] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174336 2008-05-09] (Novatel Wireless Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [32408 2009-03-20] (Smith Micro Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MCSTRM; No ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 19:02 - 2014-06-14 19:03 - 00021989 _____ () C:\Users\zorobejar\Desktop\FRST.txt
2014-06-14 19:02 - 2014-06-14 19:02 - 00000000 ____D () C:\FRST
2014-06-14 18:58 - 2014-06-14 18:58 - 01073152 _____ (Farbar) C:\Users\zorobejar\Desktop\FRST.exe
2014-06-11 16:49 - 2014-05-28 09:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 16:49 - 2014-05-28 09:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 16:49 - 2014-05-28 09:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 16:49 - 2014-05-28 09:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 16:49 - 2014-05-28 09:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 16:49 - 2014-05-28 09:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 16:49 - 2014-05-28 09:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 16:49 - 2014-05-28 09:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 16:49 - 2014-05-28 09:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 16:49 - 2014-05-28 09:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 16:49 - 2014-05-28 09:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 16:49 - 2014-05-28 09:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 16:49 - 2014-05-28 09:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 16:48 - 2014-05-28 09:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 16:48 - 2014-05-28 09:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 16:48 - 2014-05-28 09:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 16:48 - 2014-05-28 09:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 16:48 - 2014-05-28 09:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 16:48 - 2014-05-28 09:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 16:48 - 2014-05-28 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 16:48 - 2014-05-28 09:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 22:00 - 2014-06-10 22:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-10 21:54 - 2014-04-26 09:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 21:53 - 2014-04-04 20:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 21:53 - 2014-04-04 18:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-06-10 21:53 - 2014-03-09 18:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 21:53 - 2014-03-09 18:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-07 21:34 - 2014-06-08 17:58 - 00147456 _____ () C:\Users\zorobejar\Documents\Journeys Project.ppt
2014-06-07 12:19 - 2014-06-07 12:19 - 00000602 _____ () C:\Users\zorobejar\Desktop\ark.txt
2014-06-07 11:44 - 2014-06-07 11:44 - 00380416 _____ () C:\Users\zorobejar\Desktop\r4muw9rc.exe
2014-06-07 11:05 - 2014-06-07 11:05 - 00380416 _____ () C:\Users\zorobejar\Downloads\cti0wltx.exe
2014-06-07 11:03 - 2014-06-07 11:03 - 00007853 _____ () C:\Users\zorobejar\Desktop\attach.txt
2014-06-07 11:03 - 2014-06-07 11:00 - 00015912 _____ () C:\Users\zorobejar\Desktop\dds.txt
2014-06-07 10:55 - 2014-06-07 10:55 - 00688992 ____R (Swearware) C:\Users\zorobejar\Desktop\dds.scr
2014-06-07 10:51 - 2014-06-07 10:51 - 00010448 _____ () C:\Users\zorobejar\Desktop\hijackthis.log
2014-06-07 10:48 - 2014-06-07 10:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\zorobejar\Downloads\HijackThis(2).exe
2014-06-07 10:47 - 2014-06-07 10:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\zorobejar\Downloads\HijackThis(1).exe
2014-06-06 20:50 - 2014-06-06 20:50 - 00000000 ____D () C:\Users\Different User\AppData\Local\VS Revo Group
2014-06-06 20:30 - 2014-06-06 20:30 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Adobe
2014-06-06 20:30 - 2014-06-06 20:30 - 00000000 ____D () C:\Users\Different User\AppData\Local\Macromedia
2014-06-06 20:29 - 2014-06-06 20:29 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Mozilla
2014-06-06 20:29 - 2014-06-06 20:29 - 00000000 ____D () C:\Users\Different User\AppData\Local\Mozilla
2014-06-06 20:00 - 2014-06-06 20:00 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\WinPatrol
2014-06-06 19:59 - 2014-06-06 19:59 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Yahoo!
2014-06-06 19:59 - 2014-06-06 19:59 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Hewlett-Packard
2014-06-06 19:58 - 2014-06-06 19:58 - 00000000 ____D () C:\Users\Different User\AppData\Local\Hewlett-Packard
2014-06-06 19:56 - 2014-06-06 19:56 - 00106752 _____ () C:\Users\Different User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Real
2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\OnlineArmor
2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Apple Computer
2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Local\Apple Computer
2014-06-06 19:55 - 2014-06-06 20:15 - 00000946 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-06 19:55 - 2014-06-06 19:55 - 00000951 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-06 19:54 - 2014-06-06 19:54 - 00000917 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-06 19:52 - 2014-06-06 20:45 - 00000000 ____D () C:\Users\Different User\AppData\Local\temp
2014-06-06 19:52 - 2014-06-06 19:52 - 00000020 ___SH () C:\Users\Different User\ntuser.ini
2014-06-06 19:52 - 2011-09-24 16:32 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Macromedia
2014-06-06 19:52 - 2008-06-24 21:14 - 00000000 ___RD () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-06 19:52 - 2008-06-24 21:14 - 00000000 ___RD () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-06 19:51 - 2014-06-06 19:51 - 00000000 ____D () C:\Users\Different User\AppData\Local\VirtualStore
2014-06-05 21:52 - 2014-06-05 21:53 - 00000000 ____D () C:\Windows\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP
2014-06-05 21:46 - 2014-06-05 21:50 - 00000000 ____D () C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP
2014-06-05 14:02 - 2014-06-05 14:02 - 00464384 _____ () C:\Users\zorobejar\Documents\President Lincoln.ppt
2014-06-04 20:58 - 2014-06-10 20:33 - 00042892 _____ () C:\Users\zorobejar\Desktop\AreaPlayoffs.Game.Ref Schedule.xlsx
2014-06-02 22:14 - 2014-06-02 22:15 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(7)
2014-06-02 21:33 - 2014-06-02 21:33 - 00000000 ____D () C:\Users\zorobejar\AppData\Local\HP
2014-05-30 19:42 - 2014-06-03 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-30 19:42 - 2014-05-30 19:42 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-30 19:40 - 2014-06-03 18:33 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-29 20:30 - 2014-05-29 20:30 - 00000000 ____D () C:\Users\zorobejar\Desktop\Old Firefox Data
2014-05-28 22:12 - 2014-05-28 22:18 - 00042598 _____ () C:\Users\zorobejar\Desktop\RanchoCucamonga.Game.Ref Schedule.xlsx
2014-05-28 21:53 - 2014-05-28 22:11 - 00042816 _____ () C:\Users\zorobejar\Desktop\Riverside.Game.Ref Schedule.xlsx
2014-05-27 19:19 - 2014-05-27 19:19 - 00042893 _____ () C:\Users\zorobejar\Desktop\Fox.N.Hare.Game.Schedule.xlsx
2014-05-26 14:25 - 2014-06-13 20:23 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 14:11 - 2014-05-26 14:11 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 14:11 - 2014-05-26 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 14:10 - 2014-05-26 14:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 14:10 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 14:10 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-23 07:39 - 2014-05-28 21:48 - 00042751 _____ () C:\Users\zorobejar\Desktop\Cypress.Game.Ref Schedule.xlsx
2014-05-15 21:27 - 2014-05-15 21:27 - 00000000 ____D () C:\Users\zorobejar\AppData\Roaming\SanDisk SecureAccess

