Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Blue Screen when I start up my computer [Solved]

Started by adrian8311 , Feb 28 2015 04:48 AM

This topic is locked

#16
adrian8311

Posted 03 March 2015 - 05:59 AM

Member

Topic Starter
Member
26 posts

Here is the ESET Log

C:\Adrian\Business\Android\Source Code Example\Source code\SMS\bin\classes.dex a variant of Android/TrojanSMS.Agent.AHV trojan cleaned by deleting - quarantined

C:\Adrian\Business\Android\Works\SMS\bin\classes.dex a variant of Android/TrojanSMS.Agent.AHV trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite.H potentially unwanted application deleted - quarantined

C:\Program Files\NCH Software\Debut\debut.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined

C:\Program Files\NCH Software\Debut\debutsetup_v1.70.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined

C:\Users\Ricardo\Downloads\AdobeReader_installer.exe a variant of Win32/InstallCore.TT potentially unwanted application deleted - quarantined

#17
BrianDrab

Posted 03 March 2015 - 07:13 AM

Trusted Helper

Malware Removal
3,591 posts

I actually run into blue screen while I was running the JRT scan.

Thanks for letting me know.

Please do the following.

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Step#2 - Security Check

1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Items for your next post

1. Rootkit Scan log

2. Security Check log

#18
adrian8311

Posted 04 March 2015 - 02:15 AM

Member

Topic Starter
Member
26 posts

I think my computer still have some issue, it was frozen for twice today, but it didn't go into blue screen.

Not sure if that's fixed?

#19
adrian8311

Posted 04 March 2015 - 05:08 AM

Member

Topic Starter
Member
26 posts

This is from Rootkit:

Run date: 2015-03-04 21:56:04

-----------------------------

21:56:04.015 OS Version: Windows 6.0.6002 Service Pack 2

21:56:04.015 Number of processors: 2 586 0x170A

21:56:04.015 ComputerName: RICARDO-PC UserName: Ricardo

21:56:12.961 Initialze error C000010E - driver not loaded

21:58:45.508 AVAST engine defs: 15030301

21:59:01.979 The log file has been saved successfully to "C:\Users\Ricardo\Desktop\aswMBR.txt"

#20
adrian8311

Posted 04 March 2015 - 05:09 AM

Member

Topic Starter
Member
26 posts

This is from Security Check log

Results of screen317's Security Check version 0.99.97

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

ESET NOD32 Antivirus 4.2

Antivirus out of date!

`````````Anti-malware/Other Utilities Check:`````````

Java 8 Update 31

Java version 32-bit out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Java 64-bit 8 Update 31

Adobe Reader 10.1.6 Adobe Reader out of Date!

Google Chrome (40.0.2214.111)

Google Chrome (40.0.2214.115)

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSASCui.exe

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

Windows Defender MSASCui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0 %

````````````````````End of Log``````````````````````

#21
BrianDrab

Posted 04 March 2015 - 07:23 AM

Trusted Helper

Malware Removal
3,591 posts

I think my computer still have some issue, it was frozen for twice today, but it didn't go into blue screen.
Not sure if that's fixed?

We'll get there, don't worry. My primary job is to rid you of malware and then we can look at remaining issues.

I believe you are malware free at the moment but we need to button your machine up as you have programs that are outdated and in an insecure state. Please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. fixlist.txt 45bytes 203 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#2 - Keep Adobe Reader Updated
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Step#3 - Adobe Flash Player
There's a very nasty piece of malware going around right now called Cryptowall. It's very destructive and most recently the newest variant is exploiting unpatched versions of Adobe Flash. Let's make sure you get current.
1. Determine if you have the most current version by going to this website. If your version represented by the top box matches the version in the bottom box you are current.

2. If your version is older than the current then click on the Player Download Center link (shown in the screen shot above).
3. You will be brought to the install/update page. Ensure you uncheck any optional offers (unless you want them of course) and then click on Install Now.

4. You may be prompted to run the installer. Go ahead and do this.
5. When it's complete, click Finish. You now have the latest version. You can verify by going back to this website if you feel the need.

Step#4 - Antivirus Outdated

Your current antivirus solution is ESET NOD32 4.2. Is your subscription still active on this? The current version is 5.0 I believe and it's important to keep these updated. If your subscription is not updated and you would like to switch to a free version so you don't have to worry about renewing all the time then please uninstall ESET NOD32 and install Microsoft Security Essentials (which I use) or Avast.

Microsoft Security Essentials
Avast! (If you decide on this one, please ensure you uncheck the Google Toolbar and Google Chrome that is offered on the first screen of the install...unless you want them for some reason). In addition if you choose Avast!, please ensure that Windows Defender is disabled. Instructions for doing so are here.

Items for your next post

1. FRST Fix log

2. What did you decide to do on your AV?

#22
adrian8311

Posted 05 March 2015 - 05:26 AM

Member

Topic Starter
Member
26 posts

Thanks for your help so far, really appreciated.

There was blue screen during uninstall adobe and reinstall adobe

Here is the Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015

Ran by Ricardo at 2015-03-05 21:38:05 Run:3

Running from C:\Users\Ricardo\Desktop

Loaded Profiles: Ricardo (Available profiles: Ricardo)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

cmd: type C:\Users\Ricardo\Desktop\aswMBR.txt

*****************

========= type C:\Users\Ricardo\Desktop\aswMBR.txt =========

The system cannot find the file specified.

