Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
I can't get rid of Obrona VPN Block Ads
Message
<blockquote data-quote="lbardwell" data-source="post: 338842" data-attributes="member: 33504"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015</p><p>Ran by Owner (administrator) on OWNER-PC on 24-01-2015 04:28:06</p><p>Running from C:\Users\Owner\Downloads</p><p>Loaded Profiles: UpdatusUser & Owner (Available profiles: UpdatusUser & Owner)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: FF)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe</p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe</p><p>(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe</p><p>(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe</p><p>() C:\Windows\SysWOW64\afasrv64.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe</p><p>(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe</p><p>() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe</p><p>() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe</p><p>(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe</p><p>(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe</p><p>(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe</p><p>(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe</p><p>(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe</p><p>(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe</p><p>(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe</p><p>(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe</p><p>() C:\Program Files (x86)\USIM Editor\iconcs307181.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe</p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(RedSky Sp. z o.o.) C:\Users\Owner\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe</p><p>(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe</p><p>(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe</p><p>(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe</p><p>(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe</p><p>() C:\Users\Owner\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxext.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxsrvc.exe</p><p>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</p><p>(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe</p><p>(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)</p><p>HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp</p><p>HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)</p><p>HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs307181.exe [7374336 2014-10-03] ()</p><p>HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [773256 2015-01-09] (Webroot)</p><p>HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)</p><p>HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs307181.exe [7374336 2014-10-03] ()</p><p>HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)</p><p>Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)</p><p>Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-21] (Google Inc.)</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Epson Stylus NX510(Network)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2009-11-04] (SEIKO EPSON CORPORATION)</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Facebook Update] => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-22] (Facebook Inc.)</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\<a href="http://malwaretips.com/#" target="_blank"><u><strong>Application<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>\chrome.exe [856904 2015-01-08] (Google Inc.)</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [SoftonicAssistant] => C:\Users\Owner\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] ()</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Obrona <a href="http://malwaretips.com/#" target="_blank"><u><strong>Block Ads<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>] => C:\Users\Owner\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe [1509336 2014-10-16] (RedSky Sp. z o.o.)</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {affc424a-47ea-11e2-9145-c485088e7410} - F:\setup.exe -a</p><p>AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-25] (NVIDIA Corporation)</p><p>AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-25] (NVIDIA Corporation)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install <a href="http://malwaretips.com/#" target="_blank"><u><strong>Webroot<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> FF RunOnce.lnk</p><p>ShortcutTarget: <a href="http://malwaretips.com/#" target="_blank"><u><strong>Install Webroot<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (<a href="http://malwaretips.com/#" target="_blank"><u><strong>Webroot Software<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>, Inc.)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk</p><p>ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\<a href="http://malwaretips.com/#" target="_blank"><u><strong>McAfee Security Scan<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> Plus.lnk</p><p>ShortcutTarget: <a href="http://malwaretips.com/#" target="_blank"><u><strong>McAfee Security Scan Plus<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>.lnk -> C:\Program Files\<a href="http://malwaretips.com/#" target="_blank"><u><strong>McAfee<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyEnable: [S-1-5-21-1827809378-912741919-3246080145-1001] => <a href="http://malwaretips.com/#" target="_blank"><u><strong>Internet Explorer<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> proxy is enabled.</p><p>ProxyServer: [S-1-5-21-1827809378-912741919-3246080145-1001] => http=127.0.0.1:9880</p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\Software\Microsoft\<a href="http://malwaretips.com/#" target="_blank"><u><strong>Internet Explorer<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>\Main,Start Page = <a href="http://samsung.msn.com" target="_blank">http://samsung.msn.com</a></p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\Software\Microsoft\<a href="http://malwaretips.com/#" target="_blank"><u><strong>Internet Explorer<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>\Main,Default_Page_URL = <a href="http://samsung.msn.com" target="_blank">http://samsung.msn.com</a></p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://www.google.com/ie" target="_blank">http://www.google.com/ie</a></p><p>HKU\S-1-5-21-1827809378-912741919-3246080145-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://www.google.com/ie" target="_blank">http://www.google.com/ie</a></p><p>SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox" target="_blank">http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox</a></p><p>SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox" target="_blank">http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox</a></p><p>SearchScopes: HKU\S-1-5-21-1827809378-912741919-3246080145-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = <a href="http://www.google.com/search?q={sear" target="_blank">http://www.google.com/search?q={sear</a></p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)</p><p>BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)</p><p>BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)</p><p>BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\<a href="http://malwaretips.com/#" target="_blank"><u><strong>McAfee Security Scan<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)</p><p>BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Skype Click to Call for <a href="http://malwaretips.com/#" target="_blank"><u><strong>Internet Explorer<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\<a href="http://malwaretips.com/#" target="_blank"><u><strong>Internet