==================== One Month Modified Files and Folders =======

2014-06-14 19:04 - 2012-09-26 18:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 19:03 - 2014-06-14 19:02 - 00021989 _____ () C:\Users\zorobejar\Desktop\FRST.txt
2014-06-14 19:03 - 2012-02-08 19:35 - 00000000 ____D () C:\Users\zorobejar\AppData\Local\temp
2014-06-14 19:02 - 2014-06-14 19:02 - 00000000 ____D () C:\FRST
2014-06-14 18:58 - 2014-06-14 18:58 - 01073152 _____ (Farbar) C:\Users\zorobejar\Desktop\FRST.exe
2014-06-14 18:53 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\tracing
2014-06-14 18:45 - 2007-10-31 02:52 - 01074806 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 18:23 - 2006-11-02 05:47 - 00005728 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 18:23 - 2006-11-02 05:47 - 00005728 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 20:23 - 2014-05-26 14:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 19:05 - 2011-07-16 09:17 - 00000000 ____D () C:\Users\zorobejar\AppData\Roaming\HpUpdate
2014-06-12 16:37 - 2009-04-25 15:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-06-12 16:37 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 16:36 - 2014-04-22 20:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-11 22:07 - 2006-11-02 06:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-10 23:10 - 2013-07-28 18:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-10 22:07 - 2006-11-02 03:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-10 22:01 - 2014-06-10 22:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-10 20:33 - 2014-06-04 20:58 - 00042892 _____ () C:\Users\zorobejar\Desktop\AreaPlayoffs.Game.Ref Schedule.xlsx
2014-06-08 19:30 - 2007-12-25 14:14 - 00000946 _____ () C:\Users\zorobejar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-08 19:23 - 2006-11-02 03:33 - 00768350 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 17:58 - 2014-06-07 21:34 - 00147456 _____ () C:\Users\zorobejar\Documents\Journeys Project.ppt
2014-06-08 17:44 - 2008-09-01 21:33 - 00000000 ____D () C:\temp
2014-06-07 12:19 - 2014-06-07 12:19 - 00000602 _____ () C:\Users\zorobejar\Desktop\ark.txt
2014-06-07 11:44 - 2014-06-07 11:44 - 00380416 _____ () C:\Users\zorobejar\Desktop\r4muw9rc.exe
2014-06-07 11:05 - 2014-06-07 11:05 - 00380416 _____ () C:\Users\zorobejar\Downloads\cti0wltx.exe
2014-06-07 11:03 - 2014-06-07 11:03 - 00007853 _____ () C:\Users\zorobejar\Desktop\attach.txt
2014-06-07 11:00 - 2014-06-07 11:03 - 00015912 _____ () C:\Users\zorobejar\Desktop\dds.txt
2014-06-07 10:55 - 2014-06-07 10:55 - 00688992 ____R (Swearware) C:\Users\zorobejar\Desktop\dds.scr
2014-06-07 10:51 - 2014-06-07 10:51 - 00010448 _____ () C:\Users\zorobejar\Desktop\hijackthis.log
2014-06-07 10:48 - 2014-06-07 10:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\zorobejar\Downloads\HijackThis(2).exe
2014-06-07 10:47 - 2014-06-07 10:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\zorobejar\Downloads\HijackThis(1).exe
2014-06-07 09:48 - 2007-10-20 05:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-06 20:50 - 2014-06-06 20:50 - 00000000 ____D () C:\Users\Different User\AppData\Local\VS Revo Group
2014-06-06 20:45 - 2014-06-06 19:52 - 00000000 ____D () C:\Users\Different User\AppData\Local\temp
2014-06-06 20:42 - 2008-07-14 20:59 - 00000376 _____ () C:\Windows\ODBC.INI
2014-06-06 20:30 - 2014-06-06 20:30 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Adobe
2014-06-06 20:30 - 2014-06-06 20:30 - 00000000 ____D () C:\Users\Different User\AppData\Local\Macromedia
2014-06-06 20:29 - 2014-06-06 20:29 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Mozilla
2014-06-06 20:29 - 2014-06-06 20:29 - 00000000 ____D () C:\Users\Different User\AppData\Local\Mozilla
2014-06-06 20:15 - 2014-06-06 19:55 - 00000946 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-06 20:00 - 2014-06-06 20:00 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\WinPatrol
2014-06-06 19:59 - 2014-06-06 19:59 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Yahoo!
2014-06-06 19:59 - 2014-06-06 19:59 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Hewlett-Packard
2014-06-06 19:58 - 2014-06-06 19:58 - 00000000 ____D () C:\Users\Different User\AppData\Local\Hewlett-Packard