========= End of CMD: =========

==== End of Fixlog 21:38:31 ====

#23
adrian8311

Posted 05 March 2015 - 05:27 AM

Member

Topic Starter
Member
26 posts

i have installed Microsoft Security Essentials

#24
BrianDrab

Posted 05 March 2015 - 06:41 AM

Trusted Helper

Malware Removal
3,591 posts

No problem. OK, at this point you are malware free. Please provide updated logs and let me know how your machine is now. Any issues? Any blue screens?

Step#1 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

Items for your next post
1. FRST and Addition logs

#25
adrian8311

Posted 06 March 2015 - 05:43 AM

Member

Topic Starter
Member
26 posts

So far I haven't got blue screen and frozen window today, hopefully the issue gone, finger crossed.

Here is the addition log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015

Ran by Ricardo at 2015-03-06 22:35:30

Running from C:\Users\Ricardo\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)

Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Application Verifier x86 External Package (Version: 8.100.26898 - Microsoft) Hidden

ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden

ATI Catalyst Install Manager (HKLM\...\{2545ED12-9441-A4C7-F555-0C3388A81B0D}) (Version: 3.0.715.0 - ATI Technologies, Inc.)

Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )

Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)

Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version: - )

Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - Canon Inc.)

ccc-core-static (Version: 2009.0303.2224.40202 - ATI) Hidden

Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)

Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)

CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)

Debugging Tools for Windows (x86) (HKLM\...\{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}) (Version: 6.11.1.402 - Microsoft Corporation)

Debut Video Capture Software (HKLM\...\Debut) (Version: - NCH Software)

doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)

Dropbox (HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.76 - NCH Software)

Forex Knight Chart Copier Software version 1.5a (HKLM\...\Forex Knight Chart Copier Software_is1) (Version: 1.5a - Learn Forex Live, Inc.)

Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.1.1119 - Foxit Corporation)

Foxit Reader 5.0 (HKLM\...\Foxit Reader_is1) (Version: 5.0.1.523 - Foxit Corporation)

Google Chrome (HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)

HydraVision (Version: 4.2.92.0 - ATI Technologies Inc.) Hidden

iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)

Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Kits Configuration Installer (Version: 8.100.25984 - Microsoft) Hidden

K-Lite Codec Pack 6.3.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.3.0 - )

Maintenance Samsung SCX-4623 Series (HKLM\...\Samsung SCX-4623 Series) (Version: - Samsung Electronics CO.,LTD)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)

MetaTrader - Alpari UK (HKLM\...\MetaTrader - Alpari UK) (Version: 4.00 - MetaQuotes Software Corp.)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)

Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)

Microsoft Sync Framework 2.1 Database Providers (x86) ENU (HKLM\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

My Screen Recorder 4 (HKLM\...\My Screen Recorder 4.0_is1) (Version: - Deskshare Inc.)

MYOB AccountRight Plus 2013.0 AU (HKLM\...\InstallShield_{2EF3B1AC-077C-49B1-9F26-AD619D02CA29}) (Version: 2013.0 - MYOB Technology Pty Ltd)

MYOB AccountRight Plus 2013.0 AU (Version: 2013.0 - MYOB Technology Pty Ltd) Hidden

MYOB AccountRight Plus v19 (HKLM\...\InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.0.0 - MYOB Technology Pty Ltd)

MYOB AccountRight Plus v19 (Version: 19.0.0 - MYOB Technology Pty Ltd) Hidden

MYOB ODBC Direct v10 AUS (HKLM\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.0.0 - MYOB Technology Pty Ltd)

MYOB ODBC Direct v10 AUS (Version: 10.0.0 - MYOB Technology Pty Ltd) Hidden

NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)

NJStar Communicator (HKLM\...\NJStar Communicator) (Version: - )

Online Plug-in (Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden

PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)

PPSÓÎÏ· V1.0.1.322 (HKLM\...\PPSGame) (Version: 1.0.1.322 - PPStream, Inc.)

PPStream V2.7.0.1226 Final (HKLM\...\PPStream) (Version: 2.7.0.1226 - PPStream, Inc.)

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Readiris Pro 10 (HKLM\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )

Real Alternative 1.9.0 (HKLM\...\RealAlt_is1) (Version: 1.9.0 - )

Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.246.1230.2010 - Realtek)

Samsung Network PC Fax (HKLM\...\{80078570-6C67-486C-8CF0-B0D778FC69B5}) (Version: 1.3.99.2 - Samsung)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1400.0 - SAMSUNG Electronics Co., Ltd.)

SDK Debuggers (Version: 8.100.26898 - Microsoft Corporation) Hidden

Self-service Plug-in (Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden

Skins (Version: 2009.0303.2224.40202 - ATI) Hidden

Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)

SmarThru 4 (HKLM\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - )

SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)

TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VDownloader 3.9.1300 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)

Windows Software Development Kit for Windows 8.1 (HKLM\...\{a7602e27-6fa8-4ea3-bf95-f71953fc5b64}) (Version: 8.100.26898 - Microsoft Corporation)

WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)

WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-236562627-1104106619-1621759228-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

02-03-2015 20:04:24 Scheduled Checkpoint

03-03-2015 19:12:35 Windows Update

03-03-2015 19:31:17 Restore Point Created by FRST

04-03-2015 20:23:46 Scheduled Checkpoint

05-03-2015 20:04:08 Scheduled Checkpoint

05-03-2015 21:39:33 Removed Adobe Reader X (10.1.6).

