Jump to content

parvs

Honorary Members
 View Profile  See their activity

  • Posts

    33

  • Joined

  • Last visited

Reputation

0 Neutral
  1. parvs
    Hi! i'm using a sony vaio with windows vista. two days ago as i was using the laptop it went black (like a screen saver) while idle but when i tried to use it it wouldn't respond/react. so i turned it off and on again. it worked fine. today as soon as it reaches the desktop, i cannot run anything anymore. help please.
  2. parvs
    HI I tried to verify my version and this is what came up: "Verify Java VersionWe are unable to verify if Java is currently installed and enabled in your browser. If you have installed Java and there is an error with the verification, there could be a configuration issue (eg. browser, Java control panel, security settings) or the Java plug-in is blocked by the browser. Try restarting your browser before trying to verify the installation again, and check that the browser allows Java to run." in programs and features i have a java 6 update 20 installed in 2008. i tried to install java but i got the "not a valid win32 app error" should I do the next bit?
  3. parvs
    Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01 Ran by Owner at 2015-07-03 11:55:32 Run:2 Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Boot Mode: Normal ============================================== fixlist content: ***************** Start HKLM\...\RunOnce: [{0696cc37-db90-4000-be99-4a173ca7c8af}] => C:\ProgramData\Package Cache\{0696cc37-db90-4000-be99-4a173ca7c8af}\Avira.OE.Setup.Bundle.exe [822600 2015-07-02] (Avira Operations GmbH & Co. KG) <===== ATTENTION S3 catchme; \??\C:\sega\catchme.sys [X] C:\ProgramData\Package Cache\{0696cc37-db90-4000-be99-4a173ca7c8af}\Avira.OE.Setup.Bundle.exe C:\Users\Owner\AppData\Local\Temp\avgnt.exe C:\Users\Owner\AppData\Local\Temp\{586976D5-7068-4ABF-9253-DC73B16C9534}-43.0.2357.124_43.0.2357.81_chrome_updater.exe C:\Users\Owner\AppData\Local\Temp\{6B955CED-DAC7-4A60-87FB-29BE64928310}-43.0.2357.130_43.0.2357.81_chrome_updater.exe C:\Users\Owner\AppData\Local\Temp\{7D2A1ECF-3B78-4013-8C4A-2CCA49AFFA77}-43.0.2357.130_43.0.2357.81_chrome_updater.exe FirewallRules: [TCP Query User{0A0DB84F-E4CB-40A5-BA5B-BB9D6CC7DD23}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [uDP Query User{FE4F2DD4-1BF0-4180-ACA3-DACB93371935}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [TCP Query User{3D9704F0-AEAD-4E78-BC10-1F7FC50EFD98}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [uDP Query User{5B9ADBE8-C4EB-461E-BFB5-BB5638DDEFA6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [TCP Query User{67A12F65-BC6A-40AB-9D1F-CF4E92F38922}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe FirewallRules: [uDP Query User{026868AD-9B07-4EAE-8756-4D551C339902}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe CMD: ipconfig /flushdns Emptytemp: End ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{0696cc37-db90-4000-be99-4a173ca7c8af} => value not found. catchme => Service removed successfully. C:\ProgramData\Package Cache\{0696cc37-db90-4000-be99-4a173ca7c8af}\Avira.OE.Setup.Bundle.exe => moved successfully. C:\Users\Owner\AppData\Local\Temp\avgnt.exe => moved successfully. C:\Users\Owner\AppData\Local\Temp\{586976D5-7068-4ABF-9253-DC73B16C9534}-43.0.2357.124_43.0.2357.81_chrome_updater.exe => moved successfully. C:\Users\Owner\AppData\Local\Temp\{6B955CED-DAC7-4A60-87FB-29BE64928310}-43.0.2357.130_43.0.2357.81_chrome_updater.exe => moved successfully. C:\Users\Owner\AppData\Local\Temp\{7D2A1ECF-3B78-4013-8C4A-2CCA49AFFA77}-43.0.2357.130_43.0.2357.81_chrome_updater.exe => moved successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0A0DB84F-E4CB-40A5-BA5B-BB9D6CC7DD23}C:\program files\internet explorer\iexplore.exe => value removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FE4F2DD4-1BF0-4180-ACA3-DACB93371935}C:\program files\internet explorer\iexplore.exe => value removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3D9704F0-AEAD-4E78-BC10-1F7FC50EFD98}C:\windows\kmsemulator.exe => value removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5B9ADBE8-C4EB-461E-BFB5-BB5638DDEFA6}C:\windows\kmsemulator.exe => value removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{67A12F65-BC6A-40AB-9D1F-CF4E92F38922}C:\users\owner\appdata\roaming\utorrent\utorrent.exe => value removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{026868AD-9B07-4EAE-8756-4D551C339902}C:\users\owner\appdata\roaming\utorrent\utorrent.exe => value removed successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => 72.7 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 11:55:56 ==== exe_fix_w7.reg merge was done successfully. security check did not run. i tried several times. rebooting and turning off avira, before each try. this is the error with the first link: "some installation files are corrupt. please download a fresh copy and retry the installation. WINRAR SELF-EXTRACTING ARCHIVE: Checksum error in SecurityCheck\Other\swreg.exe Unexpected end of archive error with the second link: SecurityCheck.exe is not a valid Win32 application. Thanks! =)
  4. parvs
    sorry for the delay, again. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01 Ran by Owner (administrator) on OWNER-PC on 02-07-2015 11:38:08 Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATII0E.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\My Avira\Temp\avira.exe (Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\My Avira\Temp\avira.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-23] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-14] (Microsoft Corporation) HKLM\...\Run: [uSB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-09-21] (Zbshareware Lab) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-19] (Sun Microsystems, Inc.) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\RunOnce: [{0696cc37-db90-4000-be99-4a173ca7c8af}] => C:\ProgramData\Package Cache\{0696cc37-db90-4000-be99-4a173ca7c8af}\Avira.OE.Setup.Bundle.exe [822600 2015-07-02] (Avira Operations GmbH & Co. KG) <===== ATTENTION HKU\S-1-5-21-4162585890-2542146898-40610652-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATII0E.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2014-10-07] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> DefaultScope {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search....rms}&psv=&pt=tb SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search....rms}&psv=&pt=tb BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-02-01] (Sun Microsystems, Inc.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{660A8ECB-893F-4C0D-863E-1F507BEA2401}: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.8.4 Tcpip\..