2014-06-06 19:57 - 2007-12-26 08:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-06 19:56 - 2014-06-06 19:56 - 00106752 _____ () C:\Users\Different User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Real
2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\OnlineArmor
2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Roaming\Apple Computer
2014-06-06 19:56 - 2014-06-06 19:56 - 00000000 ____D () C:\Users\Different User\AppData\Local\Apple Computer
2014-06-06 19:55 - 2014-06-06 19:55 - 00000951 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-06 19:54 - 2014-06-06 19:54 - 00000917 _____ () C:\Users\Different User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-06 19:52 - 2014-06-06 19:52 - 00000020 ___SH () C:\Users\Different User\ntuser.ini
2014-06-06 19:51 - 2014-06-06 19:51 - 00000000 ____D () C:\Users\Different User\AppData\Local\VirtualStore
2014-06-06 19:40 - 2011-12-03 10:57 - 00001356 _____ () C:\Users\zorobejar\AppData\Local\d3d9caps.dat
2014-06-05 21:57 - 2007-10-20 05:33 - 00000000 ____D () C:\Program Files\Snapfish Picture Mover
2014-06-05 21:53 - 2014-06-05 21:52 - 00000000 ____D () C:\Windows\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP
2014-06-05 21:53 - 2007-12-27 18:30 - 00000000 ____D () C:\Program Files\LeapFrog
2014-06-05 21:50 - 2014-06-05 21:46 - 00000000 ____D () C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP
2014-06-05 21:46 - 2007-10-20 05:23 - 00001586 _____ () C:\ProgramData\hpzinstall.log
2014-06-05 14:02 - 2014-06-05 14:02 - 00464384 _____ () C:\Users\zorobejar\Documents\President Lincoln.ppt
2014-06-03 20:20 - 2011-09-26 19:22 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-03 20:20 - 2008-03-25 19:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-03 18:35 - 2007-12-25 14:03 - 00000000 ____D () C:\Users\zorobejar
2014-06-03 18:35 - 2007-10-20 05:42 - 00000000 ____D () C:\ProgramData\Symantec
2014-06-03 18:34 - 2007-12-28 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPod Access for Windows
2014-06-03 18:34 - 2006-11-02 03:22 - 58720256 _____ () C:\Windows\system32\config\software_previous
2014-06-03 18:34 - 2006-11-02 03:22 - 41418752 _____ () C:\Windows\system32\config\components_previous
2014-06-03 18:34 - 2006-11-02 03:22 - 28311552 _____ () C:\Windows\system32\config\system_previous
2014-06-03 18:34 - 2006-11-02 03:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-06-03 18:34 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-06-03 18:34 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-06-03 18:33 - 2014-05-30 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-03 18:33 - 2014-05-30 19:40 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-03 18:33 - 2012-03-15 16:08 - 00000000 ____D () C:\Program Files\LG Electronics
2014-06-03 18:33 - 2012-02-12 14:07 - 00000000 ____D () C:\Program Files\WOT
2014-06-03 18:33 - 2011-12-04 06:53 - 00000000 ____D () C:\Program Files\Verizon Wireless
2014-06-03 18:33 - 2011-10-23 00:05 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-03 18:33 - 2009-11-26 17:21 - 00000000 ____D () C:\ProgramData\Real
2014-06-03 18:33 - 2009-07-22 18:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-06-03 18:33 - 2009-07-22 18:03 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-06-03 18:33 - 2009-07-22 18:03 - 00000000 ____D () C:\ProgramData\Norton
2014-06-03 18:33 - 2008-07-06 14:16 - 00000000 ____D () C:\Program Files\Norton Security Scan
2014-06-03 18:33 - 2008-02-14 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate Notice
2014-06-03 18:33 - 2008-02-03 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-03 18:33 - 2007-12-28 20:28 - 00000000 ____D () C:\ProgramData\Findley Designs
2014-06-03 18:33 - 2007-12-28 20:28 - 00000000 ____D () C:\Program Files\iPod Access for Windows
2014-06-03 18:33 - 2007-10-20 05:42 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-03 18:33 - 2007-10-20 05:24 - 00000000 ____D () C:\Program Files\Roxio
2014-06-03 18:33 - 2007-10-20 05:24 - 00000000 ____D () C:\Program Files\Common Files\SureThing Shared
2014-06-03 18:33 - 2007-10-20 05:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2014-06-03 18:33 - 2007-10-20 05:23 - 00000000 ____D () C:\ProgramData\HP