05-03-2015 22:10:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 21:23 - 2006-09-19 08:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {39652C69-83B9-4328-BBA1-A254A5BAD575} - System32\Tasks\{A1722401-F127-4AE3-A8A8-9A7E698BFEA5} => pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe" -c /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}

Task: {4C53058B-C957-4F62-8BAC-EEAD099411CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000UA => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)

Task: {5822A6F0-E04C-45A6-9930-DCBD91D24680} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000Core => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-13] (Google Inc.)

Task: {61DA3458-2CD9-4CAA-A6FE-1DD8DE29C0AC} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2010-05-20] (Microsoft Corporation)

Task: {87477945-925C-4E69-9C4E-FB87A1234997} - System32\Tasks\{52293D38-6564-45BA-B9FC-395D5A7A309B} => pcalua.exe -a C:\Users\Ricardo\Downloads\ht203all.exe -d C:\Users\Ricardo\Downloads

Task: {9234CCCF-CB7A-4988-A772-C4738AB1283B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B998F1EC-1071-4DB9-B58D-8BE80E918CA7} - System32\Tasks\{0C0CC252-1A2D-476F-8051-07A9C5B87BF1} => pcalua.exe -a "C:\Users\Ricardo\Downloads\ht203all (1).exe" -d C:\Users\Ricardo\Downloads

Task: {D419FB68-D856-4AEE-AB00-92E1DAD2D971} - System32\Tasks\NCH Software\DebutReminder => C:\Program Files\NCH Software\Debut\Debut.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000Core.job => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000UA.job => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-21 11:08 - 2013-10-23 15:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll

2011-05-25 22:39 - 2009-09-12 00:02 - 00171520 ____R () C:\Windows\System32\NetFaxPort.dll

2009-08-03 03:53 - 2009-08-03 03:53 - 00026624 _____ () C:\Windows\System32\sso2ml3.dll

2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\Windows\System32\sugs2l3.dll

2011-01-26 22:12 - 2011-04-20 02:21 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll

2011-05-25 22:34 - 2009-08-14 21:03 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe

2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll

2014-12-13 11:21 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

2014-12-13 11:21 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll

2015-02-11 08:00 - 2015-02-11 08:00 - 00750080 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-06 22:06 - 2015-03-06 22:06 - 00043008 _____ () c:\users\ricardo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_js343.dll

2015-02-11 08:00 - 2015-02-11 08:00 - 00047616 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-02-11 08:00 - 2015-02-11 08:00 - 00865280 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-02-11 08:00 - 2015-02-11 08:00 - 00200704 _____ () C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2011-05-25 22:39 - 2009-09-12 00:02 - 00162304 _____ () C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe

2014-12-13 11:21 - 2011-12-14 17:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

2014-12-13 11:21 - 2011-12-14 10:22 - 00368640 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll

2011-03-13 00:08 - 2011-03-13 00:08 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

2008-10-30 14:39 - 2008-10-30 14:39 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

2015-02-21 00:39 - 2015-02-18 09:44 - 09171272 _____ () C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Spooler opens temp file

SamPCFax00000D640001

AlternateDataStreams: C:\ProgramData\Spooler opens temp file

SamPCFax000015680001

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img22.jpg

DNS Servers: 61.9.195.193 - 61.9.194.49

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-236562627-1104106619-1621759228-500 - Administrator - Disabled)

Guest (S-1-5-21-236562627-1104106619-1621759228-501 - Limited - Disabled)

Ricardo (S-1-5-21-236562627-1104106619-1621759228-1000 - Administrator - Enabled) => C:\Users\Ricardo

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller

Description: SM Bus Controller

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter

Description: Cisco Systems VPN Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (03/05/2015 09:47:20 PM) (Source: MsiInstaller) (EventID: 11705) (User: Ricardo-PC)

Description: Product: Adobe Reader X (10.1.6) -- Error 1705.A previous installation for this product is in progress. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (03/05/2015 09:40:26 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application ekrn.exe, version 4.2.71.2, time stamp 0x4d2dc703, faulting module MSVCR80.dll, version 8.0.50727.6195, time stamp 0x4dcddbf3, exception code 0x40000015, fault offset 0x000046b4,

process id 0x85c, application start time 0xekrn.exe0.

Error: (03/05/2015 09:40:20 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start

Error: (03/05/2015 07:24:31 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/03/2015 07:31:15 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {91f7e0e8-e3c7-47c1-b946-8eeba637b1be}

System errors:

=============

Error: (03/06/2015 10:08:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (03/06/2015 10:07:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Windows Font Cache Service%%1053

Error: (03/06/2015 10:07:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Windows Font Cache Service

Error: (03/06/2015 10:05:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: i8042prt

Error: (03/05/2015 11:04:55 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/05/2015 10:19:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: i8042prt

Error: (03/05/2015 10:14:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.7.0205.00

Source Path: 4.7.0205.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/05/2015 10:14:48 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/05/2015 10:14:42 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/05/2015 10:06:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: i8042prt

