Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

arbitrary shut down/core dumps [Solved]

Started by polloq , Jul 18 2014 10:09 AM

  • This topic is locked This topic is locked

#1
polloq
Posted 18 July 2014 - 10:09 AM

polloq

    Member

  • Member
  • PipPip
  • 40 posts

  I had an issue a few months ago with being hijacked. Read your forums and administered your remedies, minus your teams reviewing. Seems a bad move on my part, for i am now experiencing core dumps & shut downs all tooo frequently.

 

  Please advise AND thanks in advance....

 

rick

 

Dell XPS desktop, windows 7


Edited by polloq, 18 July 2014 - 02:32 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 19 July 2014 - 12:53 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello polloq,

 

Welcome to Geekstogo.

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.


  • 0

#3
polloq
Posted 19 July 2014 - 04:58 PM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thanks for your prompt response, y'all are Great ! I write from my phone, for I can not get past error message(s) : LogonUI.exe-entry point not found, CoCreayeGuild could not be located in the dynamic link library ole32.dll
  • 0

#4
emeraldnzl
Posted 19 July 2014 - 05:14 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Have you tried booting to Safe Mode?

 

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) If you are asked what mode to bootup in press Esc to boot in the default settings
4) Instead of Windows loading as normal, a menu should appear
5) Select the option to run Windows in Safe Mode.


  • 0

#5
polloq
Posted 20 July 2014 - 09:42 AM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

I appreciate your response, needless to say...

I cant cut & paste (imagine my surprise !) The system is sooooo slow, therefore I will save the *.txt files to a flash drive & take it to my work computer Monday for further correspondence.

 

thanks for your due diligence,

Rick,


  • 0

#6
emeraldnzl
Posted 20 July 2014 - 02:49 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Look forward to hearing back. :)


  • 0

#7
polloq
Posted 21 July 2014 - 08:02 AM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by koosk (administrator) on KOOSK-PC on 19-07-2014 20:48:21
Running from C:\Users\koosk\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Farbar) C:\Users\koosk\Downloads\FRST (1).exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1128992775-539344384-568557328-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1128992775-539344384-568557328-1001\...\MountPoints2: {18150d24-aa4e-11df-ae92-806e6f6e6963} - D:\autorun/CDExtra.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {968E2376-E506-4265-BCD9-3CE46D37EC6B} URL = http://us.yhs.search...p={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....&fr=chr-offrhap
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: TidyNetwork -> {292776ED-33A9-30F9-EA5B-E9405D9F88E2} -> C:\Program Files\TidyNetwork\petn.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @ptc.com/ProductViewLite - C:\Program Files\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]

==================== Drivers (Whitelisted) ====================

R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)
R1 {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw; C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw.sys [52920 2014-04-28] (StdLib)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; No ImagePath
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 20:43 - 2014-07-19 20:46 - 00025396 _____ () C:\Users\koosk\Downloads\Addition.txt
2014-07-19 20:30 - 2014-07-19 20:54 - 00007049 _____ () C:\Users\koosk\Downloads\FRST.txt
2014-07-19 20:25 - 2014-07-19 20:49 - 00000000 ____D () C:\FRST
2014-07-19 20:21 - 2014-07-19 20:22 - 01079808 _____ (Farbar) C:\Users\koosk\Downloads\FRST (1).exe
2014-07-18 19:28 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 19:27 - 2014-05-30 01:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-18 19:23 - 2014-06-29 20:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-18 19:23 - 2014-06-29 20:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-18 19:21 - 2014-06-05 09:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 17:06 - 2014-07-18 17:06 - 00151496 _____ () C:\Windows\Minidump\071814-19624-01.dmp
2014-07-18 07:46 - 2014-07-18 07:46 - 00151096 _____ () C:\Windows\Minidump\071814-26161-01.dmp
2014-07-18 06:58 - 2014-07-18 06:58 - 00152736 _____ () C:\Windows\Minidump\071814-27658-01.dmp
2014-07-17 19:10 - 2014-07-17 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 19:09 - 2014-07-17 19:10 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:09 - 2014-07-17 19:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 19:00 - 2014-07-17 19:00 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-17 18:39 - 2014-07-17 18:39 - 00140096 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-17 18:37 - 2014-07-17 18:38 - 00152056 _____ () C:\Windows\Minidump\071714-30139-01.dmp
2014-07-17 17:16 - 2014-07-17 17:16 - 04755832 _____ (AVG Technologies) C:\Users\koosk\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-07-17 16:55 - 2014-07-18 17:06 - 223301718 _____ () C:\Windows\MEMORY.DMP
2014-07-17 16:55 - 2014-07-17 16:55 - 00151096 _____ () C:\Windows\Minidump\071714-33384-01.dmp
2014-07-15 20:24 - 2014-07-17 18:52 - 00000000 __SHD () C:\found.003
2014-07-15 19:13 - 2014-07-17 18:52 - 00000000 __SHD () C:\found.002
2014-07-15 06:04 - 2014-07-15 06:04 - 00000000 __SHD () C:\found.001
2014-07-15 04:37 - 2014-07-15 05:15 - 00000000 __SHD () C:\found.000
2014-07-09 08:57 - 2014-07-09 09:57 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-06-27 17:38 - 2014-06-27 17:38 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-27 17:36 - 2014-07-17 19:10 - 00000000 ____D () C:\Program Files\iTunes