\Interfaces\{82810CEA-22EB-4048-B9DD-A9F51936099B}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bferiou0.default-1420774421411 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-07-02] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03] Chrome: ======= CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2015-04-27] CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-27] CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-27] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-27] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-27] CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-27] CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-27] CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29] CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27] CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-08] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-23] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-10-06] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-11] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2015-05-30] (Sysinternals - www.sysinternals.com) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-28] (Avira GmbH) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) S3 catchme; \??\C:\sega\catchme.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-02 11:39 - 2015-07-02 11:39 - 00001080 _____ C:\Users\Public\Desktop\Avira.lnk 2015-07-02 11:19 - 2015-07-02 11:19 - 00000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion 2015-06-24 14:01 - 2015-06-24 14:01 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-24 14:01 - 2015-06-24 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-24 14:01 - 2015-06-24 14:01 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-24 14:01 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-24 14:01 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-24 13:17 - 2015-06-24 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-24 13:17 - 2015-06-24 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-06-24 13:17 - 2015-06-24 13:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-24 13:12 - 2015-06-24 13:56 - 00000000 ____D C:\Users\Owner\Desktop\mbar 2015-06-24 13:12 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-24 13:07 - 2015-06-24 13:11 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.09.1.1004.exe 2015-06-07 15:08 - 2015-06-07 15:09 - 00266975 _____ C:\Users\Owner\Desktop\zoek.exe 2015-06-07 14:02 - 2015-06-07 14:02 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps 2015-06-07 10:27 - 2015-07-02 11:19 - 01636352 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe 2015-06-07 10:08 - 2015-06-08 11:58 - 00000194 _____ C:\Users\Owner\Desktop\hosts-perm.bat 2015-06-02 16:50 - 2015-06-02 16:51 - 00002608 _____ C:\Users\Owner\Desktop\Rkill.txt 2015-06-02 16:49 - 2015-06-02 16:13 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-02 16:49 - 2015-06-02 15:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-02 11:39 - 2014-10-06 07:43 - 00000000 ____D C:\ProgramData\Package Cache 2015-07-02 11:39 - 2014-10-06 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-07-02 11:39 - 2014-10-06 06:51 - 00000000 ____D C:\Program Files\Avira 2015-07-02 11:38 - 2015-05-30 22:11 - 00014373 _____ C:\Users\Owner\Desktop\FRST.txt 2015-07-02 11:38 - 2015-05-30 22:11 - 00000000 ____D C:\FRST 2015-07-02 11:38 - 2014-10-06 06:51 - 00000000 ____D C:\ProgramData\Avira 2015-07-02 11:38 - 2008-02-01 16:12 - 01080977 _____ C:\Windows\WindowsUpdate.log 2015-07-02 11:36 - 2009-07-14 12:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-02 11:36 - 2009-07-14 12:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-02 11:31 - 2015-04-27 16:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-02 11:31 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-02 11:30 - 2009-07-14 12:39 - 00068201 _____ C:\Windows\setupact.log 2015-07-02 11:14 - 2015-02-09 13:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-02 11:06 - 2015-03-27 13:17 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-07-02 11:05 - 2014-10-15 13:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-07-02 11:05 - 2014-10-15 13:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-24 17:53 - 2015-04-27 16:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-24 13:50 - 2015-04-29 15:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-07 10:32 - 2015-05-30 22:12 - 00020928 _____ C:\Users\Owner\Desktop\Addition.txt Files to move or delete: ==================== C:\ProgramData\Package Cache\{0696cc37-db90-4000-be99-4a173ca7c8af}\Avira.OE.Setup.Bundle.exe Some files in TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\avgnt.exe C:\Users\Owner\AppData\Local\Temp\{586976D5-7068-4ABF-9253-DC73B16C9534}-43.0.2357.124_43.0.2357.81_chrome_updater.exe C:\Users\Owner\AppData\Local\Temp\{6B955CED-DAC7-4A60-87FB-29BE64928310}-43.0.2357.130_43.0.2357.81_chrome_updater.exe C:\Users\Owner\AppData\Local\Temp\{7D2A1ECF-3B78-4013-8C4A-2CCA49AFFA77}-43.0.2357.130_43.0.2357.81_chrome_updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-22 15:48 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01 Ran by Owner at 2015-07-02 11:40:09 Running from C:\Users\Owner\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4162585890-2542146898-40610652-500 - Administrator - Disabled) Guest (S-1-5-21-4162585890-2542146898-40610652-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4162585890-2542146898-40610652-1002 - Limited - Enabled) Owner (S-1-5-21-4162585890-2542146898-40610652-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1B00}) (Version: 12.27.0.988 - APN, LLC) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC) Epson Easy Photo Print 2 (HKLM\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) EPSON L350 Series Printer Uninstall (HKLM\...\EPSON L350 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson User's Guide L350 Series (HKLM\...\L350 Series Useg) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.) Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla) OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden USB Disk Security (HKLM\...\USB Disk Security_is1) (Version: - Zbshareware Lab) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 22-06-2015 15:55:36 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09140045-9608-48E3-B387-7A4BF1BECAB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-02] (Adobe Systems Incorporated) Task: {2210612D-4BEE-4B89-AE11-99BBC453AEB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.) Task: {6CE36A6F-C64C-43B5-BCBE-8BF02D7A7C2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {A09427A7-5A9A-4559-8227-A87E9AB1D071} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.) Task: {DCB4DFC6-4924-4FB8-97E8-9FDA9C4E9145} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2010-01-30 17:41 - 2010-01-30 17:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-25 12:17 - 2010-03-25 12:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-10 13:26 - 2014-01-10 13:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2014-01-10 13:28 - 2014-01-10 13:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2015-07-02 11:05 - 2015-07-02 11:05 - 16867504 