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2015-03-06 22:35:18.129

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-06 22:35:17.973

Date: 2015-03-06 22:35:17.817

Date: 2015-03-06 22:35:17.661

Date: 2015-03-06 22:35:17.396

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-06 22:35:17.240

Date: 2015-03-06 22:35:17.053

Date: 2015-03-06 22:35:16.897

Date: 2015-03-05 21:57:45.156

Date: 2015-03-05 21:57:44.844

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz

Percentage of memory in use: 43%

Total physical RAM: 3325.39 MB

Available physical RAM: 1869.37 MB

Total Pagefile: 6873.77 MB

Available Pagefile: 5178.58 MB

Total Virtual: 2047.88 MB

Available Virtual: 1913.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.46 GB) (Free:40.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 279.5 GB) (Disk ID: 42124211)

Partition 1: (Active) - (Size=279.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#26
adrian8311

Posted 06 March 2015 - 05:43 AM

Member

Topic Starter
Member
26 posts

Here is the FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015

Ran by Ricardo (administrator) on RICARDO-PC on 06-03-2015 22:34:53

Running from C:\Users\Ricardo\Desktop

Loaded Profiles: Ricardo (Available profiles: Ricardo)

Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Windows\vVX1000.exe

() C:\Windows\Samsung\PanelMgr\SSMMgr.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

(MYOB Technology Pty Ltd) C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(PPStream Inc) C:\Program Files\PPSAP.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe

() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

(Dropbox, Inc.) C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe

(MYOB Technology Pty Ltd) C:\Program Files\MYOB\AccountRight\2013.0\AU\Huxley.Server.WindowsService.exe

(MYOB Technology Pty Ltd) C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe

() C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\mcuicnt.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe

(Google Inc.) C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe

(Google Inc.) C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-03] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-08-14] ()

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader.exe [881152 2012-08-21] (Vitzo)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)

HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-28] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)

HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [PPS Accelerator] => C:\Program Files\ppsap.exe [214408 2010-02-24] (PPStream Inc)

HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [Google Update] => C:\Users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-13] (Google Inc.)

HKU\S-1-5-21-236562627-1104106619-1621759228-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18708224 2013-01-08] (Skype Technologies S.A.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk

ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()

Startup: C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-236562627-1104106619-1621759228-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-236562627-1104106619-1621759228-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} http://60.241.240.35/AVC_AX_724.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 61.9.195.193 61.9.194.49

Tcpip\..\Interfaces\{3FCFCB62-FAFC-4CA1-A511-4F7A5415B40C}: [NameServer] 10.1.1.1

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-236562627-1104106619-1621759228-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-236562627-1104106619-1621759228-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-13]

FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-16]

CHR Extension: (Google Wallet) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

StartMenuInternet: Google Chrome - C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-06] (McAfee, Inc.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)

R2 MYOB AccountRight Library; C:\Program Files\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe [11264 2013-03-08] (MYOB Technology Pty Ltd) [File not signed]

R2 MYOB AccountRight Server 2013.0; C:\Program Files\MYOB\AccountRight\2013.0\AU\Huxley.Server.WindowsService.exe [15192 2013-03-08] (MYOB Technology Pty Ltd)

R2 MYOB AccountRight Server Locator; C:\Program Files\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe [9728 2013-03-08] (MYOB Technology Pty Ltd) [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)

R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [162304 2009-09-12] () [File not signed]

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]

R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [40216 2013-10-12] ()

R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-02-11] (Samsung Electronics Co., Ltd.) [File not signed]

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-15] () [File not signed]

S3 gdrv; C:\Windows\gdrv.sys [17488 2011-03-13] (Windows ® 2000 DDK provider)

S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2011-03-13] ()

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)

R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)

S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)

R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)

S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]

S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 tcphoc; \??\C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.6.2194_1\Program\tcphoc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 22:34 - 2015-03-06 22:35 - 00018739 _____ () C:\Users\Ricardo\Desktop\FRST.txt

2015-03-05 22:14 - 2015-03-05 22:14 - 00002154 _____ () C:\Windows\epplauncher.mif

2015-03-05 22:12 - 2015-03-05 22:12 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-03-05 22:12 - 2015-03-05 22:12 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-03-05 22:11 - 2010-04-06 07:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2015-03-05 22:08 - 2015-03-05 22:08 - 11530032 _____ (Microsoft Corporation) C:\Users\Ricardo\Downloads\mseinstall (1).exe

2015-03-05 21:59 - 2015-03-05 21:59 - 01055952 _____ (Adobe) C:\Users\Ricardo\Downloads\install_reader10_en_mssa_aaa_aih.exe

2015-03-05 21:53 - 2015-03-05 21:54 - 00143008 _____ () C:\Windows\Minidump\Mini030515-03.dmp

2015-03-05 21:51 - 2015-03-05 21:51 - 00001947 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2015-03-05 21:51 - 2015-03-05 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2015-03-05 21:51 - 2015-03-05 21:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2015-03-05 21:51 - 2015-03-05 21:51 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2015-03-05 21:50 - 2015-03-05 21:50 - 00001892 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2015-03-05 21:50 - 2015-03-05 21:50 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2015-03-05 21:50 - 2015-03-05 21:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2015-03-05 21:50 - 2015-03-05 21:50 - 00000000 ____D () C:\Program Files\Adobe

2015-03-05 21:41 - 2015-03-05 21:41 - 00143008 _____ () C:\Windows\Minidump\Mini030515-02.dmp