2014-06-03 18:33 - 2007-10-20 05:23 - 00000000 ____D () C:\Program Files\Common Files\HP
2014-06-03 18:33 - 2007-10-20 05:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-03 18:33 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\spool
2014-06-03 18:33 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-06-03 18:33 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration
2014-06-03 16:41 - 2007-10-20 05:17 - 00446780 _____ () C:\Windows\PFRO.log
2014-06-02 22:15 - 2014-06-02 22:14 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(7)
2014-06-02 21:58 - 2007-12-27 18:43 - 00020774 _____ () C:\Windows\DPINST.LOG
2014-06-02 21:33 - 2014-06-02 21:33 - 00000000 ____D () C:\Users\zorobejar\AppData\Local\HP
2014-05-30 19:42 - 2014-05-30 19:42 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-30 19:42 - 2008-12-01 22:31 - 00000000 ____D () C:\Program Files\iTunes
2014-05-30 19:40 - 2008-01-14 22:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-30 19:40 - 2007-12-25 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-05-29 20:30 - 2014-05-29 20:30 - 00000000 ____D () C:\Users\zorobejar\Desktop\Old Firefox Data
2014-05-28 22:18 - 2014-05-28 22:12 - 00042598 _____ () C:\Users\zorobejar\Desktop\RanchoCucamonga.Game.Ref Schedule.xlsx
2014-05-28 22:11 - 2014-05-28 21:53 - 00042816 _____ () C:\Users\zorobejar\Desktop\Riverside.Game.Ref Schedule.xlsx
2014-05-28 21:51 - 2014-03-09 20:37 - 00168960 _____ () C:\Users\zorobejar\Desktop\Area schedule.xls
2014-05-28 21:48 - 2014-05-23 07:39 - 00042751 _____ () C:\Users\zorobejar\Desktop\Cypress.Game.Ref Schedule.xlsx
2014-05-28 21:47 - 2014-05-13 20:27 - 00043178 _____ () C:\Users\zorobejar\Desktop\Game.Ref Schedule QH.xlsx
2014-05-28 09:48 - 2014-06-11 16:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 09:39 - 2014-06-11 16:49 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 09:38 - 2014-06-11 16:48 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 09:33 - 2014-06-11 16:49 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 09:32 - 2014-06-11 16:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 09:32 - 2014-06-11 16:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 09:31 - 2014-06-11 16:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 09:31 - 2014-06-11 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 09:30 - 2014-06-11 16:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 09:30 - 2014-06-11 16:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 09:30 - 2014-06-11 16:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 09:30 - 2014-06-11 16:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 09:30 - 2014-06-11 16:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 09:30 - 2014-06-11 16:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 09:30 - 2014-06-11 16:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 09:29 - 2014-06-11 16:49 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 09:29 - 2014-06-11 16:49 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 09:29 - 2014-06-11 16:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 09:29 - 2014-06-11 16:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 09:29 - 2014-06-11 16:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 09:28 - 2014-06-11 16:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-27 19:19 - 2014-05-27 19:19 - 00042893 _____ () C:\Users\zorobejar\Desktop\Fox.N.Hare.Game.Schedule.xlsx
2014-05-26 14:11 - 2014-05-26 14:11 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-26 14:11 - 2014-05-26 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-26 14:11 - 2012-02-11 16:52 - 00000000 ____D () C:\Users\zorobejar\AppData\Roaming\Malwarebytes
2014-05-26 14:10 - 2014-05-26 14:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-26 14:10 - 2012-02-11 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 14:10 - 2012-02-11 16:52 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-15 21:27 - 2014-05-15 21:27 - 00000000 ____D () C:\Users\zorobejar\AppData\Roaming\SanDisk SecureAccess
2014-05-15 21:25 - 2014-04-28 16:19 - 00000795 _____ () C:\Windows\setupact.log
2014-05-15 18:28 - 2014-05-14 16:11 - 00857088 _____ () C:\Users\zorobejar\Documents\UC San Diego-Home of the tritons.ppt