Explorer<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>\SkypeIEPlugin.dll (Microsoft Corporation)</p><p>BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)</p><p>BHO-x32: <a href="http://malwaretips.com/#" target="_blank"><u><strong>Webroot<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)</p><p>BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)</p><p>BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)</p><p>Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\<a href="http://malwaretips.com/#" target="_blank"><u><strong>Internet Explorer<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> x64\skypeieplugin.dll (Microsoft Corporation)</p><p>Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\<a href="http://malwaretips.com/#" target="_blank"><u><strong>Internet Explorer<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>\SkypeIEPlugin.dll (Microsoft Corporation)</p><p>ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\evr7t9fd.default</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()</p><p>FF Plugin: @microsoft.com/GENUINE -> <a href="http://malwaretips.com/#" target="_blank"><u><strong>disabled<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,<a href="http://malwaretips.com/#" target="_blank"><u><strong>application<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>/pdf -> C:\<a href="http://malwaretips.com/#" target="_blank"><u><strong>Program<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)</p><p>FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\<a href="http://malwaretips.com/#" target="_blank"><u><strong>windows<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>\SysWOW64\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> <a href="http://malwaretips.com/#" target="_blank"><u><strong>disabled<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google <a href="http://malwaretips.com/#" target="_blank"><u><strong>Update<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a>;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @Skype Limited.com/Facebook <a href="http://malwaretips.com/#" target="_blank"><u><strong>Video<u><strong><img src="http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></u></strong></u></a> Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p>FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</p><p>FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)</p><p>FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: gastecnologia.com.br/sf/bb -> C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)</p><p>FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-18]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:webrootsecure@webroot.com">webrootsecure@webroot.com</a>] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer</p><p>FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-11-23]</p><p>FF HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi</p><p>FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]</p><p>FF HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\bb\xpi</p><p>FF Extension: GBBD Banco do Brasil - C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-10-15]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> hxxp://samsung.msn.com/</p><p>CHR StartupUrls: Default -> "<a href="https://mail.google.com/mail/?shva=1#inbox" target="_blank">https://mail.google.com/mail/?shva=1#inbox</a>", "hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a>"</p><p>CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]</p><p>CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-27]</p><p>CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29]</p><p>CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29]</p><p>CHR Extension: (Webroot Filtering Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblebgkanaecgapcfefmedflbdhmblog [2013-11-23]</p><p>CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-19]</p><p>CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]</p><p>CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29]</p><p>CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path</p><p>CHR HKLM-x32\...\Chrome\Extension: [dblebgkanaecgapcfefmedflbdhmblog] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.21.crx [2013-12-16]</p><p>CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]</p><p>CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-19]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AfaService; C:\windows\SysWOW64\afasrv64.exe [73728 2014-10-03] () [File not signed]</p><p>R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)</p><p>R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)</p><p>R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]</p><p>R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [546104 2014-07-21] (GAS Tecnologia)</p><p>R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)</p><p>S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)</p><p>R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-07] ()</p><p>R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)</p><p>R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]</p><p>R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]</p><p>R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)</p><p>R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [773256 2015-01-09] (Webroot)</p><p>R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-07] (Intel® Corporation)</p><p>S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-15] (Malwarebytes Corporation)</p><p>S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)</p><p>S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]</p><p>R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2015-01-09] (Webroot)</p><p>U0 SR; No ImagePath</p><p>U2 srservice; No ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-24 04:28 - 2015-01-24 04:28 - 00025399 _____ () C:\Users\Owner\Downloads\FRST.txt</p><p>2015-01-24 04:27 - 2015-01-24 04:28 - 00000000 ____D () C:\FRST</p><p>2015-01-24 04:24 - 2015-01-24 04:24 - 02126848 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe</p><p>2015-01-24 04:22 - 2015-01-24 04:22 - 01118208 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe</p><p>2015-01-24 02:17 - 2015-01-24 02:17 - 00282008 _____ () C:\windows\Minidump\012415-27970-01.dmp</p><p>2015-01-24 02:17 - 2015-01-24 02:17 - 00000000 ____D () C:\windows\Minidump</p><p>2015-01-24 02:16 - 2015-01-24 02:16 - 672640311 _____ () C:\windows\MEMORY.DMP</p><p>2015-01-22 23:11 - 2015-01-22 23:11 - 00376184 _____ () C:\Users\Owner\Downloads\Setup.exe</p><p>2015-01-18 23:22 - 2015-01-18 23:22 - 00009976 _____ () C:\Users\Owner\Documents\Expenses.xlsx</p><p>2015-01-18 18:39 - 2015-01-18 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2015-01-13 22:14 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll</p><p>2015-01-13 22:14 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys</p><p>2015-01-13 22:14 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe</p><p>2015-01-13 22:14 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll</p><p>2015-01-13 22:14 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe</p><p>2015-01-13 22:14 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll</p><p>2015-01-13 22:14 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe</p><p>2015-01-13 22:14 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe</p><p>2015-01-13 22:14 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll</p><p>2015-01-13 22:14 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe</p><p>2015-01-13 22:14 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll</p><p>2015-01-13 22:14 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll</p><p>2015-01-13 22:14 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll</p><p>2014-12-28 23:38 - 2014-12-28 23:38 - 05288700 _____ () C:\Users\Owner\Downloads\Video.MOV</p><p>2014-12-27 