2015-03-05 21:37 - 2015-03-05 21:37 - 00000000 ____D () C:\Users\Ricardo\Desktop\FRST-OlderVersion

2015-03-05 19:23 - 2015-03-05 19:24 - 00142960 _____ () C:\Windows\Minidump\Mini030515-01.dmp

2015-03-04 21:59 - 2015-03-04 22:00 - 00852604 _____ () C:\Users\Ricardo\Desktop\SecurityCheck.exe

2015-03-04 21:54 - 2015-03-04 21:55 - 05198336 _____ (AVAST Software) C:\Users\Ricardo\Desktop\aswMBR.exe

2015-03-03 23:00 - 2015-03-03 23:00 - 00088438 _____ () C:\Users\Ricardo\Downloads\Prosperitas Superfund 2014.zip

2015-03-03 23:00 - 2015-03-03 23:00 - 00056388 _____ () C:\Users\Ricardo\Downloads\Prosperitas Superfund 2013System files.zip

2015-03-03 21:56 - 2015-03-03 21:56 - 02347384 _____ (ESET) C:\Users\Ricardo\Desktop\esetsmartinstaller_enu.exe

2015-03-03 19:34 - 2015-03-03 21:49 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-03 19:33 - 2015-03-03 19:34 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-03 19:33 - 2015-03-03 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-03 19:33 - 2015-03-03 19:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-03 19:33 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-03 19:33 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-03 19:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-03 19:32 - 2015-03-03 19:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Ricardo\Desktop\mbam-setup-2-0-3-1025.exe

2015-03-03 19:30 - 2015-03-03 19:31 - 00000000 ____D () C:\Users\Ricardo\Desktop\New Folder

2015-03-03 19:23 - 2015-03-03 19:23 - 00143008 _____ () C:\Windows\Minidump\Mini030315-01.dmp

2015-03-03 19:21 - 2015-03-03 19:21 - 01388333 _____ (Thisisu) C:\Users\Ricardo\Desktop\JRT.exe

2015-03-01 18:45 - 2015-03-01 18:47 - 02126848 _____ () C:\Users\Ricardo\Downloads\AdwCleaner (1).exe

2015-03-01 18:39 - 2015-03-01 18:42 - 00000000 ____D () C:\AdwCleaner

2015-03-01 18:39 - 2015-03-01 18:39 - 02126848 _____ () C:\Users\Ricardo\Downloads\AdwCleaner.exe

2015-03-01 18:07 - 2015-03-01 18:09 - 01132032 _____ (Farbar) C:\Users\Ricardo\Downloads\FRST (1).exe

2015-03-01 18:02 - 2015-03-01 18:02 - 00984576 _____ () C:\Users\Ricardo\Downloads\MicrosoftFixit50906.msi

2015-03-01 11:44 - 2015-03-05 21:37 - 01132544 _____ (Farbar) C:\Users\Ricardo\Desktop\FRST.exe

2015-03-01 11:42 - 2015-03-01 11:43 - 00040756 _____ () C:\Users\Ricardo\Downloads\FRST.txt

2015-03-01 11:42 - 2015-03-01 11:43 - 00034577 _____ () C:\Users\Ricardo\Downloads\Addition.txt

2015-03-01 11:41 - 2015-03-06 22:34 - 00000000 ____D () C:\FRST

2015-03-01 11:41 - 2015-03-01 11:41 - 01132032 _____ (Farbar) C:\Users\Ricardo\Downloads\FRST.exe

2015-02-28 21:47 - 2015-02-28 21:47 - 00121902 _____ () C:\Users\Ricardo\Downloads\OTL.Txt

2015-02-28 21:47 - 2015-02-28 21:47 - 00060752 _____ () C:\Users\Ricardo\Downloads\Extras.Txt

2015-02-28 21:40 - 2015-02-28 21:40 - 00602112 _____ (OldTimer Tools) C:\Users\Ricardo\Downloads\OTL.exe

2015-02-28 14:16 - 2015-02-28 14:16 - 00029914 _____ () C:\Users\Ricardo\Downloads\Bucks n Beans - Handi tax return.zip

2015-02-28 12:48 - 2015-02-28 12:49 - 00143008 _____ () C:\Windows\Minidump\Mini022815-01.dmp

2015-02-28 12:16 - 2015-02-28 12:16 - 00071772 _____ () C:\Users\Ricardo\Downloads\BNB2014 (1).zip

2015-02-28 12:09 - 2015-02-28 12:10 - 09953401 _____ () C:\Users\Ricardo\Downloads\BookScan.apk

2015-02-28 11:34 - 2015-02-28 11:34 - 00024666 _____ () C:\Users\Ricardo\Downloads\Result.txt

2015-02-28 11:33 - 2015-02-28 11:33 - 00401920 _____ (Farbar) C:\Users\Ricardo\Downloads\MiniToolBox.exe

2015-02-27 23:53 - 2015-02-27 23:53 - 03419933 _____ () C:\Users\Ricardo\Downloads\BAS qtr to Dec 2014.zip

2015-02-27 21:56 - 2015-02-27 22:05 - 00000000 ____D () C:\symbols

2015-02-27 21:45 - 2015-02-27 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)

2015-02-27 21:45 - 2015-02-27 21:45 - 00000000 ____D () C:\Program Files\Debugging Tools for Windows (x86)