Some content of TEMP:
====================
C:\Users\Different User\AppData\Local\temp\rtdrvmon.exe
C:\Users\zorobejar\AppData\Local\temp\rtdrvmon.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 16:42

==================== End Of Log ============================


#2



Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02
Ran by zorobejar at 2014-06-14 19:04:56
Running from C:\Users\zorobejar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Yahoo! Applications (HKLM\...\Yahoo! Applications) (Version: - AT&T Yahoo!)
AT&T Yahoo! Music Jukebox (Version: 2.2.1.037 - Yahoo!) Hidden
ATT-AACE (HKLM\...\ATT-AACE) (Version: - )
Avery Wizard 3.1 (HKLM\...\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}) (Version: 3.1.5 - Avery)
Azureus Vuze (HKLM\...\Azureus Vuze) (Version: - Azureus, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4558.05 - PC-Doctor, Inc.)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.64.0 - HP) Hidden
HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 2.1.0 - Hewlett-Packard) Hidden
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.2.0.2296 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.2.0.2304 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iPod Access for Windows v4.1.3 (HKLM\...\iPod Access for Windows_is1) (Version: - Findley Designs)
iPod for Windows 2005-10-12 (HKLM\...\InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}) (Version: 4.3.0 - Apple Computer, Inc.)
iPod for Windows 2005-10-12 (Version: 4.3.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.)
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
LightScribe 1.8.15.1 (Version: 1.8.15.1 - http://www.lightscribe.com) Hidden
Linksys EasyLink Advisor (HKLM\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems)
Linksys EasyLink Advisor (Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM\...\Mobile Broadband Generic Drivers) (Version: 2.02.11.001.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (Version: 2.02.11.001.14 - Novatel Wireless) Hidden
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1804 - WildTangent)
Norton Security Scan (HKLM\...\NSS) (Version: 2.3.0.44 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Online Armor 5.5 (HKLM\...\OnlineArmor_is1) (Version: 5.5 - Emsi Software GmbH)
PCLinq2 High-Speed USB Bridge Cable (HKLM\...\{95381165-5D16-4CD4-9162-57799A3F3AB5}) (Version: - )
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Pure Networks Platform (Version: 11.1.9051.0 - Pure Networks) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.572 - Roxio)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
VZAccess Manager (HKLM\...\{7641FD7D-E94E-424E-A95C-0593C84DC0C0}) (Version: 7.0.1.8 - Smith Micro Software Inc.)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WildTangent Games App (HP Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.12 - WildTangent)
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6) (HKLM\...\8F1A19F8168CB0908127999D4F53773EAF35C31E) (Version: 06/15/2007 1.0.0.6 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
WinPatrol (HKLM\...\{007811BF-E310-4285-BFC6-55DB29B3EDDE}) (Version: 24.1.2012 - BillP Studios)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version: - ) <==== ATTENTION