04:04 - 2014-12-27 04:04 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk</p><p>2014-12-27 04:04 - 2014-12-27 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>2014-12-27 04:03 - 2014-12-27 04:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7</p><p>2014-12-27 04:03 - 2014-12-27 04:04 - 00000000 ____D () C:\Program Files\iTunes</p><p>2014-12-27 04:03 - 2014-12-27 04:03 - 00000000 ____D () C:\Program Files\iPod</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-24 04:27 - 2012-09-19 19:27 - 00000000 ____D () C:\ProgramData\WRData</p><p>2015-01-24 04:21 - 2012-09-21 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype</p><p>2015-01-24 04:20 - 2014-01-29 17:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-01-24 04:10 - 2012-05-04 17:00 - 01944094 _____ () C:\windows\WindowsUpdate.log</p><p>2015-01-24 03:53 - 2012-09-21 18:33 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA.job</p><p>2015-01-24 03:14 - 2009-07-13 23:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI</p><p>2015-01-24 03:02 - 2013-09-22 16:57 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA.job</p><p>2015-01-24 02:28 - 2009-07-13 22:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-24 02:28 - 2009-07-13 22:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-24 02:19 - 2014-12-24 05:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\SoftonicAssistant</p><p>2015-01-24 02:17 - 2014-01-29 17:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-01-24 02:17 - 2012-05-04 01:03 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job</p><p>2015-01-24 02:17 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT</p><p>2015-01-24 02:17 - 2009-07-13 22:51 - 00081044 _____ () C:\windows\setupact.log</p><p>2015-01-24 02:16 - 2010-11-20 21:47 - 00109580 _____ () C:\windows\PFRO.log</p><p>2015-01-24 02:14 - 2014-12-24 05:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\Obrona Block Ads</p><p>2015-01-24 01:53 - 2014-10-15 17:58 - 00000000 ____D () C:\ProgramData\GAS Tecnologia</p><p>2015-01-24 01:51 - 2014-12-09 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak</p><p>2015-01-24 01:51 - 2014-06-30 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2015-01-23 22:53 - 2012-09-21 18:33 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core.job</p><p>2015-01-23 22:11 - 2013-09-22 16:57 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core.job</p><p>2015-01-23 22:05 - 2012-05-04 01:03 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job</p><p>2015-01-19 18:05 - 2013-02-10 11:38 - 00000000 ___RD () C:\Program Files (x86)\Skype</p><p>2015-01-19 18:05 - 2012-09-19 16:10 - 00000000 ____D () C:\ProgramData\Skype</p><p>2015-01-16 14:00 - 2013-08-15 02:01 - 00000000 ____D () C:\windows\system32\MRT</p><p>2015-01-16 13:47 - 2012-09-19 18:51 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe</p><p>2015-01-15 17:41 - 2014-01-29 17:39 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2015-01-09 16:05 - 2012-09-19 19:27 - 00154760 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll</p><p>2015-01-09 16:05 - 2012-09-19 19:27 - 00115680 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys</p><p>2015-01-09 16:05 - 2012-09-19 19:27 - 00105320 _____ (Webroot) C:\windows\system32\WRusr.dll</p><p>2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe</p><p>2014-12-27 04:04 - 2013-07-06 22:20 - 00000000 ____D () C:\Program Files (x86)\iTunes</p><p>2014-12-27 04:03 - 2012-09-22 10:16 - 00000000 ____D () C:\Program Files\Common Files\Apple</p><p>2014-12-27 04:02 - 2014-07-22 22:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p></p><p>==================== Files in the root of some directories =======</p><p>2012-09-19 19:27 - 2013-12-11 18:07 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe</p><p>2014-10-15 17:58 - 2014-10-15 17:59 - 0018170 _____ () C:\Users\Owner\AppData\Roaming\unins000.dat</p><p>2014-10-15 17:58 - 2014-10-15 17:58 - 0813217 _____ () C:\Users\Owner\AppData\Roaming\unins000.exe</p><p>2013-07-09 17:55 - 2013-07-09 17:55 - 0044218 _____ () C:\Users\Owner\AppData\Local\RAContactHistory.xml</p><p>2012-05-04 02:26 - 2012-05-04 02:27 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log</p><p>2012-05-04 02:22 - 2012-05-04 02:22 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log</p><p>2012-05-04 02:24 - 2012-05-04 02:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log</p><p>2012-05-04 02:22 - 2012-05-04 02:24 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log</p><p>2012-05-04 02:25 - 2012-05-04 02:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-01-15 18:26</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015</p><p>Ran by Owner at 2015-01-24 04:29:03</p><p>Running from C:\Users\Owner\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}</p><p>AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}</p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden</p><p>„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden</p><p>„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)</p><p>Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)</p><p>Amazon Kindle (HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Amazon Kindle) (Version: - Amazon)</p><p>Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)</p><p>Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)</p><p>Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)</p><p>CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)</p><p>CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)</p><p>CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)</p><p>CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)</p><p>CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5216 - CyberLink Corp.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics Co., Ltd.)</p><p>Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.)</p><p>Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)</p><p>Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.2.10.7 - Samsung Electronics Co., Ltd.)</p><p>Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.20 - Samsung Electronics Co., Ltd.)</p><p>E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)</p><p>Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version: - )</p><p>Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)</p><p>EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version: - SEIKO EPSON Corporation)</p><p>EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )</p><p>EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)</p><p>EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)</p><p>ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)</p><p>Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)</p><p>Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.3.920 - Foxit Corporation)</p><p>Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)</p><p>Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)</p><p>Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)</p><p>Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)</p><p>Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)</p><p>Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )</p><p>Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)</p><p>Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)</p><p>iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)</p><p>Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)</p><p>John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )</p><p>Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)</p><p>McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)</p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)</p><p>Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.11.0.1 - )</p><p>MotoHelper 2.0.51 Driver 5.1.