==================== One Month Modified Files and Folders =======

2014-07-19 20:54 - 2014-07-19 20:30 - 00007049 _____ () C:\Users\koosk\Downloads\FRST.txt
2014-07-19 20:54 - 2010-08-17 17:26 - 01157158 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 20:49 - 2014-07-19 20:25 - 00000000 ____D () C:\FRST
2014-07-19 20:46 - 2014-07-19 20:43 - 00025396 _____ () C:\Users\koosk\Downloads\Addition.txt
2014-07-19 20:22 - 2014-07-19 20:21 - 01079808 _____ (Farbar) C:\Users\koosk\Downloads\FRST (1).exe
2014-07-19 20:13 - 2009-07-13 23:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 20:13 - 2009-07-13 23:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 20:06 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 20:05 - 2013-08-23 03:13 - 00003930 _____ () C:\Windows\setupact.log
2014-07-19 20:05 - 2011-02-12 11:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-19 03:21 - 2014-05-06 03:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-19 03:21 - 2009-07-14 02:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-19 02:57 - 2012-04-02 18:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-18 22:41 - 2011-12-23 00:50 - 00000000 ____D () C:\Bovada
2014-07-18 22:37 - 2010-08-17 13:43 - 00000000 ____D () C:\Users\koosk
2014-07-18 17:06 - 2014-07-18 17:06 - 00151496 _____ () C:\Windows\Minidump\071814-19624-01.dmp
2014-07-18 17:06 - 2014-07-17 16:55 - 223301718 _____ () C:\Windows\MEMORY.DMP
2014-07-18 17:06 - 2011-06-18 10:44 - 00000000 ____D () C:\Windows\Minidump
2014-07-18 07:46 - 2014-07-18 07:46 - 00151096 _____ () C:\Windows\Minidump\071814-26161-01.dmp
2014-07-18 06:58 - 2014-07-18 06:58 - 00152736 _____ () C:\Windows\Minidump\071814-27658-01.dmp
2014-07-17 19:10 - 2014-07-17 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 19:10 - 2014-07-17 19:09 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:10 - 2014-06-27 17:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 19:09 - 2014-07-17 19:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 19:09 - 2010-08-17 16:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-17 19:00 - 2014-07-17 19:00 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-17 18:52 - 2014-07-15 20:24 - 00000000 __SHD () C:\found.003
2014-07-17 18:52 - 2014-07-15 19:13 - 00000000 __SHD () C:\found.002
2014-07-17 18:52 - 2011-03-23 19:11 - 00000000 ____D () C:\Program Files\Steam
2014-07-17 18:46 - 2011-03-23 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-17 18:39 - 2014-07-17 18:39 - 00140096 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-17 18:38 - 2014-07-17 18:37 - 00152056 _____ () C:\Windows\Minidump\071714-30139-01.dmp
2014-07-17 17:16 - 2014-07-17 17:16 - 04755832 _____ (AVG Technologies) C:\Users\koosk\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-07-17 16:55 - 2014-07-17 16:55 - 00151096 _____ () C:\Windows\Minidump\071714-33384-01.dmp
2014-07-16 20:15 - 2009-07-13 23:53 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 20:10 - 2010-08-19 14:35 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-16 20:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-16 19:54 - 2014-05-18 12:40 - 00000000 ____D () C:\Windows\rescache
2014-07-16 19:54 - 2010-12-18 23:25 - 00000000 ____D () C:\Users\koosk\AppData\Local\Western_Digital
2014-07-16 19:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-16 19:53 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-07-15 06:04 - 2014-07-15 06:04 - 00000000 __SHD () C:\found.001
2014-07-15 05:15 - 2014-07-15 04:37 - 00000000 __SHD () C:\found.000
2014-07-10 03:06 - 2013-08-08 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 09:57 - 2014-07-09 08:57 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 09:57 - 2012-04-02 18:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 09:57 - 2011-06-04 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-29 20:40 - 2014-07-18 19:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 20:36 - 2014-07-18 19:23 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 17:38 - 2014-06-27 17:38 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk

Some content of TEMP:
====================
C:\Users\koosk\AppData\Local\Temp\239e6e95-3c0e-4cdc-b844-1c1e47719221.exe
C:\Users\koosk\AppData\Local\Temp\BackupSetup.exe
C:\Users\koosk\AppData\Local\Temp\cloud_backup_setup.exe
C:\Users\koosk\AppData\Local\Temp\fp2.exe
C:\Users\koosk\AppData\Local\Temp\freesofttoday.exe
C:\Users\koosk\AppData\Local\Temp\helper.exe
C:\Users\koosk\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\koosk\AppData\Local\Temp\nskCDFE.exe
C:\Users\koosk\AppData\Local\Temp\nsm2FDA.exe
C:\Users\koosk\AppData\Local\Temp\nsp476F.exe
C:\Users\koosk\AppData\Local\Temp\Quarantine.exe
C:\Users\koosk\AppData\Local\Temp\sp-downloader.exe
C:\Users\koosk\AppData\Local\Temp\speedupmypc.exe
C:\Users\koosk\AppData\Local\Temp\spidentifierimpl.exe
C:\Users\koosk\AppData\Local\Temp\spidentifierimpl2.exe
C:\Users\koosk\AppData\Local\Temp\sqlite3.exe
C:\Users\koosk\AppData\Local\Temp\swa1_23.exe
C:\Users\koosk\AppData\Local\Temp\vopackage.exe
C:\Users\koosk\AppData\Local\Temp\wajam_download.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 08:24