==================== Restore Points =========================

14-05-2014 10:00:56 Windows Update
16-05-2014 01:57:51 Scheduled Checkpoint
19-05-2014 03:49:57 Windows Update
20-05-2014 00:50:50 Scheduled Checkpoint
21-05-2014 02:10:13 Scheduled Checkpoint
22-05-2014 00:45:23 Scheduled Checkpoint
22-05-2014 15:55:23 Windows Update
23-05-2014 15:44:12 Scheduled Checkpoint
24-05-2014 17:03:21 Scheduled Checkpoint
26-05-2014 04:33:54 Windows Update
27-05-2014 16:15:09 Scheduled Checkpoint
30-05-2014 01:01:30 Windows Update
31-05-2014 04:18:33 Scheduled Checkpoint
01-06-2014 07:00:21 Scheduled Checkpoint
02-06-2014 23:22:49 Windows Update
03-06-2014 03:32:27 Windows Update
03-06-2014 04:43:32 Removed LG USB Modem driver
03-06-2014 04:51:17 Removed VZAccess Manager.
03-06-2014 04:59:16 Removed Snapfish Picture Mover
03-06-2014 05:07:49 Removed WOT for Internet Explorer
03-06-2014 05:08:38 Removed WOT for Internet Explorer
03-06-2014 05:18:51 Removed LiveUpdate Notice (Symantec Corporation)
04-06-2014 02:05:45 Windows Update
05-06-2014 17:15:16 Scheduled Checkpoint
06-06-2014 04:56:16 Removed Snapfish Picture Mover
06-06-2014 04:58:51 Removed VZAccess Manager.
07-06-2014 04:52:07 Scheduled Checkpoint
07-06-2014 21:19:31 Scheduled Checkpoint
08-06-2014 00:30:30 Windows Update
09-06-2014 07:00:27 Scheduled Checkpoint
10-06-2014 03:51:59 Scheduled Checkpoint
11-06-2014 05:04:55 Windows Update
12-06-2014 04:42:58 Scheduled Checkpoint
12-06-2014 05:04:25 Windows Update
13-06-2014 01:56:10 Scheduled Checkpoint
14-06-2014 04:15:25 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 03:23 - 2012-02-08 19:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E2BD2D7-6D17-4E33-99BB-040B28E8E059} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1759747925-34736268-1556840103-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5229179F-BE62-4526-83B6-38A835DF0FB4} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe
Task: {52720035-204E-4A6F-B856-72392ADFEAEE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9B1D45F9-4587-4EBE-B1F0-0900A1834538} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9F807809-A120-40ED-84B6-0E8497EC751F} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {A04D04F4-1342-42CE-936E-EE76832A6348} - System32\Tasks\Microsoft\Windows\RestartManager\{1697B477-605B-4ba7-A610-53F8C4D4E5BD} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {AAAC8BCA-AF34-4A33-9963-A7546D3EC34B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {CE0AC70A-DC13-4D84-9B45-10D5379A45B9} - System32\Tasks\JavaUpdateDifferent User => C:\Windows\system32\jusched.exe
Task: {DD8B7A8D-1831-48C4-9810-20C43A94DD1A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E447C2C8-2DE4-47BD-A9E0-DA5F1A966B3B} - System32\Tasks\JavaUpdatezorobejar => C:\Windows\system32\jusched.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EF50AA3F-DE37-4AC9-AAF2-7B60072647CB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1759747925-34736268-1556840103-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-12-28 20:28 - 2007-04-05 22:35 - 01543614 _____ () C:\Program Files\iPod Access for Windows\iPAHelper.exe
2005-09-13 18:27 - 2005-09-13 18:27 - 00061440 _____ () C:\Windows\system32\lxbkcnv4.dll
2008-12-12 19:11 - 2008-12-12 19:11 - 00148480 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 19:11 - 2008-12-12 19:11 - 00097280 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2012-02-12 14:01 - 2011-04-14 18:01 - 00548854 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-08-05 11:25 - 2009-08-05 11:25 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2007-02-16 17:40 - 2007-02-16 17:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 17:40 - 2007-02-16 17:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-08-17 14:28 - 2007-08-17 14:28 - 00061440 _____ () C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Lang\att-en-us\ymetray-att-en-us.dll
2012-12-26 08:32 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2014-06-10 22:00 - 2014-06-10 22:00 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2008-04-04 21:08 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:7838B9E0