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.51 - Motorola)</p><p>MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden</p><p>MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.2060.2 - Motorola)</p><p>Motorola Mobile Drivers Installation 5.1.0 (Version: 5.1.0 - Motorola Inc.) Hidden</p><p>Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)</p><p>NVIDIA Graphics Driver 296.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.01 - NVIDIA Corporation)</p><p>NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)</p><p>OBRONA BlockAds (HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\ObronaBlockAds) (Version: 1.1.31 - OBRONA BlockAds / Red Sky LLC) <==== ATTENTION</p><p>Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)</p><p>Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden</p><p>Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)</p><p>Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden</p><p>Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6608 - Realtek Semiconductor Corp.)</p><p>Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.4 - Samsung)</p><p>Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)</p><p>Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)</p><p>Softonic Assistant (HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\SoftonicAssistant) (Version: 0.1.6 - Softonic International S.A.) <==== ATTENTION</p><p>Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)</p><p>Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p>User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - )</p><p>USIM Editor 1.0.28.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version: - )</p><p>VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)</p><p>Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.44 - Webroot)</p><p>WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)</p><p>WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden</p><p>Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)</p><p>Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden</p><p>Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)</p><p>CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)</p><p>CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File</p><p></p><p>==================== Restore Points =========================</p><p></p><p>20-12-2014 01:50:27 Windows Update</p><p>24-12-2014 05:00:31 Windows Update</p><p>30-12-2014 19:54:37 Windows Update</p><p>04-01-2015 00:54:20 Windows Update</p><p>09-01-2015 17:09:00 Windows Update</p><p>13-01-2015 17:31:24 Windows Update</p><p>16-01-2015 13:46:52 Windows Update</p><p>20-01-2015 16:46:30 Windows Update</p><p>23-01-2015 22:16:49 Windows Update</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {0627E337-7936-47E8-9892-A20951A13B68} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-04-15] (CyberLink)</p><p>Task: {1CC1A648-BB3F-42AF-AB16-C358CEEB4AEE} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-24] (Samsung Electronics Co., Ltd.)</p><p>Task: {1CC495A7-ECD0-4E7E-ACB3-954D9F3B2943} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)</p><p>Task: {22743BB0-14E7-429B-A606-14823DC35106} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()</p><p>Task: {2423AAAD-5D87-4E51-A53C-A31694C15685} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21] (Google Inc.)</p><p>Task: {248E2ADC-0EC0-4D3B-9207-4312785D7DF1} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-08] (Samsung Electronics Co., Ltd.)</p><p>Task: {28F69776-E7CA-46F4-8094-D7E1212FFBC3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-22] (Facebook Inc.)</p><p>Task: {4A7BCFB7-35B9-4099-87C8-314F86AB984A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {579CF7CF-0B88-4064-933A-1B39C96D4141} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-03-12] (Samsung Electronics Co., Ltd.)</p><p>Task: {650E59E5-EF48-4C97-AD85-B498B96DF6BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21] (Google Inc.)</p><p>Task: {6C50547A-7382-4EE6-B0C8-ABD67153BD0A} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-02-27] (Samsung)</p><p>Task: {6EF43FE3-DBFA-4F0B-959F-A7759C849639} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)</p><p>Task: {7228033E-BEE8-49A9-9A94-7336D87A479F} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()</p><p>Task: {7EC5EA08-5D45-4AF0-AD16-6F86C2970937} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()</p><p>Task: {862AC710-6295-4C6B-B83B-2938EE2A9D37} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-27] (SEC)</p><p>Task: {8A1BBE8C-1E44-4B8A-A53E-701EB3F4E3F8} - System32\Tasks\{346BA7DC-9478-4F4F-9B96-275B98889E53} => Chrome.exe <a href="http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.10.0.116&amp;LastError=12007" target="_blank">http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.10.0.116&amp;LastError=12007</a></p><p>Task: {98FA8D44-ACA1-4F43-8596-65C4A8F7260C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-22] (Facebook Inc.)</p><p>Task: {AF96E162-47A7-4340-9B8F-3070E5530C05} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)</p><p>Task: {B8DB5DDA-F177-4E30-9066-B632F198DB89} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-01] (Samsung Electronics Co., Ltd.)</p><p>Task: {C00EB348-4711-40C7-8C2E-C53E05010092} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)</p><p>Task: {CF4946FE-E39E-4324-82E3-E77F8DCF42DF} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()</p><p>Task: {D7F2E344-73A9-453E-9929-3B97259A8FA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)</p><p>Task: {D9B66071-7298-45B1-A37E-34B057C5F722} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)</p><p>Task: {E845D815-CCAD-4934-8244-3EFF1C42C54F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)</p><p>Task: {FF36C5C9-E53A-4F40-B73F-110BDC2072B8} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)</p><p>Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe</p><p>Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe</p><p>Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe</p><p>Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2014-10-03 08:13 - 2014-10-03 08:13 - 00073728 _____ () C:\windows\SysWOW64\afasrv64.exe</p><p>2012-05-04 01:03 - 2012-02-07 20:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe</p><p>2011-04-26 14:23 - 2011-04-26 14:23 - 00223088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe</p><p>2011-04-26 14:22 - 2011-04-26 14:22 - 00681840 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe</p><p>2012-05-04 02:24 - 2009-12-01 01:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe</p><p>2012-05-04 01:16 - 2012-02-13 00:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe</p><p>2014-10-03 08:13 - 2014-10-03 08:13 - 07374336 _____ () C:\Program Files (x86)\USIM Editor\iconcs307181.exe</p><p>2014-10-14 07:00 - 2014-10-14 07:00 - 00008192 _____ () C:\Users\Owner\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe</p><p>2012-02-14 20:22 - 2012-01-05 03:24 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll</p><p>2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2011-06-16 21:40 - 2011-06-16 21:40 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll</p><p>2011-06-16 21:39 - 2011-06-16 21:39 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll</p><p>2011-06-16 21:41 - 2011-06-16 21:41 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll</p><p>2011-06-16 21:40 - 2011-06-16 21:40 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll</p><p>2011-06-16 21:40 - 2011-06-16 21:40 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll</p><p>2012-05-04 01:25 - 2012-02-07 20:00 - 00755280 _____ () C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll</p><p>2012-05-04 01:16 - 2006-08-11 21:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll</p><p>2012-05-04 01:16 - 2011-02-16 10:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll</p><p>2015-01-15 