2015-02-27 21:41 - 2015-02-27 21:43 - 17811456 _____ () C:\Users\Ricardo\Downloads\dbg_x86_6.11.1.402.msi

2015-02-27 21:41 - 2015-02-27 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits

2015-02-27 21:41 - 2015-02-27 21:41 - 00000000 ____D () C:\Program Files\Windows Kits

2015-02-27 21:41 - 2015-02-27 21:41 - 00000000 ____D () C:\Program Files\Application Verifier

2015-02-27 21:30 - 2015-02-27 21:32 - 19587072 _____ () C:\Users\Ricardo\Downloads\X64 Debuggers And Tools-x64_en-us.msi

2015-02-27 21:20 - 2015-02-27 21:41 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-27 21:19 - 2015-02-27 21:19 - 00998040 _____ (Microsoft Corporation) C:\Users\Ricardo\Downloads\sdksetup.exe

2015-02-27 20:47 - 2015-02-27 20:47 - 00142960 _____ () C:\Windows\Minidump\Mini022715-02.dmp

2015-02-27 20:44 - 2015-02-27 20:44 - 00142912 _____ () C:\Windows\Minidump\Mini022715-01.dmp

2015-02-26 21:58 - 2015-02-26 21:58 - 00143008 _____ () C:\Windows\Minidump\Mini022615-01.dmp

2015-02-25 19:06 - 2015-02-25 19:06 - 00138744 _____ () C:\Windows\Minidump\Mini022515-01.dmp

2015-02-24 18:56 - 2015-02-24 18:56 - 00142912 _____ () C:\Windows\Minidump\Mini022415-03.dmp

2015-02-24 18:54 - 2015-02-24 18:54 - 00000000 _____ () C:\Windows\Minidump\Mini022415-02.dmp

2015-02-24 18:50 - 2015-02-24 18:50 - 00000000 _____ () C:\Windows\Minidump\Mini022415-01.dmp

2015-02-23 19:30 - 2015-02-23 19:30 - 00142912 _____ () C:\Windows\Minidump\Mini022315-02.dmp

2015-02-23 19:24 - 2015-02-23 19:24 - 00142960 _____ () C:\Windows\Minidump\Mini022315-01.dmp

2015-02-22 15:11 - 2015-02-22 15:11 - 00142960 _____ () C:\Windows\Minidump\Mini022215-02.dmp

2015-02-22 11:23 - 2015-02-22 11:23 - 00139792 _____ () C:\Users\Ricardo\Downloads\PIF.csv

2015-02-22 10:22 - 2015-02-22 10:22 - 00142960 _____ () C:\Windows\Minidump\Mini022215-01.dmp

2015-02-21 10:12 - 2015-02-21 10:13 - 00142960 _____ () C:\Windows\Minidump\Mini022115-01.dmp

2015-02-19 21:37 - 2015-02-19 21:37 - 05752207 _____ () C:\Users\Ricardo\Downloads\December Quarter BAS.zip

2015-02-19 21:37 - 2015-02-19 21:37 - 00000000 ____D () C:\Users\Ricardo\Downloads\Statements022

2015-02-19 21:35 - 2015-02-19 21:35 - 05735529 _____ () C:\Users\Ricardo\Downloads\Statements022.zip

2015-02-16 22:59 - 2015-02-16 23:21 - 00000000 ____D () C:\Users\Ricardo\Downloads\Accountants Exemption Information and Resources _2014

2015-02-16 22:58 - 2015-02-16 22:58 - 08194758 _____ () C:\Users\Ricardo\Downloads\Accountants Exemption Information and Resources _2014 (1).zip

2015-02-16 22:58 - 2013-09-27 15:36 - 00043055 _____ () C:\Users\Ricardo\Downloads\Limited AFSL_Risk Register 2013-09-24.xlsx

2015-02-16 22:57 - 2015-02-16 22:57 - 08194758 _____ () C:\Users\Ricardo\Downloads\Accountants Exemption Information and Resources _2014.zip

2015-02-14 15:37 - 2015-02-14 15:38 - 24583627 _____ () C:\Users\Ricardo\Downloads\BookScan_App.zip

2015-02-13 22:04 - 2015-01-23 14:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-13 22:04 - 2015-01-23 13:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-02-12 22:00 - 2014-11-26 13:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-02-12 21:59 - 2015-01-09 11:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-12 21:58 - 2015-01-13 12:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-12 21:55 - 2015-01-15 15:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-12 21:55 - 2014-12-08 12:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-02-11 20:04 - 2015-01-14 12:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-11 20:04 - 2015-01-14 12:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-02-11 20:04 - 2015-01-14 12:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-11 20:04 - 2015-01-14 12:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-11 20:04 - 2015-01-14 12:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-11 20:04 - 2015-01-14 12:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-11 20:04 - 2015-01-14 12:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-11 20:04 - 2015-01-14 12:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-11 20:04 - 2015-01-14 12:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-11 20:04 - 2015-01-14 12:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-02-11 20:04 - 2015-01-14 12:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-11 20:04 - 2015-01-14 12:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-11 20:04 - 2015-01-14 12:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-11 20:04 - 2015-01-14 12:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-11 20:04 - 2015-01-14 12:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-11 20:04 - 2015-01-14 12:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-11 20:04 - 2015-01-14 12:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-11 20:04 - 2015-01-14 12:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-02-11 20:04 - 2015-01-14 12:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-02-11 20:04 - 2015-01-14 12:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-02-07 21:30 - 2015-02-07 21:30 - 09099935 _____ () C:\Users\Ricardo\Downloads\ht203all (2).exe