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{0A0DB84F-E4CB-40A5-BA5B-BB9D6CC7DD23}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [uDP Query User{FE4F2DD4-1BF0-4180-ACA3-DACB93371935}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [TCP Query User{3D9704F0-AEAD-4E78-BC10-1F7FC50EFD98}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [uDP Query User{5B9ADBE8-C4EB-461E-BFB5-BB5638DDEFA6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [TCP Query User{67A12F65-BC6A-40AB-9D1F-CF4E92F38922}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe FirewallRules: [uDP Query User{026868AD-9B07-4EAE-8756-4D551C339902}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{C8D4D9A9-8ED3-4D4D-826C-540A751B2435}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [uDP Query User{5328A67E-7189-4D18-9006-7DFFF927241C}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{295BE885-69BE-4D3F-85A1-357D513EED4D}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [uDP Query User{43A7F982-9E8C-49FD-9440-AC7FF8721199}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [{6573301D-1FA0-4472-9BE1-B7898C813B34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5E45E277-1FC9-4F17-B57A-6D3B4D9ABB28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EE4F207A-6A62-452C-880D-3AD095E8A47E}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsg88E0.tmp\CnetInstaller-10794489.exe FirewallRules: [{DA56B306-C2C8-4B79-BD0B-9503F30D0E51}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsg88E0.tmp\CnetInstaller-10794489.exe FirewallRules: [{5F671019-741D-43F5-80A9-F47532195BC9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{FFB0DA8A-3DE3-4D3E-90B6-25DF1DCCFE99}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd9EA1.tmp\CnetInstaller-10794489.exe FirewallRules: [{A85D7351-698D-4788-B73B-AA7594FF6FB4}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd9EA1.tmp\CnetInstaller-10794489.exe FirewallRules: [{8F40A934-279D-4687-93D2-1857DCC9BC1A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{53650ADF-41A0-4A43-A851-29FF175AB65F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{62CA4D3D-9308-4460-93F6-D37B80162599}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: USB2.0 Description: USB2.0 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/02/2015 11:38:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: The data is invalid. . Error: (07/02/2015 11:37:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: The data is invalid. . Error: (07/02/2015 11:01:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: The data is invalid. . Error: (07/02/2015 11:01:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: The data is invalid. . Error: (07/02/2015 11:01:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: The data is invalid. . Error: (02/01/2008 00:06:16 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException Stack: at System.Threading.Timer..ctor(System.Threading.TimerCallback, System.Object, Int32, Int32) at System.Timers.Timer.set_Enabled(Boolean) at System.Timers.Timer.Start() at Avira.OE.WinCore.SystemTimersBasedTimer.Start(System.TimeSpan) at Avira.OE.WinCore.DelayedTimer.Start(System.TimeSpan, System.TimeSpan) at Avira.OE.WinCore.ManifestUpdateChecker.StartRecurrentUpdateCheck(System.TimeSpan) at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (02/01/2008 00:06:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException Stack: at System.Threading.Timer..ctor(System.Threading.TimerCallback, System.Object, Int32, Int32) at System.Timers.Timer.set_Enabled(Boolean) at System.Timers.Timer.Start() at Avira.OE.WinCore.SystemTimersBasedTimer.Start(System.TimeSpan) at Avira.OE.WinCore.DelayedTimer.Start(System.TimeSpan, System.TimeSpan) at Avira.OE.WinCore.ManifestUpdateChecker.StartRecurrentUpdateCheck(System.TimeSpan) at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (02/01/2008 00:05:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: The data is invalid. . Error: (02/01/2008 00:05:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: The data is invalid. . Error: (02/01/2008 00:05:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: The data is invalid. . System errors: ============= Error: (07/02/2015 11:30:58 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:18:56 AM on ‎7/‎2/‎2015 was unexpected. Error: (07/02/2015 11:01:16 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:58:47 AM on ‎2/‎1/‎2008 was unexpected. Error: (02/01/2008 00:06:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s). Error: (02/01/2008 00:06:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/01/2008 00:04:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/01/2008 00:01:59 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 1:15:49 AM on ‎2/‎1/‎2008 was unexpected. Error: (02/01/2008 00:03:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s). Error: (02/01/2008 00:03:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/01/2008 00:02:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/01/2008 00:00:59 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:03:46 AM on ‎2/‎1/‎2008 was unexpected. Microsoft Office: ========================= Error: (07/02/2015 11:38:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download....hrootstl.cabThedata is invalid. Error: (07/02/2015 11:37:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download....hrootstl.cabThedata is invalid. Error: (07/02/2015 11:01:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download....hrootstl.cabThedata is invalid. Error: (07/02/2015 11:01:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download....hrootstl.cabThedata is invalid. Error: (07/02/2015 11:01:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download....hrootstl.cabThedata is invalid. Error: (02/01/2008 00:06:16 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException Stack: at System.Threading.Timer..ctor(System.Threading.TimerCallback, System.Object, Int32, Int32) at System.Timers.Timer.set_Enabled(Boolean) at System.Timers.Timer.Start() at Avira.OE.WinCore.SystemTimersBasedTimer.Start(System.TimeSpan) at Avira.OE.WinCore.DelayedTimer.Start(System.TimeSpan, System.TimeSpan) at Avira.OE.WinCore.ManifestUpdateChecker.StartRecurrentUpdateCheck(System.TimeSpan) at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (02/01/2008 00:06:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException Stack: at System.Threading.Timer..ctor(System.Threading.TimerCallback, System.Object, Int32, Int32) at System.Timers.Timer.set_Enabled(Boolean) at System.Timers.Timer.Start() at Avira.OE.WinCore.SystemTimersBasedTimer.Start(System.TimeSpan) at Avira.OE.WinCore.DelayedTimer.Start(System.TimeSpan, System.TimeSpan) at Avira.OE.WinCore.ManifestUpdateChecker.StartRecurrentUpdateCheck(System.TimeSpan) at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (02/01/2008 00:05:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download....hrootstl.cabThedata is invalid. Error: (02/01/2008 00:05:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download....hrootstl.cabThedata is invalid. Error: (02/01/2008 00:05:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download....hrootstl.cabThedata is invalid. ==================== Memory info =========================== Processor: Intel® Core™2 CPU T5500 @ 1.66GHz Percentage of memory in use: 88% Total physical RAM: 1015.27 MB Available physical RAM: 121.53 MB Total Virtual: 2039.27 MB Available Virtual: 769.27 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:39.06 GB) (Free:20.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:35.47 GB) (Free:22.23 GB) NTFS Drive e: () (Removable) (Total:60.06 GB) (Free:19.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: EF18EF18) Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=35.5 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 60.1 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=60.1 GB) - (Type=0C) ==================== End of log ============================ I can't run securitycheck.exe . i turned off my antivirus, didn't work. I restarted, turned off anti virus, didn't work. =( error: not a valid win32 app.
  5. parvs
    for some reason i couldn't run the mbar.exe yesterday, but it worked fine today. i can access all the websites ive tried and everything else is working. thank you so very very much =)
  6. parvs
    --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.1.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x86 Account is Administrative Internet Explorer version: 8.0.7600.16385 Java version: 1.6.0_20 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.662000 GHz Memory total: 1064591360, free: 222654464 Downloaded database version: v2015.06.23.09 Downloaded database version: v2015.06.22.01 Downloaded database version: v2015.06.15.01 ======================================= Initializing... ------------ Kernel report ------------ 06/24/2015 13:17:08 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\intelide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vmstorfl.sys \SystemRoot\system32\DRIVERS\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\ssmdrv.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\netw5v32.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\smserial.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\avnetflt.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\ATMFD.DLL \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imagehlp.dll \Windows\System32\msvcrt.dll \Windows\System32\gdi32.dll \Windows\System32\shlwapi.dll \Windows\System32\comdlg32.dll \Windows\System32\user32.dll \Windows\System32\normaliz.dll \Windows\System32\nsi.dll \Windows\System32\msctf.dll \Windows\System32\ws2_32.dll \Windows\System32\oleaut32.dll \Windows\System32\Wldap32.dll \Windows\System32\sechost.dll \Windows\System32\shell32.dll \Windows\System32\clbcatq.dll \Windows\System32\wininet.dll \Windows\System32\psapi.dll \Windows\System32\advapi32.dll \Windows\System32\difxapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\setupapi.dll \Windows\System32\imm32.dll \Windows\System32\ole32.dll \Windows\System32\kernel32.dll \Windows\System32\lpk.dll \Windows\System32\iertutil.dll \Windows\System32\usp10.dll \Windows\System32\urlmon.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! Scan started Database versions: main: v2015.06.23.09 rootkit: v2015.06.22.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8543a030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8543ad18, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8543a030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8535a918, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff85346908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: EF18EF18 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 81915372 Partition file system is NTFS Partition is bootable Partition 1 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 81915435 Numsec = 74380950 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 80026361856 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff90e30ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff90e1cc50, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff90e30ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff90d76550, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Infected file C:\Windows\System32\rpcss.dll could not be remediated because backup file is not available Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\rpcss.dll-k.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\rpcss.dll-u.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\rpcss.dll-r.mbam... Removal finished ======================== mbar log Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.06.23.09 rootkit: v2015.06.22.01 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Owner :: OWNER-PC [administrator] 6/24/2015 1:17:52 PM mbar-log-2015-06-24 (13-17-52).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 333366 Time elapsed: 21 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
  7. parvs
    um not a valid win32 application. and my antivirus just took on the icon of frst
  8. parvs
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2015 Ran by Owner (administrator) on OWNER-PC on 07-06-2015 10:30:00 Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATII0E.EXE (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-23] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-14] (Microsoft Corporation) HKLM\...\Run: [uSB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-09-21] (Zbshareware Lab) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-19] (Sun Microsystems, Inc.) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-4162585890-2542146898-40610652-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATII0E.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2014-10-07] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> DefaultScope {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search.ask.com/web?tpid=AVIRA-V7&o=APN11082&pf=&p2=^B10^YYYYYY^YY^PH&gct=sb&itbv=12.17.1.2795&apn_uid=6E236451-583B-4E43-802F-C99D48ED1C38&apn_ptnrs=^B10&apn_dtid=^YYYYYY^YY^PH&apn_dbr=ie_8.0.7600.16385&doi=2014-10-05&trgb=ALL&q={searchTerms}&psv=&pt=tb SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search.ask.com/web?tpid=AVIRA-V7&o=APN11082&pf=&p2=^B10^YYYYYY^YY^PH&gct=sb&itbv=12.17.1.2795&apn_uid=6E236451-583B-4E43-802F-C99D48ED1C38&apn_ptnrs=^B10&apn_dtid=^YYYYYY^YY^PH&apn_dbr=ie_8.0.7600.16385&doi=2014-10-05&trgb=ALL&q={searchTerms}&psv=&pt=tb BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-02-01] (Sun Microsystems, Inc.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.8.4 FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bferiou0.default-1420774421411 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03] Chrome: ======= CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2015-04-27] CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-27] CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-27] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-27] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-27] CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-27] CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-27] CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29] CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27] CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-08] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-23] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-10-06] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-11] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2015-05-30] (Sysinternals - www.sysinternals.com) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-28] (Avira GmbH) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) S3 catchme; \??\C:\sega\catchme.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-07 10:27 - 2015-06-08 13:28 - 01147904 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe 2015-06-07 10:08 - 2015-06-08 11:58 - 00000194 _____ C:\Users\Owner\Desktop\hosts-perm.bat 2015-06-02 16:56 - 2015-06-07 10:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-02 16:55 - 2015-06-02 16:55 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-02 16:55 - 2015-06-02 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-02 16:55 - 2015-06-02 16:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-02 16:55 - 2015-06-02 16:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-02 16:55 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-02 16:55 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-02 16:55 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-02 16:50 - 2015-06-02 16:51 - 00002608 _____ C:\Users\Owner\Desktop\Rkill.txt 2015-06-02 16:49 - 2015-06-02 16:13 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-02 16:49 - 2015-06-02 15:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe 2015-06-01 20:16 - 2015-06-01 20:16 - 00127515 _____ C:\Users\Owner\Desktop\Info20150601200436.zip 2015-06-01 20:07 - 2015-06-01 20:14 - 01040744 _____ C:\Users\Owner\Desktop\Info20150601200436.xml 2015-06-01 19:42 - 2015-06-01 20:03 - 00000000 ____D C:\NPE 2015-06-01 19:34 - 2015-06-01 20:15 - 00000000 ____D C:\Users\Owner\AppData\Local\NPE 2015-06-01 19:34 - 2015-06-01 19:34 - 00000000 ____D C:\ProgramData\Norton 2015-06-01 19:33 - 2015-06-01 19:33 - 03060320 ____N (Symantec Corporation) C:\Users\Owner\Desktop\NPE.exe 2015-05-30 22:12 - 2015-05-30 22:13 - 00019749 _____ C:\Users\Owner\Desktop\Addition.txt 2015-05-30 22:11 - 2015-06-07 10:30 - 00013798 _____ C:\Users\Owner\Desktop\FRST.txt 2015-05-30 22:11 - 2015-06-07 10:30 - 00000000 ____D C:\FRST 2015-05-30 14:51 - 2015-05-30 14:51 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS 2015-05-30 14:51 - 2015-05-30 14:51 - 00007368 _____ C:\ComboFix.txt 2015-05-30 14:31 - 2015-05-30 14:52 - 00000000 ____D C:\Qoobox 2015-05-30 14:31 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe 2015-05-30 14:31 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe 2015-05-30 14:31 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe 2015-05-30 14:30 - 2015-05-30 14:49 - 00000000 ____D C:\Windows\erdnt 2015-05-30 14:21 - 2015-05-30 14:20 - 05628678 ____R (Swearware) C:\Users\Owner\Desktop\sega.com 2015-05-20 02:15 - 2015-05-20 04:32 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-05-20 02:15 - 2015-05-20 02:45 - 00000000 ____D C:\ProgramData\RogueKiller 2015-05-20 02:14 - 2015-05-20 02:14 - 16980568 _____ C:\Users\Owner\Desktop\winlogon.com.exe 2015-05-19 22:22 - 2015-05-19 22:22 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Owner\Desktop\flashplayer17au_ha_install.exe 2015-05-18 17:59 - 2015-05-18 17:59 - 00002929 _____ C:\Users\Owner\Desktop\help.txt 2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D C:\Users\Owner\Desktop\fixme 2015-05-18 16:46 - 2015-05-18 16:46 - 00000217 _____ C:\Users\Owner\Desktop\fixme.zip 2015-05-13 19:25 - 2015-05-13 19:25 - 00000000 ____D C:\Users\Owner\Desktop\Attachments_2015513 2015-05-13 19:23 - 2015-05-13 19:23 - 00183986 _____ C:\Users\Owner\Desktop\Attachments_2015513.zip 2015-05-12 16:36 - 2015-05-12 16:36 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Owner\Desktop\flashplayer17_ha_install.exe 2015-05-11 17:19 - 2015-05-11 17:19 - 00000000 ____D C:\ProgramData\McAfee ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-07 10:25 - 2009-07-14 12:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-07 10:25 - 2009-07-14 12:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-07 10:24 - 2008-02-01 16:12 - 02094517 _____ C:\Windows\WindowsUpdate.log 2015-06-07 10:16 - 2015-04-27 16:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-07 10:16 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-07 10:16 - 2009-07-14 12:39 - 00067529 _____ C:\Windows\setupact.log 2015-06-07 10:14 - 2015-02-09 13:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-07 09:53 - 2015-04-27 16:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-07 09:00 - 2014-10-06 06:45 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-06 14:24 - 2014-10-06 07:18 - 00332202 _____ C:\Windows\PFRO.log 2015-05-30 21:53 - 2015-04-27 17:07 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-30 14:51 - 2009-07-14 10:37 - 00000000 __RHD C:\Users\Default 2015-05-30 14:51 - 2009-07-14 10:37 - 00000000 ___RD C:\Users\Public 2015-05-30 14:46 - 2009-07-14 10:04 - 00000215 _____ C:\Windows\system.ini 2015-05-19 22:24 - 2014-10-15 13:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-19 22:24 - 2014-10-15 13:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-05-19 22:24 - 2014-10-14 17:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe 2015-05-18 18:04 - 2014-10-06 06:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-18 13:43 - 2014-12-26 14:11 - 00000000 ____D C:\Windows\system32\appmgmt 2015-05-12 16:26 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\NDF Some files in TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-06 15:17 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015 Ran by Owner at 2015-06-07 10:31:18 Running from C:\Users\Owner\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4162585890-2542146898-40610652-500 - Administrator - Disabled) Guest (S-1-5-21-4162585890-2542146898-40610652-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4162585890-2542146898-40610652-1002 - Limited - Enabled) Owner (S-1-5-21-4162585890-2542146898-40610652-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1B00}) (Version: 12.27.0.988 - APN, LLC) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC) Epson Easy Photo Print 2 (HKLM\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) EPSON L350 Series Printer Uninstall (HKLM\...\EPSON L350 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson User's Guide L350 Series (HKLM\...\L350 Series Useg) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.) Java 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla) OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden USB Disk Security (HKLM\...\USB Disk Security_is1) (Version: - Zbshareware Lab) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 30-05-2015 14:31:51 ComboFix created restore point 01-06-2015 20:09:06 Norton_Power_Eraser_20150601200904007 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09140045-9608-48E3-B387-7A4BF1BECAB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated) Task: {2210612D-4BEE-4B89-AE11-99BBC453AEB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.) Task: {6CE36A6F-C64C-43B5-BCBE-8BF02D7A7C2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {A09427A7-5A9A-4559-8227-A87E9AB1D071} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.) Task: {DCB4DFC6-4924-4FB8-97E8-9FDA9C4E9145} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2010-01-30 17:41 - 2010-01-30 17:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-25 12:17 - 2010-03-25 12:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-10 13:26 - 2014-01-10 13:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2014-01-10 13:28 - 2014-01-10 13:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 - 8.8.8.8 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{0A0DB84F-E4CB-40A5-BA5B-BB9D6CC7DD23}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [uDP Query User{FE4F2DD4-1BF0-4180-ACA3-DACB93371935}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [TCP Query User{3D9704F0-AEAD-4E78-BC10-1F7FC50EFD98}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [uDP Query User{5B9ADBE8-C4EB-461E-BFB5-BB5638DDEFA6}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [TCP Query User{67A12F65-BC6A-40AB-9D1F-CF4E92F38922}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe FirewallRules: [uDP Query User{026868AD-9B07-4EAE-8756-4D551C339902}C:\users\owner\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\owner\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{C8D4D9A9-8ED3-4D4D-826C-540A751B2435}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [uDP Query User{5328A67E-7189-4D18-9006-7DFFF927241C}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{295BE885-69BE-4D3F-85A1-357D513EED4D}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [uDP Query User{43A7F982-9E8C-49FD-9440-AC7FF8721199}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [{6573301D-1FA0-4472-9BE1-B7898C813B34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5E45E277-1FC9-4F17-B57A-6D3B4D9ABB28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EE4F207A-6A62-452C-880D-3AD095E8A47E}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsg88E0.tmp\CnetInstaller-10794489.exe FirewallRules: [{DA56B306-C2C8-4B79-BD0B-9503F30D0E51}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsg88E0.tmp\CnetInstaller-10794489.exe FirewallRules: [{5F671019-741D-43F5-80A9-F47532195BC9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{FFB0DA8A-3DE3-4D3E-90B6-25DF1DCCFE99}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd9EA1.tmp\CnetInstaller-10794489.exe FirewallRules: [{A85D7351-698D-4788-B73B-AA7594FF6FB4}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd9EA1.tmp\CnetInstaller-10794489.exe FirewallRules: [{8F40A934-279D-4687-93D2-1857DCC9BC1A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{53650ADF-41A0-4A43-A851-29FF175AB65F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{62CA4D3D-9308-4460-93F6-D37B80162599}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: USB2.0 Description: USB2.0 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/06/2015 02:31:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid. . Error: (06/06/2015 02:31:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid. . Error: (06/06/2015 02:31:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>with error: The data is invalid. . Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 31496 Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 31496 Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15584 Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15584 Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/01/2015 11:04:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 562805 System errors: ============= Error: (06/07/2015 10:22:31 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY) Description: The time service has detected that the system time needs to be changed by 97333 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->23.101.187.68:123) is working properly. Error: (06/07/2015 10:20:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/07/2015 10:16:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect. Error: (06/07/2015 07:21:43 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY) Description: The time service has detected that the system time needs to be changed by 97332 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->104.41.150.68:123) is working properly. Error: (06/07/2015 07:20:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/07/2015 07:17:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect. Error: (06/07/2015 07:17:00 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:34:21 PM on ‎6/‎6/‎2015 was unexpected. Error: (06/06/2015 02:30:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/01/2015 11:04:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (06/01/2015 11:04:44 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office: ========================= Error: (06/06/2015 02:31:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid. Error: (06/06/2015 02:31:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid. Error: (06/06/2015 02:31:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThedata is invalid. Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 31496 Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 31496 Error: (06/06/2015 02:25:52 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15584 Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15584 Error: (06/06/2015 02:25:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/01/2015 11:04:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 562805 ==================== Memory info =========================== Processor: Intel® Core2 CPU T5500 @ 1.66GHz Percentage of memory in use: 67% Total physical RAM: 1015.27 MB Available physical RAM: 334.4 MB Total Pagefile: 2039.27 MB Available Pagefile: 906.23 MB Total Virtual: 2047.88 MB Available Virtual: 1895.67 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:39.06 GB) (Free:19.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:35.47 GB) (Free:22.23 GB) NTFS Drive f: (Transcend) (Removable) (Total:3.75 GB) (Free:3.72 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: EF18EF18) Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=35.5 GB) - (Type=OF Extended) ======================================================== Disk: 2 (Size: 3.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End of log ============================ my webpages still aren't loading properly, could that be a browser problem?
  9. parvs
    Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/2/2015 Scan Time: 4:58:33 PM Logfile: Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.03.09.05 Rootkit Database: v2015.02.25.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x86 File System: NTFS User: Owner Scan Type: Threat Scan Result: Completed Objects Scanned: 329931 Time Elapsed: 29 min, 20 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 6 PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, Quarantined, [e5944df68406989ed4014cde0bfaa060], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\webssearchesSoftware, Quarantined, [cdacdf643c4ead89f70711d7e61dc63a], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [7affaa99513980b6cf08645707fc6898], PUP.Optional.WebSearches.A, HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\SupHpUISoft, Quarantined, [0e6bd37098f2d85e1a2f1cacdd26db25], PUP.Optional.Qone8, HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [aecb380b01893600a9f58492a06502fe], PUP.Optional.FastStart.A, HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [bfbad46f404a4aece5d05f64768d29d7], Registry Values: 2 PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uab4ujgw.default\extensions\faststartff@gmail.com, Quarantined, [c4b592b1c0ca81b58e68949535d08779] PUP.Optional.FastStart.A, HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [bfbad46f404a4aece5d05f64768d29d7] Registry Data: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[ec8dab982b5f0630c4d6b928bc4901ff] Folders: 2 PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [0772b192058562d48e11ed93d62d9e62], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [0772b192058562d48e11ed93d62d9e62], Files: 2 PUP.Optional.WebsSearches.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml, Quarantined, [a9d046fd49412d099f613dacfa098e72], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [0772b192058562d48e11ed93d62d9e62], Physical Sectors: 0 (No malicious items detected) (end) --------------------------------------- Rkill 2.7.0 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2015 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/02/2015 04:50:30 PM in x86 mode. Windows Version: Windows 7 Ultimate Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * Cannot edit the HOSTS file. * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/ Program finished at: 06/02/2015 04:51:49 PM Execution time: 0 hours(s), 1 minute(s), and 19 seconds(s)
  10. parvs
    i just noticed this when i was running NPE (see attached pic) is that normal? I don't remember seeing it like that before.
  11. parvs
    thanks =) Info20150601200436.zip
  12. parvs
    I can't run the eset online scanner on either of the 3 browsers. on IE the page doesn't load. on Firefox it loads partially but the "Run ESET Online Scanner" link doesn't work. in Chrome when I click the link it becomes an unresponsive page. =(
  13. parvs
    Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015 Ran by Owner at 2015-06-01 17:28:56 Run:1 Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Boot Mode: Normal ============================================== fixlist content: ***************** Start HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx 2015-05-18 13:42 - 2014-10-06 14:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent Task: {356DD55F-076E-49D9-B75F-36B0C1CCEE06} - System32\Tasks\{0B01A123-BF7D-45C3-A8D3-059ADE9BD935} => pcalua.exe -a C:\Users\Owner\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION C:\Users\Owner\AppData\Roaming\webssearches Emptytemp: End ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully. "HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key Removed successfully. C:\Users\Owner\AppData\Roaming\uTorrent => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{356DD55F-076E-49D9-B75F-36B0C1CCEE06}" => key Removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{356DD55F-076E-49D9-B75F-36B0C1CCEE06}" => key Removed successfully. C:\Windows\System32\Tasks\{0B01A123-BF7D-45C3-A8D3-059ADE9BD935} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B01A123-BF7D-45C3-A8D3-059ADE9BD935}" => key Removed successfully. "C:\Users\Owner\AppData\Roaming\webssearches" => File/Folder not found. EmptyTemp: => Removed 165.6 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:29:49 ====
  14. parvs
    sorry where do I get the fixlist.txt?
  15. parvs
    FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015 Ran by Owner (administrator) on OWNER-PC on 30-05-2015 22:11:23 Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATII0E.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Farbar) C:\Users\Owner\Desktop\omega.com.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-23] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-14] (Microsoft Corporation) HKLM\...\Run: [uSB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-09-21] (Zbshareware Lab) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-19] (Sun Microsystems, Inc.) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-4162585890-2542146898-40610652-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATII0E.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2014-10-07] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4162585890-2542146898-40610652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> DefaultScope {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search.ask.com/web?tpid=AVIRA-V7&o=APN11082&pf=&p2=^B10^YYYYYY^YY^PH&gct=sb&itbv=12.17.1.2795&apn_uid=6E236451-583B-4E43-802F-C99D48ED1C38&apn_ptnrs=^B10&apn_dtid=^YYYYYY^YY^PH&apn_dbr=ie_8.0.7600.16385&doi=2014-10-05&trgb=ALL&q={searchTerms}&psv=&pt=tb SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-4162585890-2542146898-40610652-1000 -> {49A98BDC-3E0B-411B-8431-60E6D5D05A76} URL = http://avira.search.ask.com/web?tpid=AVIRA-V7&o=APN11082&pf=&p2=^B10^YYYYYY^YY^PH&gct=sb&itbv=12.17.1.2795&apn_uid=6E236451-583B-4E43-802F-C99D48ED1C38&apn_ptnrs=^B10&apn_dtid=^YYYYYY^YY^PH&apn_dbr=ie_8.0.7600.16385&doi=2014-10-05&trgb=ALL&q={searchTerms}&psv=&pt=tb BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-26] (Microsoft Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-02-01] (Sun Microsystems, Inc.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.8.4 FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bferiou0.default-1420774421411 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml [2014-12-26] FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uab4ujgw.default\extensions\faststartff@gmail.com FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03] Chrome: ======= CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2015-04-27] CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-27] CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-27] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-27] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-27] CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-27] CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-27] CHR Extension: (Avira Browser Safety) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-27] CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29] CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27] CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-08] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-23] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-23] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-10-06] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-11] (Avira Operations GmbH & Co. KG) S3 PROCEXP113; C:\Windows\system32\Drivers\PROCEXP113.SYS [12568 2015-05-30] (Sysinternals - www.sysinternals.com) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-28] (Avira GmbH) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) S3 catchme; \??\C:\sega\catchme.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-31 12:48 - 2015-05-31 12:47 - 01147392 _____ (Farbar) C:\Users\Owner\Desktop\omega.com.exe 2015-05-30 22:11 - 2015-05-30 22:12 - 00014070 _____ () C:\Users\Owner\Desktop\FRST.txt 2015-05-30 22:11 - 2015-05-30 22:11 - 00000000 ____D () C:\FRST 2015-05-30 14:51 - 2015-05-30 14:51 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS 2015-05-30 14:51 - 2015-05-30 14:51 - 00007368 _____ () C:\ComboFix.txt 2015-05-30 14:31 - 2015-05-30 14:52 - 00000000 ____D () C:\Qoobox 2015-05-30 14:31 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-30 14:31 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-30 14:31 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-30 14:31 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-30 14:30 - 2015-05-30 14:49 - 00000000 ____D () C:\Windows\erdnt 2015-05-30 14:21 - 2015-05-30 14:20 - 05628678 ____R (Swearware) C:\Users\Owner\Desktop\sega.com 2015-05-20 02:15 - 2015-05-20 04:32 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-05-20 02:15 - 2015-05-20 02:45 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-05-20 02:14 - 2015-05-20 02:14 - 16980568 _____ () C:\Users\Owner\Desktop\winlogon.com.exe 2015-05-19 22:22 - 2015-05-19 22:22 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Owner\Desktop\flashplayer17au_ha_install.exe 2015-05-18 17:59 - 2015-05-18 17:59 - 00002929 _____ () C:\Users\Owner\Desktop\help.txt 2015-05-18 16:47 - 2015-05-18 16:47 - 00000000 ____D () C:\Users\Owner\Desktop\fixme 2015-05-18 16:46 - 2015-05-18 16:46 - 00000217 _____ () C:\Users\Owner\Desktop\fixme.zip 2015-05-18 15:41 - 2015-05-18 16:18 - 01363435 _____ () C:\Users\Owner\Desktop\rkill.exe 2015-05-13 19:25 - 2015-05-13 19:25 - 00000000 ____D () C:\Users\Owner\Desktop\Attachments_2015513 2015-05-13 19:23 - 2015-05-13 19:23 - 00183986 _____ () C:\Users\Owner\Desktop\Attachments_2015513.zip 2015-05-12 16:36 - 2015-05-12 16:36 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Owner\Desktop\flashplayer17_ha_install.exe 2015-05-11 17:19 - 2015-05-11 17:19 - 00000000 ____D () C:\ProgramData\McAfee ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-30 21:53 - 2015-04-27 17:07 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-30 21:53 - 2015-04-27 16:47 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-30 21:14 - 2015-02-09 13:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-30 19:33 - 2008-02-01 16:12 - 02051799 _____ () C:\Windows\WindowsUpdate.log 2015-05-30 19:32 - 2009-07-14 12:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-30 19:32 - 2009-07-14 12:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-30 19:27 - 2015-04-27 16:47 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-30 19:26 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-30 19:26 - 2009-07-14 12:39 - 00065937 _____ () C:\Windows\setupact.log 2015-05-30 14:51 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default 2015-05-30 14:51 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public 2015-05-30 14:46 - 2009-07-14 10:04 - 00000215 _____ () C:\Windows\system.ini 2015-05-30 14:44 - 2014-10-06 07:18 - 00330554 _____ () C:\Windows\PFRO.log 2015-05-22 01:03 - 2014-10-06 06:45 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-19 22:24 - 2014-10-15 13:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-19 22:24 - 2014-10-15 13:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-05-19 22:24 - 2014-10-14 17:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe 2015-05-18 18:04 - 2014-10-06 06:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-18 13:43 - 2014-12-26 14:11 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-05-18 13:42 - 2014-10-06 14:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent 2015-05-12 16:26 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF Some files in TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-25 16:15 ==================== End of log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.