17:40 - 2015-01-08 18:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll</p><p>2015-01-15 17:40 - 2015-01-08 18:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll</p><p>2014-10-08 07:03 - 2014-10-08 07:03 - 00879104 _____ () C:\Users\Owner\AppData\Local\Obrona Block Ads\platforms\qwindows.dll</p><p>2014-10-08 07:01 - 2014-10-08 07:01 - 00021504 _____ () C:\Users\Owner\AppData\Local\Obrona Block Ads\imageformats\qgif.dll</p><p>2012-09-21 20:32 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll</p><p>2012-09-21 20:32 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll</p><p>2012-05-04 01:24 - 2011-09-08 04:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll</p><p>2009-11-01 23:20 - 2009-11-01 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll</p><p>2009-11-01 23:23 - 2009-11-01 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll</p><p>2012-05-04 01:03 - 2012-02-07 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll</p><p>2015-01-15 17:40 - 2015-01-08 18:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll</p><p>2015-01-15 17:40 - 2015-01-08 18:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll</p><p>2015-01-15 17:40 - 2015-01-08 18:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>AlternateDataStreams: C:\windows\System32:9F798C5A_Bb.gbp</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"</p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-1827809378-912741919-3246080145-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-1827809378-912741919-3246080145-501 - Limited - Disabled)</p><p>Owner (S-1-5-21-1827809378-912741919-3246080145-1001 - Administrator - Enabled) => C:\Users\Owner</p><p>UpdatusUser (S-1-5-21-1827809378-912741919-3246080145-1000 - Limited - Enabled) => C:\Users\UpdatusUser</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (01/24/2015 02:17:51 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (01/23/2015 10:05:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 80166137</p><p></p><p>Error: (01/23/2015 10:05:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 80166137</p><p></p><p>Error: (01/23/2015 10:05:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (01/23/2015 10:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 80165123</p><p></p><p>Error: (01/23/2015 10:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 80165123</p><p></p><p>Error: (01/23/2015 10:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (01/22/2015 11:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 1045</p><p></p><p>Error: (01/22/2015 11:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 1045</p><p></p><p>Error: (01/22/2015 11:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (01/24/2015 02:17:10 AM) (Source: BugCheck) (EventID: 1001) (User: )</p><p>Description: 0x00000024 (0x00000000001904fb, 0xfffff8800b677248, 0xfffff8800b676aa0, 0xfffff80003072190)C:\windows\MEMORY.DMP012415-27970-01</p><p></p><p>Error: (01/24/2015 02:17:09 AM) (Source: EventLog) (EventID: 6008) (User: )</p><p>Description: The previous system shutdown at 2:14:16 AM on 1/24/2015 was unexpected.</p><p></p><p>Error: (01/19/2015 06:05:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )</p><p>Description: The NVIDIA Update Service Daemon service hung on starting.</p><p></p><p>Error: (01/19/2015 05:59:14 PM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}</p><p></p><p>Error: (01/05/2015 00:34:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )</p><p>Description: The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.</p><p></p><p>Error: (12/27/2014 02:15:20 PM) (Source: NetBT) (EventID: 4321) (User: )</p><p>Description: The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.65.</p><p>The computer with the IP address 192.168.1.70 did not allow the name to be claimed by</p><p>this computer.</p><p></p><p>Error: (12/27/2014 02:15:20 PM) (Source: NetBT) (EventID: 4321) (User: )</p><p>Description: The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.65.</p><p>The computer with the IP address 192.168.1.70 did not allow the name to be claimed by</p><p>this computer.</p><p></p><p>Error: (12/27/2014 02:15:20 PM) (Source: Server) (EventID: 2505) (User: )</p><p>Description: The server could not bind to the transport \Device\NetBT_Tcpip_{205A111B-88FA-4A80-93DD-185C11613E66} because another computer on the network has the same name. The server could not start.</p><p></p><p>Error: (12/27/2014 02:14:51 PM) (Source: NetBT) (EventID: 4321) (User: )</p><p>Description: The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.65.</p><p>The computer with the IP address 192.168.1.70 did not allow the name to be claimed by</p><p>this computer.</p><p></p><p>Error: (12/27/2014 02:14:51 PM) (Source: NetBT) (EventID: 4321) (User: )</p><p>Description: The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.65.</p><p>The computer with the IP address 192.168.1.70 did not allow the name to be claimed by</p><p>this computer.</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz</p><p>Percentage of memory in use: 41%</p><p>Total physical RAM: 5923.54 MB</p><p>Available physical RAM: 3483.62 MB</p><p>Total Pagefile: 11845.26 MB</p><p>Available Pagefile: 8867.31 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.83 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:675.14 GB) (Free:575.66 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 698.6 GB) (Disk ID: 10A444CC)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=675.1 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=23.4 GB) - (Type=27)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="lbardwell, post: 338842, member: 33504"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Owner (administrator) on OWNER-PC on 24-01-2015 04:28:06 Running from C:\Users\Owner\Downloads Loaded Profiles: UpdatusUser & Owner (Available profiles: UpdatusUser & Owner) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe () C:\Windows\SysWOW64\afasrv64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\USIM Editor\iconcs307181.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (RedSky Sp. z o.o.) C:\Users\Owner\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe () C:\Users\Owner\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs307181.exe [7374336 2014-10-03] () HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [773256 2015-01-09] (Webroot) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs307181.exe [7374336 2014-10-03] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-21] (Google Inc.) HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Epson Stylus NX510(Network)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2009-11-04] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Facebook Update] => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-22] (Facebook Inc.) HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\[URL='http://malwaretips.com/#'][U][B]Application[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL]\chrome.exe [856904 2015-01-08] (Google Inc.) HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [SoftonicAssistant] => C:\Users\Owner\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] () HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [Obrona [URL='http://malwaretips.com/#'][U][B]Block Ads[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL]] => C:\Users\Owner\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe [1509336 2014-10-16] (RedSky Sp. z o.o.) HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\MountPoints2: {affc424a-47ea-11e2-9145-c485088e7410} - F:\setup.exe -a AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-25] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-25] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install [URL='http://malwaretips.com/#'][U][B]Webroot[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] FF RunOnce.lnk ShortcutTarget: [URL='http://malwaretips.com/#'][U][B]Install Webroot[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe ([URL='http://malwaretips.com/#'][U][B]Webroot Software[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL], Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\[URL='http://malwaretips.com/#'][U][B]McAfee Security Scan[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] Plus.lnk ShortcutTarget: [URL='http://malwaretips.com/#'][U][B]McAfee Security Scan Plus[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL].lnk -> C:\Program Files\[URL='http://malwaretips.com/#'][U][B]McAfee[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-1827809378-912741919-3246080145-1001] => [URL='http://malwaretips.com/#'][U][B]Internet Explorer[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] proxy is enabled. ProxyServer: [S-1-5-21-1827809378-912741919-3246080145-1001] => http=127.0.0.1:9880 HKU\S-1-5-21-1827809378-912741919-3246080145-1001\Software\Microsoft\[URL='http://malwaretips.com/#'][U][B]Internet Explorer[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL]\Main,Start Page = [URL]http://samsung.msn.com[/URL] HKU\S-1-5-21-1827809378-912741919-3246080145-1001\Software\Microsoft\[URL='http://malwaretips.com/#'][U][B]Internet Explorer[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL]\Main,Default_Page_URL = [URL]http://samsung.msn.com[/URL] HKU\S-1-5-21-1827809378-912741919-3246080145-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL]http://www.google.com/ie[/URL] HKU\S-1-5-21-1827809378-912741919-3246080145-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://www.google.com/ie[/URL] SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox[/URL] SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [URL]http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox[/URL] SearchScopes: HKU\S-1-5-21-1827809378-912741919-3246080145-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [URL]http://www.google.com/search?q={sear[/URL] BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\[URL='http://malwaretips.com/#'][U][B]McAfee Security Scan[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL]\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for [URL='http://malwaretips.com/#'][U][B]Internet Explorer[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\[URL='http://malwaretips.com/#'][U][B]Internet Explorer[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL]\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) BHO-x32: [URL='http://malwaretips.com/#'][U][B]Webroot[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\[URL='http://malwaretips.com/#'][U][B]Internet Explorer[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\[URL='http://malwaretips.com/#'][U][B]Internet Explorer[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL]\SkypeIEPlugin.dll (Microsoft Corporation) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\evr7t9fd.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @microsoft.com/GENUINE -> [URL='http://malwaretips.com/#'][U][B]disabled[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,[URL='http://malwaretips.com/#'][U][B]application[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL]/pdf -> C:\[URL='http://malwaretips.com/#'][U][B]Program[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\[URL='http://malwaretips.com/#'][U][B]windows[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL]\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> [URL='http://malwaretips.com/#'][U][B]disabled[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google [URL='http://malwaretips.com/#'][U][B]Update[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL];version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @Skype Limited.com/Facebook [URL='http://malwaretips.com/#'][U][B]Video[U][B][IMG]http://cdncache-a.akamaihd.net/items/it/img/arrow-10x10.png[/IMG][/B][/U][/B][/U][/URL] Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1827809378-912741919-3246080145-1001: gastecnologia.com.br/sf/bb -> C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-18] FF HKLM-x32\...\Firefox\Extensions: [[email]webrootsecure@webroot.com[/email]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-11-23] FF HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\bb\xpi FF Extension: GBBD Banco do Brasil - C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-10-15] Chrome: ======= CHR HomePage: Default -> hxxp://samsung.msn.com/ CHR StartupUrls: Default -> "[URL]https://mail.google.com/mail/?shva=1#inbox[/URL]", "hxxp://[URL="http://www.google.com/"]www.google.com/[/URL]" CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-27] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29] CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29] CHR Extension: (Webroot Filtering Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblebgkanaecgapcfefmedflbdhmblog [2013-11-23] CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-19] CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [dblebgkanaecgapcfefmedflbdhmblog] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.21.crx [2013-12-16] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AfaService; C:\windows\SysWOW64\afasrv64.exe [73728 2014-10-03] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [546104 2014-07-21] (GAS Tecnologia) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-07] () R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed] R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [773256 2015-01-09] (Webroot) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-07] (Intel® Corporation) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-15] (Malwarebytes Corporation) S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2015-01-09] (Webroot) U0 SR; No ImagePath U2 srservice; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-24 04:28 - 2015-01-24 04:28 - 00025399 _____ () C:\Users\Owner\Downloads\FRST.txt 2015-01-24 04:27 - 2015-01-24 04:28 - 00000000 ____D () C:\FRST 2015-01-24 04:24 - 2015-01-24 04:24 - 02126848 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe 2015-01-24 04:22 - 2015-01-24 04:22 - 01118208 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe 2015-01-24 02:17 - 2015-01-24 02:17 - 00282008 _____ () C:\windows\Minidump\012415-27970-01.dmp 2015-01-24 02:17 - 2015-01-24 02:17 - 00000000 ____D () C:\windows\Minidump 2015-01-24 02:16 - 2015-01-24 02:16 - 672640311 _____ () C:\windows\MEMORY.DMP 2015-01-22 23:11 - 2015-01-22 23:11 - 00376184 _____ () C:\Users\Owner\Downloads\Setup.exe 2015-01-18 23:22 - 2015-01-18 23:22 - 00009976 _____ () C:\Users\Owner\Documents\Expenses.xlsx 2015-01-18 18:39 - 2015-01-18 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-13 22:14 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-13 22:14 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-13 22:14 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-13 22:14 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-13 22:14 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-13 22:14 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-13 22:14 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-13 22:14 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-13 22:14 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-13 22:14 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-13 22:14 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-13 22:14 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-13 22:14 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2014-12-28 23:38 - 2014-12-28 23:38 - 05288700 _____ () C:\Users\Owner\Downloads\Video.MOV 2014-12-27 04:04 - 2014-12-27 04:04 