2015-02-04 22:23 - 2015-02-04 22:24 - 09110145 _____ () C:\Users\Ricardo\Downloads\ht204all.exe

2015-02-04 21:51 - 2015-02-04 21:51 - 00000000 ____D () C:\Program Files\Common Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 22:29 - 2006-11-02 23:51 - 01394432 _____ () C:\Windows\WindowsUpdate.log

2015-03-06 22:08 - 2012-08-05 23:11 - 00000000 ___RD () C:\Users\Ricardo\Dropbox

2015-03-06 22:08 - 2012-08-05 23:09 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Dropbox

2015-03-06 22:04 - 2006-11-03 00:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-06 22:04 - 2006-11-02 23:46 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-06 22:04 - 2006-11-02 23:46 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-05 23:05 - 2006-11-03 00:00 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-05 22:36 - 2011-03-25 23:12 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000UA.job

2015-03-05 22:03 - 2011-07-10 12:46 - 00000000 ____D () C:\Program Files\ESET

2015-03-05 21:59 - 2013-01-13 22:40 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Skype

2015-03-05 21:53 - 2014-12-14 20:32 - 450972604 _____ () C:\Windows\MEMORY.DMP

2015-03-05 21:53 - 2014-12-14 20:32 - 00000000 ____D () C:\Windows\Minidump

2015-03-05 21:53 - 2006-11-02 23:59 - 00308984 _____ () C:\Windows\PFRO.log

2015-03-05 21:50 - 2011-03-15 21:16 - 00000000 ____D () C:\ProgramData\Adobe

2015-03-05 21:49 - 2011-03-15 21:16 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\Adobe

2015-03-05 19:36 - 2011-03-25 23:12 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-236562627-1104106619-1621759228-1000Core.job

2015-03-04 00:16 - 2011-03-13 18:45 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-03-03 19:33 - 2013-10-18 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-01 18:17 - 2013-01-13 22:40 - 00000000 ___RD () C:\Program Files\Skype

2015-03-01 18:17 - 2013-01-13 22:40 - 00000000 ____D () C:\ProgramData\Skype

2015-02-28 23:16 - 2014-12-25 11:27 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\AUSkey

2015-02-28 22:19 - 2014-12-21 11:09 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\CutePDF Writer

2015-02-28 14:27 - 2014-12-14 15:04 - 00000204 _____ () C:\Windows\MYOBP.INI

2015-02-28 14:27 - 2014-12-14 15:04 - 00000039 _____ () C:\Windows\MYOB.INI

2015-02-25 21:28 - 2012-08-05 23:41 - 00000000 ____D () C:\Adrian

2015-02-23 21:12 - 2011-03-17 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qvod Player 3.5

2015-02-23 21:12 - 2011-03-17 20:51 - 00000000 ____D () C:\Program Files\QvodPlayer

2015-02-23 21:11 - 2013-06-23 18:17 - 00000000 ____D () C:\Program Files\Splashtop

2015-02-22 20:36 - 2013-10-12 22:20 - 00000000 ____D () C:\Program Files\NCH Software

2015-02-22 15:37 - 2013-10-18 22:00 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\PokerStars

2015-02-22 15:37 - 2013-10-18 22:00 - 00000000 ____D () C:\Program Files\PokerStars

2015-02-22 15:36 - 2014-12-31 22:52 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\filestore

2015-02-22 15:35 - 2013-10-12 22:20 - 00000000 ____D () C:\ProgramData\NCH Software

2015-02-22 15:25 - 2011-03-13 00:25 - 00179712 _____ () C:\Users\Ricardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-02-21 00:39 - 2011-03-25 23:49 - 00002052 _____ () C:\Users\Ricardo\Desktop\Google Chrome.lnk

2015-02-14 14:57 - 2006-11-02 21:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-13 21:41 - 2012-08-05 23:11 - 00000925 _____ () C:\Users\Ricardo\Desktop\Dropbox.lnk

2015-02-13 21:41 - 2012-08-05 23:10 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-02-13 21:28 - 2006-11-02 23:46 - 00415008 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-12 22:07 - 2013-08-21 20:38 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-12 22:00 - 2006-11-02 21:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-02-12 21:59 - 2011-03-21 22:23 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-04 21:53 - 2014-12-25 11:05 - 00000000 ____D () C:\ProgramData\Oracle

2015-02-04 21:50 - 2014-12-25 11:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2015-02-04 21:49 - 2011-03-13 13:38 - 00000000 ____D () C:\Program Files\Java

==================== Files in the root of some directories =======

2009-07-16 13:41 - 2009-07-16 13:41 - 0000177 _____ () C:\Program Files\assoc.ini

2011-01-18 17:25 - 2011-01-18 17:25 - 0484800 _____ (PPStream Inc.) C:\Program Files\fds.dll

2011-01-04 14:27 - 2011-01-04 14:27 - 0300424 _____ (PPStream Inc.) C:\Program Files\FlashPlayDll.dll

2010-12-24 14:00 - 2010-12-24 14:00 - 1700352 _____ (Microsoft Corporation) C:\Program Files\GdiPlus.dll