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #16
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #36
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #7
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #8
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #6
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #10
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #11
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #9
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #13
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #14
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2014 06:59:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 480
Start Time: 01cf869a38677d5f
Termination Time: 3859

Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61486952

Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61486952

Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61485719

Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61485719

Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61484487

Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61484487

Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/14/2014 06:14:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc

Error: (06/14/2014 06:13:07 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.5 for the Network Card with network address 002197AAEFB7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/14/2014 06:13:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (06/13/2014 04:31:04 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.5 for the Network Card with network address 002197AAEFB7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/12/2014 04:39:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Linksys Updater1

Error: (06/12/2014 04:39:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MCSTRM%%2

Error: (06/12/2014 04:39:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Automatic LiveUpdate Scheduler%%2

Error: (06/12/2014 04:37:16 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 002197AAEFB7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/11/2014 04:04:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Linksys Updater1

Error: (06/11/2014 04:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MCSTRM%%2


Microsoft Office Sessions:
=========================
Error: (06/14/2014 06:59:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.0.6002.1800548001cf869a38677d5f3859

Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61486952

Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61486952

Error: (06/14/2014 06:13:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61485719

Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61485719

Error: (06/14/2014 06:13:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61484487

Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61484487

Error: (06/14/2014 06:13:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2014-06-14 19:04:21.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-14 19:04:20.508
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-14 19:04:19.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-14 19:04:17.731
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-14 19:04:16.031
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-14 19:04:14.658
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-14 19:04:13.254
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-14 19:04:11.881
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-14 19:03:15.954
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-06-14 19:03:14.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 1917.64 MB
Available physical RAM: 609.46 MB
Total Pagefile: 4085.8 MB
Available Pagefile: 2017.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.2 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:326.37 GB) (Free:216.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.98 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 335 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=326 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#3


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-14 19:41:08
-----------------------------
19:41:08.576 OS Version: Windows 6.0.6002 Service Pack 2
19:41:08.576 Number of processors: 2 586 0x6B02
19:41:08.576 ComputerName: ZOROBEJAR-PC UserName: zorobejar
19:41:22.494 Initialize success
20:00:13.504 AVAST engine defs: 14061401
20:06:00.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000090
20:06:00.562 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
20:06:00.766 Disk 0 MBR read successfully
20:06:00.782 Disk 0 MBR scan
20:06:00.860 Disk 0 unknown MBR code
20:06:00.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 334203 MB offset 63
20:06:00.922 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9193 MB offset 684449325
20:06:00.953 Disk 0 scanning sectors +703277505
20:06:01.109 Disk 0 scanning C:\Windows\system32\drivers
20:06:21.171 Service scanning
20:07:36.083 Modules scanning
20:07:59.987 Disk 0 trace - called modules:
20:08:00.112 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
20:08:00.112 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ccaac8]
20:08:00.127 3 CLASSPNP.SYS[807318b3] -> nt!IofCallDriver -> [0x8533b970]
20:08:00.143 5 acpi.sys[806166bc] -> nt!IofCallDriver -> \Device\00000090[0x8536c850]
20:08:10.882 AVAST engine scan C:\
09:05:18.114 Scan finished successfully
09:22:40.375 Disk 0 MBR has been saved successfully to "C:\Users\zorobejar\Desktop\MBR.dat"
09:22:40.422 The log file has been saved successfully to "C:\Users\zorobejar\Desktop\aswMBR.txt"



#4

Farbar Service Scanner Version: 10-06-2014
Ran by zorobejar (administrator) on 15-06-2014 at 11:44:18
Running from "C:\Users\zorobejar\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
 

LiquidTension

Malware Specialist
Joined
May 28, 2014
Messages
553
Hello Luis,

Before proceeding with the following instructions, I would like you to disable WinPatrol. The programme may interfere with the removal process, which is why I require you to temporarily disable it.