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-12-27 04:04 - 2014-12-27 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-12-27 04:03 - 2014-12-27 04:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-12-27 04:03 - 2014-12-27 04:04 - 00000000 ____D () C:\Program Files\iTunes 2014-12-27 04:03 - 2014-12-27 04:03 - 00000000 ____D () C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-24 04:27 - 2012-09-19 19:27 - 00000000 ____D () C:\ProgramData\WRData 2015-01-24 04:21 - 2012-09-21 21:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype 2015-01-24 04:20 - 2014-01-29 17:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-24 04:10 - 2012-05-04 17:00 - 01944094 _____ () C:\windows\WindowsUpdate.log 2015-01-24 03:53 - 2012-09-21 18:33 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA.job 2015-01-24 03:14 - 2009-07-13 23:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-24 03:02 - 2013-09-22 16:57 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA.job 2015-01-24 02:28 - 2009-07-13 22:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-24 02:28 - 2009-07-13 22:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-24 02:19 - 2014-12-24 05:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\SoftonicAssistant 2015-01-24 02:17 - 2014-01-29 17:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-24 02:17 - 2012-05-04 01:03 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2015-01-24 02:17 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-24 02:17 - 2009-07-13 22:51 - 00081044 _____ () C:\windows\setupact.log 2015-01-24 02:16 - 2010-11-20 21:47 - 00109580 _____ () C:\windows\PFRO.log 2015-01-24 02:14 - 2014-12-24 05:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\Obrona Block Ads 2015-01-24 01:53 - 2014-10-15 17:58 - 00000000 ____D () C:\ProgramData\GAS Tecnologia 2015-01-24 01:51 - 2014-12-09 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2015-01-24 01:51 - 2014-06-30 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-23 22:53 - 2012-09-21 18:33 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core.job 2015-01-23 22:11 - 2013-09-22 16:57 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core.job 2015-01-23 22:05 - 2012-05-04 01:03 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2015-01-19 18:05 - 2013-02-10 11:38 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-19 18:05 - 2012-09-19 16:10 - 00000000 ____D () C:\ProgramData\Skype 2015-01-16 14:00 - 2013-08-15 02:01 - 00000000 ____D () C:\windows\system32\MRT 2015-01-16 13:47 - 2012-09-19 18:51 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-15 17:41 - 2014-01-29 17:39 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-09 16:05 - 2012-09-19 19:27 - 00154760 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll 2015-01-09 16:05 - 2012-09-19 19:27 - 00115680 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys 2015-01-09 16:05 - 2012-09-19 19:27 - 00105320 _____ (Webroot) C:\windows\system32\WRusr.dll 2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-12-27 04:04 - 2013-07-06 22:20 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-12-27 04:03 - 2012-09-22 10:16 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-12-27 04:02 - 2014-07-22 22:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 ==================== Files in the root of some directories ======= 2012-09-19 19:27 - 2013-12-11 18:07 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2014-10-15 17:58 - 2014-10-15 17:59 - 0018170 _____ () C:\Users\Owner\AppData\Roaming\unins000.dat 2014-10-15 17:58 - 2014-10-15 17:58 - 0813217 _____ () C:\Users\Owner\AppData\Roaming\unins000.exe 2013-07-09 17:55 - 2013-07-09 17:55 - 0044218 _____ () C:\Users\Owner\AppData\Local\RAContactHistory.xml 2012-05-04 02:26 - 2012-05-04 02:27 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2012-05-04 02:22 - 2012-05-04 02:22 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2012-05-04 02:24 - 2012-05-04 02:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2012-05-04 02:22 - 2012-05-04 02:24 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2012-05-04 02:25 - 2012-05-04 02:26 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 18:26 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015 Ran by Owner at 2015-01-24 04:29:03 Running from C:\Users\Owner\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109} AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle (HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5216 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics Co., Ltd.) Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.) Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.) Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.2.10.7 - Samsung Electronics Co., Ltd.) Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.20 - Samsung Electronics Co., Ltd.) E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version: - ) Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation) EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION) ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.3.920 - Foxit Corporation) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.11.0.1 - ) MotoHelper 2.0.51 Driver 5.1.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.51 - Motorola) MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.2060.2 - Motorola) Motorola Mobile Drivers Installation 5.1.0 (Version: 5.1.0 - Motorola Inc.) Hidden Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NVIDIA Graphics Driver 296.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.01 - NVIDIA Corporation) NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation) OBRONA BlockAds (HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\ObronaBlockAds) (Version: 1.1.31 - OBRONA BlockAds / Red Sky LLC) <==== ATTENTION Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.) Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.) Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6608 - Realtek Semiconductor Corp.) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.4 - Samsung) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Softonic Assistant (HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\SoftonicAssistant) (Version: 0.1.6 - Softonic International S.A.) <==== ATTENTION Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - ) USIM Editor 1.0.28.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version: - ) VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.) Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.44 - Webroot) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Owner\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1827809378-912741919-3246080145-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 20-12-2014 01:50:27 Windows Update 24-12-2014 05:00:31 Windows Update 30-12-2014 19:54:37 Windows Update 04-01-2015 00:54:20 Windows Update 09-01-2015 17:09:00 Windows Update 13-01-2015 17:31:24 Windows Update 16-01-2015 13:46:52 Windows Update 20-01-2015 16:46:30 Windows Update 23-01-2015 22:16:49 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0627E337-7936-47E8-9892-A20951A13B68} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-04-15] (CyberLink) Task: {1CC1A648-BB3F-42AF-AB16-C358CEEB4AEE} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-24] (Samsung Electronics Co., Ltd.) Task: {1CC495A7-ECD0-4E7E-ACB3-954D9F3B2943} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.) Task: {22743BB0-14E7-429B-A606-14823DC35106} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] () Task: {2423AAAD-5D87-4E51-A53C-A31694C15685} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21] (Google Inc.) Task: {248E2ADC-0EC0-4D3B-9207-4312785D7DF1} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-08] (Samsung Electronics Co., Ltd.) Task: {28F69776-E7CA-46F4-8094-D7E1212FFBC3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-22] (Facebook Inc.) Task: {4A7BCFB7-35B9-4099-87C8-314F86AB984A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {579CF7CF-0B88-4064-933A-1B39C96D4141} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-03-12] (Samsung Electronics Co., Ltd.) Task: {650E59E5-EF48-4C97-AD85-B498B96DF6BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21] (Google Inc.) Task: {6C50547A-7382-4EE6-B0C8-ABD67153BD0A} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-02-27] (Samsung) Task: {6EF43FE3-DBFA-4F0B-959F-A7759C849639} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.) Task: {7228033E-BEE8-49A9-9A94-7336D87A479F} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] () Task: {7EC5EA08-5D45-4AF0-AD16-6F86C2970937} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] () Task: {862AC710-6295-4C6B-B83B-2938EE2A9D37} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-27] (SEC) Task: {8A1BBE8C-1E44-4B8A-A53E-701EB3F4E3F8} - System32\Tasks\{346BA7DC-9478-4F4F-9B96-275B98889E53} => Chrome.exe [URL]http://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116&LastError=12007[/URL] Task: {98FA8D44-ACA1-4F43-8596-65C4A8F7260C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-22] (Facebook Inc.) Task: {AF96E162-47A7-4340-9B8F-3070E5530C05} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation) Task: {B8DB5DDA-F177-4E30-9066-B632F198DB89} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-01] (Samsung Electronics Co., Ltd.) Task: {C00EB348-4711-40C7-8C2E-C53E05010092} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation) Task: {CF4946FE-E39E-4324-82E3-E77F8DCF42DF} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] () Task: {D7F2E344-73A9-453E-9929-3B97259A8FA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.) Task: {D9B66071-7298-45B1-A37E-34B057C5F722} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.) Task: {E845D815-CCAD-4934-8244-3EFF1C42C54F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics) Task: {FF36C5C9-E53A-4F40-B73F-110BDC2072B8} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics) Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827809378-912741919-3246080145-1001UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-03 08:13 - 2014-10-03 08:13 - 00073728 _____ () C:\windows\SysWOW64\afasrv64.exe 2012-05-04 01:03 - 2012-02-07 20:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2011-04-26 14:23 - 2011-04-26 14:23 - 00223088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe 2011-04-26 14:22 - 2011-04-26 14:22 - 00681840 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe 2012-05-04 02:24 - 2009-12-01 01:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2012-05-04 01:16 - 2012-02-13 00:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe 2014-10-03 08:13 - 2014-10-03 08:13 - 07374336 _____ () C:\Program Files (x86)\USIM Editor\iconcs307181.exe 2014-10-14 07:00 - 2014-10-14 07:00 - 00008192 _____ () C:\Users\Owner\AppData\Local\Obrona Block Ads\ProxyResetOnKill.exe 2012-02-14 20:22 - 2012-01-05 03:24 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-06-16 21:40 - 2011-06-16 21:40 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll 2011-06-16 21:39 - 2011-06-16 21:39 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll 2011-06-16 21:41 - 2011-06-16 21:41 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll 2011-06-16 21:40 - 2011-06-16 21:40 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll 2011-06-16 21:40 - 2011-06-16 21:40 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll 2012-05-04 01:25 - 2012-02-07 20:00 - 00755280 _____ () C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll 2012-05-04 01:16 - 2006-08-11 21:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll 2012-05-04 01:16 - 2011-02-16 10:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll 2015-01-15 17:40 - 2015-01-08 18:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll 2015-01-15 17:40 - 2015-01-08 18:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll 2014-10-08 07:03 - 2014-10-08 07:03 - 00879104 _____ () C:\Users\Owner\AppData\Local\Obrona Block Ads\platforms\qwindows.dll 2014-10-08 07:01 - 2014-10-08 07:01 - 00021504 _____ () C:\Users\Owner\AppData\Local\Obrona Block Ads\imageformats\qgif.dll 2012-09-21 20:32 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll 2012-09-21 20:32 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll 2012-05-04 01:24 - 2011-09-08 04:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll 2009-11-01 23:20 - 2009-11-01 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-01 23:23 - 2009-11-01 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2012-05-04 01:03 - 2012-02-07 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-01-15 17:40 - 2015-01-08 18:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll 2015-01-15 17:40 - 2015-01-08 18:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll 2015-01-15 17:40 - 2015-01-08 18:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\windows\System32:9F798C5A_Bb.gbp ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1827809378-912741919-3246080145-500 - Administrator - Disabled) Guest (S-1-5-21-1827809378-912741919-3246080145-501 - Limited - Disabled) Owner (S-1-5-21-1827809378-912741919-3246080145-1001 - Administrator - Enabled) => C:\Users\Owner UpdatusUser (S-1-5-21-1827809378-912741919-3246080145-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/24/2015 02:17:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/23/2015 10:05:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 80166137 Error: (01/23/2015 10:05:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 80166137 Error: (01/23/2015 10:05:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/23/2015 10:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 80165123 Error: (01/23/2015 10:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 80165123 Error: (01/23/2015 10:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/22/2015 11:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1045 Error: (01/22/2015 11:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1045 Error: (01/22/2015 11:48:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (01/24/2015 02:17:10 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000024 (0x00000000001904fb, 0xfffff8800b677248, 0xfffff8800b676aa0, 0xfffff80003072190)C:\windows\MEMORY.DMP012415-27970-01 Error: (01/24/2015 02:17:09 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 2:14:16 AM on 1/24/2015 was unexpected. Error: (01/19/2015 06:05:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The NVIDIA Update Service Daemon service hung on starting. Error: (01/19/2015 05:59:14 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (01/05/2015 00:34:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (12/27/2014 02:15:20 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (12/27/2014 02:15:20 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (12/27/2014 02:15:20 PM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{205A111B-88FA-4A80-93DD-185C11613E66} because another computer on the network has the same name. The server could not start. Error: (12/27/2014 02:14:51 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (12/27/2014 02:14:51 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 41% Total physical RAM: 5923.54 MB Available physical RAM: 3483.62 MB Total Pagefile: 11845.26 MB Available Pagefile: 8867.31 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:675.14 GB) (Free:575.66 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 10A444CC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=675.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=23.4 GB) - (Type=27) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top