2010-02-22 18:58 - 2010-02-22 18:58 - 1219464 _____ (PPStream Inc. ) C:\Program Files\Livenet2.dll

2011-01-27 14:22 - 2011-01-27 14:22 - 1563016 _____ (PPStream Inc. ) C:\Program Files\Livenet3.dll

2011-03-07 17:42 - 2011-03-07 17:42 - 2729352 _____ (PPStream Inc.) C:\Program Files\LPlayer.dll

2011-03-02 20:15 - 2011-03-02 20:15 - 1534344 _____ (PPStream Inc.) C:\Program Files\MediaList.ocx

2011-03-07 17:42 - 2011-03-07 17:42 - 2778504 _____ (PPStream Inc.) C:\Program Files\pfvplayer.dll

2010-09-07 00:13 - 2010-09-07 00:13 - 0278528 _____ (Real Networks, Inc) C:\Program Files\pncrt.dll

2010-12-31 21:24 - 2010-12-31 21:24 - 2053000 _____ (PPStream Inc.) C:\Program Files\PowerList.ocx

2011-03-07 18:32 - 2011-03-07 18:32 - 1508744 _____ (PPStream Inc.) C:\Program Files\PowerPlayer.dll

2011-03-02 19:18 - 2011-03-02 19:18 - 0304008 _____ (PPStream Inc.) C:\Program Files\pp2play.dll

2010-02-24 14:25 - 2010-02-24 14:25 - 0214408 _____ (PPStream Inc) C:\Program Files\PPSAP.exe

2009-06-01 12:36 - 2009-06-01 12:36 - 0348096 _____ (PPStream Inc.) C:\Program Files\ppsimage.dll

2011-02-28 19:44 - 2011-02-28 19:44 - 5826952 _____ (PPStream Inc.) C:\Program Files\PPStream.exe

2011-03-01 13:02 - 2011-03-01 13:02 - 0361864 _____ (PPStream Inc.) C:\Program Files\PSNetwork.dll

2011-03-01 17:43 - 2011-03-01 17:43 - 0207152 _____ (PPStream Inc.) C:\Program Files\unpps.exe

2011-03-17 20:58 - 2011-03-17 20:58 - 0000227 _____ () C:\Program Files\update.ini

2008-07-11 20:44 - 2008-07-11 20:44 - 0067678 _____ () C:\Program Files\Vista.ssk

2011-03-07 14:41 - 2011-03-07 14:41 - 1369480 _____ (PPStream Inc.) C:\Program Files\Vodnet.dll

2011-03-07 14:41 - 2011-03-07 14:41 - 0423304 _____ (PPStream Inc.) C:\Program Files\Vodres.dll

2012-09-04 22:56 - 2010-01-26 12:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe

2011-05-25 22:37 - 2011-05-25 22:37 - 0010963 _____ () C:\Users\Ricardo\AppData\Roaming\SmarThruOptions.xml

2011-03-13 00:03 - 2014-12-20 18:28 - 0000680 _____ () C:\Users\Ricardo\AppData\Local\d3d9caps.dat

2011-03-13 00:25 - 2015-02-22 15:25 - 0179712 _____ () C:\Users\Ricardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2011-06-09 16:36 - 2011-07-28 17:32 - 0000000 _____ () C:\ProgramData\Spooler opens temp file

Some content of TEMP:

====================

C:\Users\Ricardo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_js343.dll

C:\Users\Ricardo\AppData\Local\Temp\mpam-df598f78.exe

C:\Users\Ricardo\AppData\Local\Temp\Quarantine.exe

C:\Users\Ricardo\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-06 22:14

==================== End Of Log ============================

#27
adrian8311

Posted 07 March 2015 - 12:48 AM

Member

Topic Starter
Member
26 posts

Second day no blue screen. Looking good. Thanks!

#28
BrianDrab

Posted 07 March 2015 - 01:15 PM

Trusted Helper

Malware Removal
3,591 posts

Great news. Now that you are malware free, if you end up having crashes or issues again you can go back to your original topic and they can assist you further. If you are satisfied I will leave you with the following.

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.

1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.

3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.

4. Antimalware- Preventative

Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.

5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.

Download CryptoPrevent free for home use here following the instructions below.
Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
Click the Apply button to set Default protection.
You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

UpdatesV7.4.11.JPG

6. Adobe Flash Player
There's a very nasty piece of malware going around right now called Cryptowall. It's very destructive and most recently the newest variant is exploiting unpatched versions of Adobe Flash. Let's make sure you get current.

1. Determine if you have the most current version by going to this website. If your version represented by the top box matches the version in the bottom box you are current.

2. If your version is older than the current then click on the Player Download Center link (shown in the screen shot above).
3. You will be brought to the install/update page. Ensure you uncheck any optional offers (unless you want them of course) and then click on Install Now.

4. You may be prompted to run the installer. Go ahead and do this.
5. When it's complete, click Finish. You now have the latest version. You can verify by going back to this website if you feel the need.

For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing

OK, all the best, and stay safe!

Items for your next post
1. Contents of the delfix log

#29
adrian8311

Posted 08 March 2015 - 05:31 AM

Member

Topic Starter
Member
26 posts

Thanks so much, i think it's all fixed now, day 3 no blue screen =]

#30
BrianDrab

Posted 10 March 2015 - 06:34 AM

Trusted Helper

Malware Removal
3,591 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.