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-07-2014
Ran by koosk at 2014-07-19 20:56:53
Running from C:\Users\koosk\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
AML Free Registry Cleaner 4.7 (HKLM\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version:  - AML SOFT, Inc.)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Pro/ENGINEER Student Edition Release Wildfire 5.0 Datecode M040 (HKLM\...\Pro/ENGINEER Student Edition Release Wildfire 5.0 Datecode M040) (Version: Wildfire 5.0 - PTC)
Pro/ENGINEER Thumbnail Viewer 1.0 (HKLM\...\{D58D1297-B2FA-4C6F-B6D4-E1819368ED2E}) (Version: 28.10.100 - PTC)
ProductView Express 9.1 (HKLM\...\{EDEFC3A2-350F-45F1-AC8E-2B3A2D352235}) (Version: 9.1.40.14 - PTC)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)

==================== Restore Points  =========================

10-07-2014 08:00:29 Windows Update
16-07-2014 00:42:14 Windows Update
16-07-2014 01:01:57 Removed Steam
17-07-2014 00:33:06 Restore Operation
17-07-2014 23:46:14 Removed Steam
18-07-2014 00:00:13 AA11
18-07-2014 22:15:10 Restore Operation
19-07-2014 00:27:30 Windows Update
19-07-2014 08:00:31 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {047C8A40-BDE8-47DE-B0CF-683A00074A43} - System32\Tasks\TidyNetwork Update => C:\Users\koosk\AppData\Local\TidyNetwork\petnupdate.exe
Task: {5AFF75CA-C372-4CA6-803F-790C13BBE756} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {64D6C05B-2971-47E9-A9D9-2DB123374EFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F7A4D761-1310-43C2-B52C-2CF27EFF3E59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-19 16:49 - 2009-08-19 16:49 - 00049152 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-07-29 16:24 - 2009-07-29 16:24 - 00504293 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^koosk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\Windows\pss\ERUNT AutoBackup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier =>
MSCONFIG\startupreg: InstallMon =>
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 08:16:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ed0

Start Time: 01cfa3b743423502

Termination Time: 1435

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/19/2014 05:45:00 PM) (Source: WinMgmt) (EventID: 29) (User: )
Description: 0x80041014

Error: (07/19/2014 01:25:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 01:25:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 01:11:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/19/2014 01:11:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2014 05:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_LanmanWorkstation, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: wkssvc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba53
Exception code: 0xc0000005
Fault offset: 0x00001cb1
Faulting process id: 0x49c
Faulting application start time: 0xsvchost.exe_LanmanWorkstation0
Faulting application path: svchost.exe_LanmanWorkstation1
Faulting module path: svchost.exe_LanmanWorkstation2
Report Id: svchost.exe_LanmanWorkstation3

Error: (07/18/2014 07:55:13 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows host process (Rundll32) because of this error.

Program: Windows host process (Rundll32)
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (07/18/2014 07:55:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: tquery.dll, version: 7.0.7601.17610, time stamp: 0x4dc0d569
Exception code: 0xc000001d
Fault offset: 0x000427f8
Faulting process id: 0x9bc
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3

Error: (07/18/2014 07:51:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: kernel32.dll, version: 6.1.7601.18409, time stamp: 0x531599f5
Exception code: 0xc0000005
Fault offset: 0x0004c40d
Faulting process id: 0xf48
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (07/19/2014 08:16:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/19/2014 08:15:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (07/19/2014 08:14:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (07/19/2014 08:14:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Security Center service hung on starting.

Error: (07/19/2014 08:13:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (07/19/2014 08:12:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.

Error: (07/19/2014 08:09:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/19/2014 08:09:40 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/19/2014 08:07:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Null
TfFsMon
TfSysMon

Error: (07/19/2014 05:45:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%13


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-16 19:34:35.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:34:34.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:34:34.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:34:34.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:34:33.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:33:58.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:30:44.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:30:43.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:30:43.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:30:43.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 93%
Total physical RAM: 306.85 MB
Available physical RAM: 19.5 MB
Total Pagefile: 4401.85 MB
Available Pagefile: 3280.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:28.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SEAN_KINGSTON) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 5D6A7BAF)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#8
emeraldnzl
Posted 21 July 2014 - 03:49 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello polloq,

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Download TFC.exe from  here (Vista and above users right click and run as Administrator).

If you are asked "Do you want to allow the following program..." click yes.

The "Temp file cleaner by Oldtimer" console will pop up. Click continue and allow it to do it's job.

You may be asked to reboot when it is finished. Please do so.