STEP 1
WinPatrol (Disable)
  • Open WinPatrol.
  • Click Options.
  • Remove the checkmark next to Automatically run WinPatrol when computer starts.
  • Click the X to close the window.
  • Right-click the dog icon
    in the system tray.
  • Click Exit Programme.

======================================================

Please consider and carry out the following:

P2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (Azureus Vuze). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

- Risks of File-Sharing Technology
- P2P Software User Advisories
- More malware is traveling on P2P networks these days

I suggest you remove any trace of file sharing software from your computer. You can uninstall your P2P file sharing software by:
  • Press the Windows Key
    + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for Azureus Vuze, right-click and click Uninstall one at a time.
  • Please inform if you decide to uninstall your P2P file sharing software. I will script out any remaining entries not removed.
If you decide against removing your P2P file sharing software, please ensure you refrain from P2P filesharing whilst your computer is being cleaned. Please be aware you may be denied assistance in future if you return with an infected machine having decided against removing your P2P file sharing software.

======================================================

Do you use Yahoo! software?
I recommend removing the following, which we can do later if you so wish.
  • AT&T Yahoo! Applications
  • AT&T Yahoo! Music Jukebox
  • Yahoo! Search Protection
  • Yahoo! browser extensions, add-ons, searchscopes, etc

======================================================

STEP 2
VirusTotal Upload
  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:

    • C:\Users\zorobejar\Desktop\MBR.dat

  • &#8203;Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.

STEP 3
Batch File
  • Press the Windows Key
    + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the quotebox below and paste into the Notepad document (do not include the word "Quote").
    @ECHO OFF
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0
  • Click Format. Ensure Wordwrap is unchecked.
  • Click File, Save As and name the file query.bat.
  • Select All Files as the Save as type.
  • Save the file to your desktop.
  • Locate query.bat
    (W8/7/Vista) on your desktop. Right-click the icon and select Run as Administrator.
  • Your computer should reboot. If not, please manually reboot.
  • Please re-run Farbar Service Scanner (FSS) as you did before. Copy the contents of the log and paste in your next reply.

  • Note: You may find certain Apple software (Bonjour) do not function correctly. This software can be reinstalled later.

======================================================

STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • Have you disabled WinPatrol?
  • Have you uninstalled Vuze?
  • Do you use Yahoo! software?
  • VirusTotal result
  • Did the batch file run successfully?
  • FSS.txt
 

Elbiglou

Thread Starter
Joined
Jan 31, 2012
Messages
76
Adam,

I have no idea what the Azures app is. No problem. Will delete all recommended items.

I use yahoo e-mail. That is the only yahoo app I use. Will any of those items affect Yahoo mail?

Also, I am getting an error message when trying to un-install Azures

"No JVM could be found on your system.
Please define EXE4J_JAVA_HOME
to point to an installed JDK or JRE or download a JRE from www.java.com

Thanks
 

Elbiglou

Thread Starter
Joined
Jan 31, 2012
Messages
76
Uninstalled yahoo jukebox and Messenger. Did not see the others you mentioned, we can do later as you recommend. no problem. Cant say I use any of them. Other than Yahoo mail as I mentioned.
 

Elbiglou

Thread Starter
Joined
Jan 31, 2012
Messages
76
  • Have you disabled WinPatrol? Yes.
  • Have you uninstalled Vuze? Could not. See prior response.
  • Do you use Yahoo! software? Yes, uninstalled jukebox and messenger which we dont use, could not find other yahoo softare you mentioned.
  • Stuck at Vuze uninstall
  • VirusTotal result
  • Did the batch file run successfully?
  • FSS.txt
 

LiquidTension

Malware Specialist
Joined
May 28, 2014
Messages
553
Hi Luis,

Do not worry about uninstalling Vuze; we will take care of that later. Please proceed with VirusTotal, and the rest of the instructions.

Thanks!
 

Elbiglou

Thread Starter
Joined
Jan 31, 2012
Messages
76
  • Have you disabled WinPatrol? Yes.
  • Have you uninstalled Vuze? Could not. See prior response.
  • Do you use Yahoo! software? Yes, uninstalled jukebox and messenger which we dont use, could not find other yahoo softare you mentioned.
  • VirusTotal result: https://www.virustotal.com/en/file/d...is/1403027510/

  • Did the batch file run successfully? Yes, PC re-footed afterwards
  • FSS.txt
Farbar Service Scanner Version: 10-06-2014
Ran by zorobejar (administrator) on 17-06-2014 at 13:07:41
Running from "C:\Users\zorobejar\Desktop"
Microsoft® Windows Vista&#8482; Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top