If you are not asked to reboot you may be confronted with two windows. One will be the Temp File Cleaner console with a report of what has been cleaned. The other will just be a window showing your libraries etc. They can both be closed.

You are finished.

Next

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

Finally in this post

Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

So when you return please post

  • Fixlog.txt
  • AdwCleaner log
  • JRT.txt

 


  • 0

#9
polloq
Posted 22 July 2014 - 07:05 AM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

...i am impressed, ALMOST like new !!, but, error on a CRT issue & Internet Explorer hic-cups. THANKS for making MY day....

There is light at the end of the tunnel & it is NOT a freight train !!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by koosk at 2014-07-21 20:39:02 Run:1
Running from C:\Users\koosk\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {968E2376-E506-4265-BCD9-3CE46D37EC6B} URL = http://us.yhs.search...p={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....&fr=chr-offrhap
BHO: TidyNetwork -> {292776ED-33A9-30F9-EA5B-E9405D9F88E2} -> C:\Program Files\TidyNetwork\petn.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
R1 {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw; C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw.sys [52920 2014-04-28] (StdLib)
C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw.sys
C:\Users\koosk\AppData\Local\Temp\239e6e95-3c0e-4cdc-b844-1c1e47719221.exe
C:\Users\koosk\AppData\Local\Temp\BackupSetup.exe
C:\Users\koosk\AppData\Local\Temp\cloud_backup_setup.exe
C:\Users\koosk\AppData\Local\Temp\fp2.exe
C:\Users\koosk\AppData\Local\Temp\freesofttoday.exe
C:\Users\koosk\AppData\Local\Temp\helper.exe
C:\Users\koosk\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\koosk\AppData\Local\Temp\nskCDFE.exe
C:\Users\koosk\AppData\Local\Temp\nsm2FDA.exe
C:\Users\koosk\AppData\Local\Temp\nsp476F.exe
C:\Users\koosk\AppData\Local\Temp\Quarantine.exe
C:\Users\koosk\AppData\Local\Temp\sp-downloader.exe
C:\Users\koosk\AppData\Local\Temp\speedupmypc.exe
C:\Users\koosk\AppData\Local\Temp\spidentifierimpl.exe
C:\Users\koosk\AppData\Local\Temp\spidentifierimpl2.exe
C:\Users\koosk\AppData\Local\Temp\sqlite3.exe
C:\Users\koosk\AppData\Local\Temp\swa1_23.exe
C:\Users\koosk\AppData\Local\Temp\vopackage.exe
C:\Users\koosk\AppData\Local\Temp\wajam_download.exe
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
*****************

'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}' => Key deleted successfully.
'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}' => Key deleted successfully.
'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{968E2376-E506-4265-BCD9-3CE46D37EC6B}' => Key deleted successfully.
'HKCR\CLSID\{968E2376-E506-4265-BCD9-3CE46D37EC6B}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}' => Key deleted successfully.
'HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{292776ED-33A9-30F9-EA5B-E9405D9F88E2}' => Key deleted successfully.
'HKCR\CLSID\{292776ED-33A9-30F9-EA5B-E9405D9F88E2}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw => Service stopped successfully.
{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw => Service deleted successfully.
C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw.sys => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\239e6e95-3c0e-4cdc-b844-1c1e47719221.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\cloud_backup_setup.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\fp2.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\freesofttoday.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\helper.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\newvideoplayersetup.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\nskCDFE.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\nsm2FDA.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\nsp476F.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\sp-downloader.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\speedupmypc.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\spidentifierimpl.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\spidentifierimpl2.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\swa1_23.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\vopackage.exe => Moved successfully.
C:\Users\koosk\AppData\Local\Temp\wajam_download.exe => Moved successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

==== End of Fixlog ====

 

# AdwCleaner v3.216 - Report created 21/07/2014 at 21:44:47
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : koosk - KOOSK-PC
# Running from : C:\Users\koosk\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\savingtoYYou
Folder Deleted : C:\Users\koosk\AppData\Local\globalUpdate
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Savingtooyoou.Savingtooyoou
Key Deleted : HKLM\SOFTWARE\Classes\Savingtooyoou.Savingtooyoou.2.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F347D3CF-8DAC-2369-ECFE-76459C01994C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F347D3CF-8DAC-2369-ECFE-76459C01994C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F347D3CF-8DAC-2369-ECFE-76459C01994C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F347D3CF-8DAC-2369-ECFE-76459C01994C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\FreeSoftToday
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Google Chrome v

*************************

AdwCleaner[R1].txt - [2508 octets] - [21/07/2014 21:41:21]
AdwCleaner[S1].txt - [2487 octets] - [21/07/2014 21:44:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2547 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by koosk on Mon 07/21/2014 at 21:49:38.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/21/2014 at 21:52:55.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by polloq, 22 July 2014 - 09:16 AM.

  • 0

#10
emeraldnzl
Posted 22 July 2014 - 02:41 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello polloq,

 

 

but, error on a CRT issue & Internet Explorer hic-cups

 

We will check those out it the problems still persist after the next actions.

 

Now

 

Please download Malwarebytes Anti-Malware Free from here .

  • Double click to install the progamme
  • When the popup "Completing the Malwarebytes Anti-Malware Setup Wizard" appears, uncheck the box enable free trial of Malwarebytes Anti-Malware Premium

MBAMcompletinginstall.jpg



  • The MBAM console/dashboard will appear together with an alert to update - click the green button Update Now
  • When update is complete select Settings > Detection and Protection and make sure the box Scan for rootkits its checked (ticked)

MBAMSettings-1.jpg

Go back to the Dashboard and click on the green Scan Now button.

MBAM1.jpg



  • If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.

MBAMReboot.JPG



  • On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
  • Click on the Export button and select Text file and save to the desktop

MBAMLog.JPG

Copy and paste the log back here.

 

 

Next

 

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

 

So when you return please post

MBAM log

FRST.txt

Addition.txt


  • 0

Advertisements

#11
polloq
Posted 22 July 2014 - 05:06 PM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

G'Day ! But not in Mal-frikken-ware land. :(

got to 'update / scan now then it 'had' to shut down, numerous times


  • 0

#12
emeraldnzl
Posted 22 July 2014 - 05:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hmm... there have been reports of some people having trouble running MBAM recently.

 

I take it that Malwarebytes is the one you are referring to. Did it finally finish the job?

 

Let's see if there is a log there.

 

Open Malwarebytes and go to History(see along the top of the console)

On the left hand side click on Application logs

Click on the last Scan Log

Click Export lower left button then click Text file and save the file as MBAM log to somewhere you can find it.

Navigate to where you have saved it and open the MBAM log txt file.

Copy and paste the contents back here.


  • 0

#13
polloq
Posted 23 July 2014 - 12:28 AM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Malewarebytes FINALLY finished AFTER I went to task manager to close processes 'Java updater' & 'Adobe Scheduler', in addition to NOT having an Internet browser being open. Sprinkled in between were a couple core dumps.  STILL cant 'copy & paste', but will do so as soon as I arrive to work in 8 hours....


  • 0

#14
emeraldnzl
Posted 23 July 2014 - 01:53 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

:thumbsup:


  • 0

#15
polloq
Posted 23 July 2014 - 07:40 AM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 7/22/2014 5:38:11 PM, SYSTEM, KOOSK-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 7/22/2014 5:38:13 PM, SYSTEM, KOOSK-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.22.11,
Update, 7/22/2014 5:51:23 PM, SYSTEM, KOOSK-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 7/22/2014 5:51:25 PM, SYSTEM, KOOSK-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.22.11,
Update, 7/22/2014 6:02:26 PM, SYSTEM, KOOSK-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 7/22/2014 6:02:28 PM, SYSTEM, KOOSK-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.22.11,
Update, 7/22/2014 6:08:26 PM, SYSTEM, KOOSK-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 7/22/2014 6:08:28 PM, SYSTEM, KOOSK-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.22.11,
Update, 7/22/2014 6:25:09 PM, SYSTEM, KOOSK-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 7/22/2014 6:25:11 PM, SYSTEM, KOOSK-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.22.11,
Update, 7/22/2014 6:26:11 PM, SYSTEM, KOOSK-PC, Manual, Rootkit Database, 0.0.0.0, 2014.7.17.1,
Update, 7/22/2014 6:26:12 PM, SYSTEM, KOOSK-PC, Manual, Remediation Database, 0.0.0.0, 2013.10.16.1,
Update, 7/22/2014 6:26:13 PM, SYSTEM, KOOSK-PC, Manual, Malware Database, 0.0.0.0, 2014.7.22.11,
Update, 7/22/2014 6:26:23 PM, SYSTEM, KOOSK-PC, Manual, Remediation Database, 0.0.0.0, 2013.10.16.1,
Update, 7/22/2014 6:26:24 PM, SYSTEM, KOOSK-PC, Manual, Rootkit Database, 0.0.0.0, 2014.7.17.1,
Update, 7/22/2014 6:26:24 PM, SYSTEM, KOOSK-PC, Manual, Malware Database, 0.0.0.0, 2014.7.22.11,
Update, 7/22/2014 7:30:53 PM, SYSTEM, KOOSK-PC, Manual, Rootkit Database, 0.0.0.0, 2014.7.17.1,
Update, 7/22/2014 7:30:56 PM, SYSTEM, KOOSK-PC, Manual, Malware Database, 0.0.0.0, 2014.7.22.11,
Update, 7/22/2014 7:30:57 PM, SYSTEM, KOOSK-PC, Manual, Remediation Database, 0.0.0.0, 2013.10.16.1,

(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by koosk (administrator) on KOOSK-PC on 23-07-2014 00:55:03
Running from C:\Users\koosk\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Mal (the data entry has 24 more characters).
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1128992775-539344384-568557328-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1128992775-539344384-568557328-1001\...\MountPoints2: {18150d24-aa4e-11df-ae92-806e6f6e6963} - D:\autorun/CDExtra.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @ptc.com/ProductViewLite - C:\Program Files\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed]
S2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]

==================== Drivers (Whitelisted) ====================

R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-22] (Malwarebytes Corporation)
S2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)
S0 bgqwlcbv; System32\drivers\thsqyxql.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; No ImagePath
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 00:55 - 2014-07-23 00:55 - 00005204 _____ () C:\Users\koosk\Downloads\FRST.txt
2014-07-23 00:53 - 2014-07-23 00:53 - 00151288 _____ () C:\Windows\Minidump\072314-31325-01.dmp
2014-07-23 00:47 - 2014-07-23 00:47 - 00151096 _____ () C:\Windows\Minidump\072314-45770-01.dmp
2014-07-22 20:01 - 2014-07-22 20:02 - 00000000 ____D () C:\Users\koosk\Desktop\ad_fix_jrt200713
2014-07-22 19:58 - 2014-07-22 19:59 - 00150856 _____ () C:\Windows\Minidump\072214-38407-01.dmp
2014-07-22 18:54 - 2014-07-22 18:54 - 00151992 _____ () C:\Windows\Minidump\072214-20576-01.dmp
2014-07-22 18:52 - 2014-07-22 18:52 - 00006768 ____N () C:\bootsqm.dat
2014-07-22 18:01 - 2014-07-22 18:23 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 18:01 - 2014-07-22 17:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koosk\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-22 17:51 - 2014-07-22 19:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 17:50 - 2014-07-22 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 17:50 - 2014-07-22 18:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-22 17:50 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-22 17:50 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-22 17:50 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-22 17:35 - 2014-07-22 17:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koosk\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 17:20 - 2014-07-22 17:20 - 00151704 _____ () C:\Windows\Minidump\072214-16567-01.dmp
2014-07-22 06:29 - 2014-07-22 06:29 - 00131072 _____ () C:\Windows\Minidump\072214-17846-01.dmp
2014-07-21 23:03 - 2014-07-21 23:03 - 00000000 ____D () C:\Windows\rescache
2014-07-21 21:49 - 2014-07-21 21:49 - 01016261 _____ (Thisisu) C:\Users\koosk\Downloads\JRT.exe
2014-07-21 21:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-21 21:40 - 2014-07-21 21:44 - 00000000 ____D () C:\AdwCleaner
2014-07-21 21:40 - 2014-07-21 21:40 - 01354223 _____ () C:\Users\koosk\Downloads\AdwCleaner.exe
2014-07-21 18:06 - 2014-07-21 18:06 - 00151096 _____ () C:\Windows\Minidump\072114-23431-01.dmp
2014-07-20 15:45 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 15:45 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 15:45 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 15:45 - 2014-06-18 18:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 15:45 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 15:45 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 15:45 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 15:45 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 15:45 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 15:45 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 15:45 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 15:45 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 15:45 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 15:45 - 2014-06-18 18:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 15:45 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 15:45 - 2014-06-18 18:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 15:45 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 15:45 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 15:45 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 15:45 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 15:45 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 15:45 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 15:45 - 2014-06-18 17:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 15:45 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 15:45 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 15:45 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 15:45 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 15:45 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 15:45 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 15:45 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 12:57 - 2014-07-20 12:57 - 01080320 _____ (Farbar) C:\Users\koosk\Downloads\FRST.exe
2014-07-20 12:57 - 2014-07-20 12:57 - 00000000 ____D () C:\Users\koosk\Downloads\FRST-OlderVersion
2014-07-19 21:42 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-19 21:42 - 2014-06-17 19:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-19 21:37 - 2014-07-19 21:37 - 00000000 ____D () C:\Windows\CheckSur
2014-07-19 20:43 - 2014-07-19 21:01 - 00025396 _____ () C:\Users\koosk\Downloads\Addition.txt
2014-07-19 20:25 - 2014-07-23 00:55 - 00000000 ____D () C:\FRST
2014-07-18 19:28 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 19:27 - 2014-05-30 01:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-18 19:23 - 2014-06-29 20:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-18 19:23 - 2014-06-29 20:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-18 19:21 - 2014-06-05 09:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 17:06 - 2014-07-18 17:06 - 00151496 _____ () C:\Windows\Minidump\071814-19624-01.dmp
2014-07-18 07:46 - 2014-07-18 07:46 - 00151096 _____ () C:\Windows\Minidump\071814-26161-01.dmp
2014-07-18 06:58 - 2014-07-18 06:58 - 00152736 _____ () C:\Windows\Minidump\071814-27658-01.dmp
2014-07-17 19:10 - 2014-07-17 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 19:09 - 2014-07-17 19:10 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:09 - 2014-07-17 19:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 19:00 - 2014-07-17 19:00 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-17 18:39 - 2014-07-17 18:39 - 00140096 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-17 18:37 - 2014-07-17 18:38 - 00152056 _____ () C:\Windows\Minidump\071714-30139-01.dmp
2014-07-17 17:16 - 2014-07-17 17:16 - 04755832 _____ (AVG Technologies) C:\Users\koosk\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-07-17 16:55 - 2014-07-23 00:52 - 183050326 _____ () C:\Windows\MEMORY.DMP
2014-07-17 16:55 - 2014-07-17 16:55 - 00151096 _____ () C:\Windows\Minidump\071714-33384-01.dmp
2014-07-15 20:24 - 2014-07-17 18:52 - 00000000 __SHD () C:\found.003
2014-07-15 19:13 - 2014-07-17 18:52 - 00000000 __SHD () C:\found.002
2014-07-15 06:04 - 2014-07-15 06:04 - 00000000 __SHD () C:\found.001
2014-07-15 04:37 - 2014-07-15 05:15 - 00000000 __SHD () C:\found.000
2014-07-09 08:57 - 2014-07-09 09:57 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-06-27 17:38 - 2014-06-27 17:38 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-27 17:36 - 2014-07-17 19:10 - 00000000 ____D () C:\Program Files\iTunes

==================== One Month Modified Files and Folders =======

2014-07-23 00:55 - 2014-07-23 00:55 - 00005204 _____ () C:\Users\koosk\Downloads\FRST.txt
2014-07-23 00:55 - 2014-07-19 20:25 - 00000000 ____D () C:\FRST
2014-07-23 00:53 - 2014-07-23 00:53 - 00151288 _____ () C:\Windows\Minidump\072314-31325-01.dmp
2014-07-23 00:53 - 2011-06-18 10:44 - 00000000 ____D () C:\Windows\Minidump
2014-07-23 00:52 - 2014-07-17 16:55 - 183050326 _____ () C:\Windows\MEMORY.DMP
2014-07-23 00:48 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 00:47 - 2014-07-23 00:47 - 00151096 _____ () C:\Windows\Minidump\072314-45770-01.dmp
2014-07-23 00:47 - 2013-08-23 03:13 - 00005956 _____ () C:\Windows\setupact.log
2014-07-23 00:47 - 2011-02-12 11:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 20:02 - 2014-07-22 20:01 - 00000000 ____D () C:\Users\koosk\Desktop\ad_fix_jrt200713
2014-07-22 19:59 - 2014-07-22 19:58 - 00150856 _____ () C:\Windows\Minidump\072214-38407-01.dmp
2014-07-22 19:58 - 2010-08-25 14:51 - 00389574 _____ () C:\Windows\PFRO.log
2014-07-22 19:55 - 2010-08-17 17:26 - 01532326 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 19:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Resources
2014-07-22 19:33 - 2009-07-13 23:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 19:33 - 2009-07-13 23:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 19:31 - 2014-07-22 17:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 18:54 - 2014-07-22 18:54 - 00151992 _____ () C:\Windows\Minidump\072214-20576-01.dmp
2014-07-22 18:52 - 2014-07-22 18:52 - 00006768 ____N () C:\bootsqm.dat
2014-07-22 18:23 - 2014-07-22 18:01 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 18:23 - 2014-07-22 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 18:23 - 2014-07-22 17:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-22 17:57 - 2012-04-02 18:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-22 17:51 - 2014-07-22 18:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koosk\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-22 17:51 - 2014-07-22 17:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koosk\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 17:36 - 2010-10-16 15:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 17:20 - 2014-07-22 17:20 - 00151704 _____ () C:\Windows\Minidump\072214-16567-01.dmp
2014-07-22 06:29 - 2014-07-22 06:29 - 00131072 _____ () C:\Windows\Minidump\072214-17846-01.dmp
2014-07-22 02:35 - 2009-07-13 23:53 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-21 23:03 - 2014-07-21 23:03 - 00000000 ____D () C:\Windows\rescache
2014-07-21 21:49 - 2014-07-21 21:49 - 01016261 _____ (Thisisu) C:\Users\koosk\Downloads\JRT.exe
2014-07-21 21:44 - 2014-07-21 21:40 - 00000000 ____D () C:\AdwCleaner
2014-07-21 21:40 - 2014-07-21 21:40 - 01354223 _____ () C:\Users\koosk\Downloads\AdwCleaner.exe
2014-07-21 18:06 - 2014-07-21 18:06 - 00151096 _____ () C:\Windows\Minidump\072114-23431-01.dmp
2014-07-20 17:44 - 2010-08-17 13:43 - 00000000 ____D () C:\Users\koosk
2014-07-20 17:39 - 2010-08-17 13:52 - 00797890 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-20 12:57 - 2014-07-20 12:57 - 01080320 _____ (Farbar) C:\Users\koosk\Downloads\FRST.exe
2014-07-20 12:57 - 2014-07-20 12:57 - 00000000 ____D () C:\Users\koosk\Downloads\FRST-OlderVersion
2014-07-20 12:39 - 2009-07-13 23:33 - 00377824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-19 21:37 - 2014-07-19 21:37 - 00000000 ____D () C:\Windows\CheckSur
2014-07-19 21:01 - 2014-07-19 20:43 - 00025396 _____ () C:\Users\koosk\Downloads\Addition.txt
2014-07-19 03:21 - 2014-05-06 03:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-19 03:21 - 2009-07-14 02:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 22:41 - 2011-12-23 00:50 - 00000000 ____D () C:\Bovada
2014-07-18 17:06 - 2014-07-18 17:06 - 00151496 _____ () C:\Windows\Minidump\071814-19624-01.dmp
2014-07-18 07:46 - 2014-07-18 07:46 - 00151096 _____ () C:\Windows\Minidump\071814-26161-01.dmp
2014-07-18 06:58 - 2014-07-18 06:58 - 00152736 _____ () C:\Windows\Minidump\071814-27658-01.dmp
2014-07-17 19:10 - 2014-07-17 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 19:10 - 2014-07-17 19:09 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:10 - 2014-06-27 17:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 19:09 - 2014-07-17 19:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 19:09 - 2010-08-17 16:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-17 19:00 - 2014-07-17 19:00 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-17 18:52 - 2014-07-15 20:24 - 00000000 __SHD () C:\found.003
2014-07-17 18:52 - 2014-07-15 19:13 - 00000000 __SHD () C:\found.002
2014-07-17 18:52 - 2011-03-23 19:11 - 00000000 ____D () C:\Program Files\Steam
2014-07-17 18:46 - 2011-03-23 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-17 18:39 - 2014-07-17 18:39 - 00140096 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-17 18:38 - 2014-07-17 18:37 - 00152056 _____ () C:\Windows\Minidump\071714-30139-01.dmp
2014-07-17 17:16 - 2014-07-17 17:16 - 04755832 _____ (AVG Technologies) C:\Users\koosk\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-07-17 16:55 - 2014-07-17 16:55 - 00151096 _____ () C:\Windows\Minidump\071714-33384-01.dmp
2014-07-16 20:10 - 2010-08-19 14:35 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-16 20:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-16 19:54 - 2010-12-18 23:25 - 00000000 ____D () C:\Users\koosk\AppData\Local\Western_Digital
2014-07-16 19:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-16 19:53 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-07-15 06:04 - 2014-07-15 06:04 - 00000000 __SHD () C:\found.001
2014-07-15 05:15 - 2014-07-15 04:37 - 00000000 __SHD () C:\found.000
2014-07-10 03:06 - 2013-08-08 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 09:57 - 2014-07-09 08:57 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 09:57 - 2012-04-02 18:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 09:57 - 2011-06-04 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-29 20:40 - 2014-07-18 19:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 20:36 - 2014-07-18 19:23 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 17:38 - 2014-06-27 17:38 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk

Some content of TEMP:
====================
C:\Users\koosk\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 08:24

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-07-2014
Ran by koosk at 2014-07-23 00:56:09
Running from C:\Users\koosk\Downloads
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
AML Free Registry Cleaner 4.7 (HKLM\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version:  - AML SOFT, Inc.)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver (Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Pro/ENGINEER Student Edition Release Wildfire 5.0 Datecode M040 (HKLM\...\Pro/ENGINEER Student Edition Release Wildfire 5.0 Datecode M040) (Version: Wildfire 5.0 - PTC)
Pro/ENGINEER Thumbnail Viewer 1.0 (HKLM\...\{D58D1297-B2FA-4C6F-B6D4-E1819368ED2E}) (Version: 28.10.100 - PTC)
ProductView Express 9.1 (HKLM\...\{EDEFC3A2-350F-45F1-AC8E-2B3A2D352235}) (Version: 9.1.40.14 - PTC)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)

==================== Restore Points  =========================

10-07-2014 08:00:29 Windows Update
16-07-2014 00:42:14 Windows Update
16-07-2014 01:01:57 Removed Steam
17-07-2014 00:33:06 Restore Operation
17-07-2014 23:46:14 Removed Steam
18-07-2014 00:00:13 AA11
18-07-2014 22:15:10 Restore Operation
19-07-2014 00:27:30 Windows Update
19-07-2014 08:00:31 Windows Update
20-07-2014 02:35:55 Windows Update
20-07-2014 12:55:47 Windows Update
21-07-2014 08:00:57 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {047C8A40-BDE8-47DE-B0CF-683A00074A43} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {5AFF75CA-C372-4CA6-803F-790C13BBE756} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {64D6C05B-2971-47E9-A9D9-2DB123374EFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F7A4D761-1310-43C2-B52C-2CF27EFF3E59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^koosk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\Windows\pss\ERUNT AutoBackup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier =>
MSCONFIG\startupreg: InstallMon =>
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2014 07:16:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0xf20
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/22/2014 07:15:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0xebc
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/22/2014 07:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0xe34
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/22/2014 07:14:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0xdc8
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/22/2014 07:14:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0xd4c
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/22/2014 07:13:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0xd00
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/22/2014 07:13:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0xc4c
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/22/2014 07:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0xbf4
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/22/2014 07:12:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0x8f8
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/22/2014 07:11:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79505
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda05
Exception code: 0xc0000005
Fault offset: 0x00038630
Faulting process id: 0x86c
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3


System errors:
=============
Error: (07/23/2014 00:53:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/23/2014 00:53:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (07/23/2014 00:53:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (07/23/2014 00:53:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/23/2014 00:53:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/23/2014 00:53:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/23/2014 00:53:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/23/2014 00:53:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/23/2014 00:53:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/23/2014 00:53:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-16 19:34:35.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:34:34.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:34:34.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:34:34.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:34:33.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:33:58.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:30:44.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:30:43.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:30:43.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:30:43.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wintrust.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 1022.05 MB
Available physical RAM: 575.04 MB
Total Pagefile: 5117.05 MB
Available Pagefile: 4663.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:26.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SEAN_KINGSTON) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS
Drive i: (STORE N GO) (Removable) (Total:7.46 GB) (Free:7.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 5D6A7BAF)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP