Solved Malwarebytes is continously blocking incomming and outgoing IPs

[wildchildpt]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Microsoft Windows XP x86
Ran by c.oliveira on 23/02/2015 at 13:02:01.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/02/2015 at 13:05:55.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[wildchildpt]

Can I just ask a question (it may sound stupid, but I am a novice to these problems)
in the log files for Farbar Recovery Scan Tools, it says that the items listed will be removed or restored to original values.... I noticed some legitimate programmes that I have running on my system, have these been modified and will any of them stop working because of these scans?

FRST Log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by c.oliveira (administrator) on WST-CO on 23-02-2015 13:07:22
Running from C:\Documents and Settings\c.oliveira\Desktop
Loaded Profiles: c.oliveira (Available profiles: XTR & c.oliveira & supportbpcc)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(South River Technologies, Inc.) C:\Program Files\WebDrive\wdService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\MEO Internet Movel-ZTE\CheckNDISPort_df.exe
() C:\Program Files\MEO Internet Movel-ZTE\CancelAutoPlay_df.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(South River Technologies, Inc.) C:\Program Files\WebDrive\webdrive.exe
(BitTorrent Inc.) C:\Documents and Settings\c.oliveira\Application Data\BitTorrent\BitTorrent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\Snagit32.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Dropbox, Inc.) C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\Dropbox.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\TscHelp.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\SnagPriv.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\SnagitEditor.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ZabKat) C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Synchronization Manager] => C:\WINDOWS\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CheckNDISPortF1ac59] => C:\Program Files\MEO Internet Movel-ZTE\CheckNDISPort_df.exe [468224 2014-07-10] ()
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\MEO Internet Movel-ZTE\CancelAutoPlay_df.exe [448256 2014-05-16] ()
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\...\Run: [WebDriveTray] => C:\Program Files\WebDrive\webdrive.exe [3636952 2014-07-08] (South River Technologies, Inc.)
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\...\Run: [BitTorrent] => C:\Documents and Settings\c.oliveira\Application Data\BitTorrent\BitTorrent.exe [1680984 2015-01-19] (BitTorrent Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\c.oliveira\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [WebDrive] -> {37D70BD3-073C-4180-ADD9-C032EA5A7204} => C:\WINDOWS\system32\wdShellExt.dll (South River Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1421340783271
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1421341692722
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.11

FireFox:
========
FF ProfilePath: C:\Documents and Settings\c.oliveira\Application Data\Mozilla\Firefox\Profiles\jjkug5kj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-15]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2015-02-05]
FF HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [2850520 2013-12-30] (South River Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-01] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-01] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-01] (HP)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-23] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl03d3f541; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A363708A-7675-4D53-B5AD-06B9A24D2C63}\MpKsl03d3f541.sys [39464 2015-02-23] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2015-02-09] ()
R2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [150232 2013-12-30] ()
S3 catchme; \??\C:\DOCUME~1\C3937~1.OLI\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 13:07 - 2015-02-23 13:07 - 00014654 _____ () C:\Documents and Settings\c.oliveira\Desktop\FRST.txt
2015-02-23 13:07 - 2015-02-23 13:07 - 00000000 ____D () C:\FRST
2015-02-23 13:05 - 2015-02-23 13:05 - 00000586 _____ () C:\Documents and Settings\c.oliveira\Desktop\JRT.txt
2015-02-23 12:40 - 2015-02-23 12:45 - 00000000 ____D () C:\AdwCleaner
2015-02-23 12:39 - 2015-02-23 12:39 - 01126912 _____ (Farbar) C:\Documents and Settings\c.oliveira\Desktop\FRST.exe
2015-02-23 12:24 - 2015-02-23 12:24 - 02126848 _____ () C:\Documents and Settings\c.oliveira\Desktop\adwcleaner_4.111.exe
2015-02-23 12:24 - 2015-02-23 12:24 - 01388274 _____ (Thisisu) C:\Documents and Settings\c.oliveira\Desktop\JRT.exe
2015-02-20 13:17 - 2015-02-20 16:04 - 00000000 ____D () C:\59240e6160ad0ed03c2a
2015-02-20 12:35 - 2015-02-20 12:32 - 00068000 ____H () C:\WINDOWS\Minidump\Mini022015-01.dmp
2015-02-19 15:21 - 2015-02-22 17:21 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-02-19 15:21 - 2015-02-19 15:21 - 00000000 ____D () C:\Documents and Settings\XTR\Local Settings\temp
2015-02-19 15:21 - 2015-02-19 15:21 - 00000000 ____D () C:\Documents and Settings\supportbpcc\Local Settings\temp
2015-02-19 15:21 - 2015-02-19 15:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-02-19 15:20 - 2015-02-19 15:20 - 00019089 _____ () C:\ComboFix.txt
2015-02-19 15:15 - 2015-02-19 15:15 - 00000000 _RSHD () C:\cmdcons
2015-02-19 15:15 - 2015-01-21 10:42 - 00000211 _____ () C:\Boot.bak
2015-02-19 15:15 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-02-19 14:40 - 2015-02-19 15:21 - 00000000 ____D () C:\ComboFix
2015-02-19 14:40 - 2015-02-19 15:20 - 00000000 ____D () C:\Qoobox
2015-02-19 14:40 - 2015-02-19 14:40 - 00000000 ____D () C:\WINDOWS\erdnt
2015-02-19 14:40 - 2011-06-26 06:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-02-19 14:40 - 2010-11-07 17:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-02-19 14:40 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-02-13 15:59 - 2015-02-13 15:57 - 00068000 ____H () C:\WINDOWS\Minidump\Mini021315-01.dmp
2015-02-13 12:23 - 2015-02-13 12:23 - 00000209 _____ () C:\Documents and Settings\c.oliveira\Desktop\RestorePoint.vbs
2015-02-13 10:01 - 2015-02-13 10:01 - 00000000 ____D () C:\Program Files\MSSOAP
2015-02-13 10:01 - 2015-02-13 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SOAP Toolkit Version 3
2015-02-13 09:49 - 2015-02-13 09:50 - 00000000 ____D () C:\Program Files\Chilkat Software Inc
2015-02-10 11:41 - 2015-02-10 12:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-02-09 15:28 - 2015-02-09 15:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini020915-03.dmp
2015-02-09 15:17 - 2015-02-09 15:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini020915-02.dmp
2015-02-09 15:04 - 2015-02-09 15:04 - 00094208 _____ () C:\WINDOWS\Minidump\Mini020915-01.dmp
2015-02-09 15:02 - 2015-02-10 12:04 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Desktop\mbar
2015-02-09 11:04 - 2001-08-17 13:53 - 00006784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\serscan.sys
2015-02-09 11:04 - 2001-08-17 13:53 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serscan.sys
2015-02-09 09:57 - 2015-02-09 09:57 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-09 09:57 - 2015-02-09 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-02-09 09:54 - 2015-02-09 09:55 - 15431256 _____ () C:\Documents and Settings\c.oliveira\Desktop\RogueKiller.exe
2015-02-06 09:49 - 2015-02-06 09:49 - 00007192 _____ () C:\WINDOWS\Wdf01009Inst.log
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0100$
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2015-02-06 09:49 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWudf01009$
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_user_01_09_00.Wdf
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\pt-PT
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\pt-BR
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\nl-NL
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\it-IT
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\fr-FR
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-02-05 14:05 - 2015-02-05 14:05 - 00001018 _____ () C:\Documents and Settings\All Users\Start Menu\HP Solution Center.lnk
2015-02-05 14:05 - 2015-02-05 14:05 - 00001018 _____ () C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
2015-02-05 14:05 - 2015-02-05 14:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2015-02-05 14:03 - 2015-02-05 14:03 - 00000731 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-02-05 14:01 - 2015-02-05 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-02-05 14:00 - 2015-02-05 14:00 - 00000000 ____D () C:\WINDOWS\hpojp8500a909
2015-02-05 13:59 - 2008-08-12 10:58 - 00118272 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpf3l082.dll
2015-02-05 13:57 - 2015-02-05 13:57 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-05 13:57 - 2015-02-05 13:57 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-02-05 13:57 - 2008-08-22 04:24 - 00271704 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpzids01.dll
2015-02-05 13:56 - 2015-02-09 11:15 - 00188690 _____ () C:\WINDOWS\hpwins22.dat
2015-02-05 13:56 - 2008-10-25 01:40 - 00002979 ____N () C:\WINDOWS\hpwmdl22.dat
2015-02-05 12:59 - 2015-02-05 12:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2015-02-05 12:04 - 2015-01-20 16:03 - 00233065 ____N () C:\WINDOWS\hpwins22.dat.temp
2015-02-05 12:04 - 2008-10-25 01:40 - 00002979 ____N () C:\WINDOWS\hpwmdl22.dat.temp
2015-02-04 09:49 - 2015-02-04 09:49 - 00688992 ____R (Swearware) C:\Documents and Settings\c.oliveira\Desktop\dds.com
2015-02-03 10:26 - 2015-02-03 10:26 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\Microsoft Help
2015-02-02 12:27 - 2015-02-23 12:49 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 11:59 - 2015-02-10 11:39 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-02 11:59 - 2015-02-02 11:59 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 11:59 - 2015-02-02 11:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-02 11:59 - 2015-02-02 11:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 11:59 - 2015-02-02 11:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-02-02 11:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\Google
2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\Google
2015-02-02 11:36 - 2015-02-02 11:36 - 00001864 _____ () C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
2015-02-02 11:36 - 2015-02-02 11:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth Pro
2015-02-02 11:35 - 2015-02-02 11:35 - 00000000 ____D () C:\Program Files\Google
2015-02-02 09:16 - 2015-02-02 09:16 - 00000330 _____ () C:\Documents and Settings\c.oliveira\Desktop\HP Printer Diagnostic Tools.url
2015-01-30 15:54 - 2015-01-30 15:54 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-30 13:20 - 2015-01-30 13:20 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\PDFCreator
2015-01-30 12:35 - 2015-01-30 12:35 - 00001557 _____ () C:\Documents and Settings\All Users\Desktop\MEO Internet Móvel.lnk
2015-01-30 12:35 - 2015-01-30 12:35 - 00000000 ____D () C:\WINDOWS\system32\SupportAppPBMEO Internet Movel-ZTE
2015-01-30 12:35 - 2015-01-30 12:35 - 00000000 ____D () C:\Program Files\MEO Internet Movel-ZTE
2015-01-30 12:35 - 2015-01-30 12:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MEO Internet Móvel
2015-01-30 11:55 - 2015-01-30 11:55 - 00000925 _____ () C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
2015-01-30 11:55 - 2015-01-30 11:55 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-30 11:55 - 2015-01-30 11:55 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\VS Revo Group
2015-01-30 11:55 - 2015-01-30 11:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2015-01-30 11:55 - 2015-01-30 11:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VS Revo Group
2015-01-30 11:55 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-01-28 11:02 - 2015-01-28 11:02 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2015-01-28 11:02 - 2008-04-14 00:26 - 00030592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rndismpx.sys
2015-01-28 11:02 - 2008-04-14 00:26 - 00030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismpx.sys
2015-01-27 12:14 - 2015-01-27 12:14 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\Windows Search
2015-01-27 11:03 - 2015-01-27 11:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-27 10:39 - 2015-02-02 11:33 - 00004608 _____ () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-26 16:25 - 2015-01-22 11:38 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Desktop\SOURCES

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 13:07 - 2015-01-16 15:57 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Temp
2015-02-23 13:05 - 2015-01-19 13:52 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\BitTorrent
2015-02-23 13:05 - 2015-01-15 23:08 - 01926985 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-23 12:57 - 2015-01-16 16:40 - 00000000 ___RD () C:\Dropbox
2015-02-23 12:57 - 2015-01-15 18:07 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-02-23 12:56 - 2015-01-16 16:37 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\Dropbox
2015-02-23 12:47 - 2015-01-16 15:52 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-02-23 12:47 - 2015-01-15 23:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-23 12:47 - 2015-01-15 15:01 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-23 12:47 - 2015-01-15 15:01 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-23 12:47 - 2008-04-14 12:00 - 00012984 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-23 12:46 - 2015-01-20 14:01 - 02527550 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1333942904-1058549214-2093110682-1165-0.dat
2015-02-23 12:46 - 2015-01-20 14:01 - 00279846 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-23 12:46 - 2015-01-19 10:38 - 00000832 __RSH () C:\Documents and Settings\c.oliveira\ntuser.pol
2015-02-23 12:46 - 2015-01-16 15:58 - 00000178 ___SH () C:\Documents and Settings\c.oliveira\ntuser.ini
2015-02-23 12:46 - 2015-01-15 23:14 - 00018326 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-23 12:34 - 2015-01-15 23:38 - 00000000 ____D () C:\Outlook
2015-02-23 11:03 - 2015-01-22 14:29 - 00000000 ____D () C:\PHC16
2015-02-22 23:39 - 2015-01-15 14:53 - 00000000 ____D () C:\WINDOWS\security
2015-02-20 17:11 - 2015-01-16 15:57 - 00000000 ____D () C:\Documents and Settings\c.oliveira
2015-02-20 13:37 - 2015-01-15 17:12 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-20 13:24 - 2015-01-15 14:59 - 00615068 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-20 12:35 - 2015-01-22 14:16 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-19 15:33 - 2015-01-23 09:01 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-19 15:33 - 2015-01-23 09:01 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-19 15:19 - 2008-04-14 12:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-02-19 15:15 - 2015-01-15 14:57 - 00000327 __RSH () C:\boot.ini
2015-02-12 16:47 - 2015-01-15 14:59 - 00580970 _____ () C:\WINDOWS\setupapi.log
2015-02-12 16:46 - 2015-01-15 14:53 - 00000000 ____D () C:\WINDOWS\twain_32
2015-02-12 09:50 - 2015-01-16 16:40 - 00001039 _____ () C:\Documents and Settings\c.oliveira\Desktop\Dropbox.lnk
2015-02-12 09:50 - 2015-01-16 16:38 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Start Menu\Programs\Dropbox
2015-02-10 17:07 - 2015-01-15 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-02-09 11:15 - 2015-01-16 17:17 - 00021930 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-02-06 09:49 - 2015-01-15 14:59 - 01100112 _____ () C:\WINDOWS\iis6.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00982250 _____ () C:\WINDOWS\FaxSetup.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00478864 _____ () C:\WINDOWS\ocgen.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00453752 _____ () C:\WINDOWS\tsoc.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00338250 _____ () C:\WINDOWS\comsetup.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00307352 _____ () C:\WINDOWS\msmqinst.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00203234 _____ () C:\WINDOWS\ntdtcsetup.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00172821 _____ () C:\WINDOWS\netfxocm.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00068223 _____ () C:\WINDOWS\MedCtrOC.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00054579 _____ () C:\WINDOWS\ocmsn.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00050121 _____ () C:\WINDOWS\tabletoc.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00049384 _____ () C:\WINDOWS\msgsocm.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00001355 _____ () C:\WINDOWS\imsins.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2015-02-06 09:49 - 2015-01-15 14:58 - 00194537 _____ () C:\WINDOWS\setupact.log
2015-02-05 14:06 - 2008-04-14 12:00 - 00000617 _____ () C:\WINDOWS\win.ini
2015-02-05 14:05 - 2015-01-16 17:21 - 00000000 ____D () C:\Program Files\HP
2015-02-05 14:05 - 2015-01-16 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP
2015-02-05 13:52 - 2015-01-16 16:43 - 00000320 _____ () C:\Documents and Settings\c.oliveira\Desktop\my documents on 'srvmainRedirectedFoldersC.Oliveira' (U).lnk
2015-02-05 11:30 - 2015-01-16 16:08 - 00080048 _____ () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-05 11:29 - 2015-01-15 14:58 - 00290088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-28 11:41 - 2015-01-16 16:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-28 09:57 - 2015-01-21 10:44 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\TeamViewer

==================== Files in the root of some directories =======

2015-01-16 17:29 - 2015-01-20 16:03 - 0001109 _____ () C:\Documents and Settings\c.oliveira\Application Data\ConvAPIPlugin.log
2015-01-27 10:39 - 2015-02-02 11:33 - 0004608 _____ () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Documents and Settings\c.oliveira\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfe7sha.dll
C:\Documents and Settings\c.oliveira\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\c.oliveira\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

[wildchildpt]

Additional log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015
Ran by c.oliveira at 2015-02-23 13:07:56
Running from C:\Documents and Settings\c.oliveira\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
8500A909_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909a (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
BitTorrent (HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\...\BitTorrent) (Version: 7.9.2.37954 - BitTorrent Inc.)
BPD_DSWizards (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Chilkat Crypt ActiveX (HKLM\...\{E796DF56-2808-424E-8E73-833C046B8BB0}) (Version: 4.4.8 - Chilkat Software Inc)
Chilkat HTTP ActiveX (HKLM\...\{EE0523D7-7268-4587-A4EF-8682B41D2ABC}) (Version: 9.4.0 - Chilkat Software Inc)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DocMgr (Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Google Earth Pro (HKLM\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden
MEO Internet Móvel (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: - ZTE Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MPM (HKLM\...\{CD8C5C7F-7C58-4F85-8977-A6C08C087912}) (Version: 1.00.0000 - Hewlett-Packard)
Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
Officejet Pro 8500 A909 Series (HKLM\...\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}) (Version: 12.0 - HP)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
PHC 16 (HKLM\...\{B736218D-E1AD-443F-8071-3057140EB351}_is1) (Version: 16 - PHC)
PHC Controls for CS (HKLM\...\{E84B815A-8841-439D-B97E-14EBBE2F4E12}) (Version: 16.1 - PHC)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5605 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Snagit 11 (HKLM\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebDrive (HKLM\...\{F08E87FD-F62B-4BAC-A2D6-A94755653F30}) (Version: 11.00.2835 - South River Technologies)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{3032BC7D-E713-452D-AAF7-F5ED073226C8}) (Version: 6.1.7900.1 - Microsoft Corporation)
xplorer² professional 32 bit (HKLM\...\xplorer2p) (Version: 2.2.0.1 - Zabkat)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{293600C7-E7B6-4f06-9329-D8522A33C7E8}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1333942904-1058549214-2093110682-1165_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

15-01-2015 23:20:41 System Checkpoint
15-01-2015 23:36:38 Installed Microsoft Office Enterprise 2007
15-01-2015 23:46:01 Printer Driver Send To Microsoft OneNote Driver Installed
15-01-2015 23:46:25 Printer Driver Microsoft Office Document Image Writer Installed
16-01-2015 00:41:09 Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
16-01-2015 00:43:20 Installed Realtek High Definition Audio Driver
15-01-2015 16:57:25 Software Distribution Service 3.0
15-01-2015 17:00:04 Installed Windows Internet Explorer 8.
15-01-2015 17:00:32 Software Distribution Service 3.0
15-01-2015 17:14:17 Printer Driver PDFCreator Installed
15-01-2015 17:18:28 Software Distribution Service 3.0
15-01-2015 17:35:31 Software Distribution Service 3.0
16-01-2015 10:11:32 Software Distribution Service 3.0
16-01-2015 13:03:10 Software Distribution Service 3.0
16-01-2015 15:50:21 Software Distribution Service 3.0
16-01-2015 17:28:44 Printer Driver HP Officejet Pro 8500 A909a Series fax Installed
17-01-2015 16:11:44 Software Distribution Service 3.0
18-01-2015 01:42:50 Software Distribution Service 3.0
18-01-2015 16:11:24 Software Distribution Service 3.0
19-01-2015 11:08:31 Installed WebDrive.
19-01-2015 13:45:37 Installed Snagit 11
19-01-2015 15:33:50 Instalado Microsoft Office Proof (Portuguese (Portugal)) 2007
19-01-2015 16:49:35 Software Distribution Service 3.0
20-01-2015 13:31:34 Removed MPM
20-01-2015 16:03:07 Printer Driver HP Officejet Pro 8500 A909a Series fax Installed
21-01-2015 10:01:09 Installed Windows XP KB915800-v4.
21-01-2015 10:01:37 Installed Windows XP Windows Search 4.0.
21-01-2015 10:50:25 Software Distribution Service 3.0
22-01-2015 10:50:19 Software Distribution Service 3.0
22-01-2015 11:50:14 Removed PHC Controls for CS
22-01-2015 12:16:53 Removed PHC Controls for CS
23-01-2015 13:55:13 System Checkpoint
23-01-2015 14:52:22 Software Distribution Service 3.0
24-01-2015 14:52:13 Software Distribution Service 3.0
25-01-2015 01:42:54 Software Distribution Service 3.0
25-01-2015 14:52:17 Software Distribution Service 3.0
26-01-2015 14:52:07 Software Distribution Service 3.0
27-01-2015 16:35:09 Software Distribution Service 3.0
28-01-2015 17:26:05 System Checkpoint
29-01-2015 11:52:06 Software Distribution Service 3.0
30-01-2015 11:52:33 Software Distribution Service 3.0
30-01-2015 11:58:49 Revo Uninstaller Pro's restore point - MEO Internet Móvel
31-01-2015 11:52:41 Software Distribution Service 3.0
01-02-2015 01:55:49 Software Distribution Service 3.0
01-02-2015 11:52:11 Software Distribution Service 3.0
02-02-2015 11:35:57 Installed Google Earth Pro.
03-02-2015 09:38:35 Software Distribution Service 3.0
04-02-2015 10:27:36 Revo Uninstaller Pro's restore point - PDF Password Remover
04-02-2015 10:29:53 Revo Uninstaller Pro's restore point - Bing Bar
04-02-2015 10:32:45 Revo Uninstaller Pro's restore point - Shop for HP Supplies
04-02-2015 10:35:17 Revo Uninstaller Pro's restore point - HP Customer Participation Program 14.0
04-02-2015 10:37:25 Revo Uninstaller Pro's restore point - HP Solution Center 14.0
05-02-2015 11:27:39 Revo Uninstaller Pro's restore point - HP Solution Center 14.0
05-02-2015 11:41:34 Software Distribution Service 3.0
05-02-2015 12:07:39 Revo Uninstaller Pro's restore point - HP Document Manager 2.0
05-02-2015 12:12:14 Revo Uninstaller Pro's restore point - HP Smart Web Printing 4.60
05-02-2015 12:19:11 Revo Uninstaller Pro's restore point - HP Imaging Device Functions 14.0
05-02-2015 12:34:47 Revo Uninstaller Pro's restore point - HP Update
05-02-2015 12:35:15 Removed HP Update.
05-02-2015 12:38:30 Revo Uninstaller Pro's restore point - HP Officejet Pro 8500 A909 Series
05-02-2015 12:48:26 Removed MPM
05-02-2015 14:06:12 Printer Driver HP Officejet Pro 8500 A909a Series fax Installed
06-02-2015 09:48:41 Installed Windows XP Wudf01009.
06-02-2015 09:49:17 Installed Windows XP winusb0100.
06-02-2015 09:49:27 Installed Windows XP Wdf01009.
06-02-2015 15:57:23 Software Distribution Service 3.0
07-02-2015 16:14:12 System Checkpoint
07-02-2015 17:21:09 Software Distribution Service 3.0
08-02-2015 01:32:44 Software Distribution Service 3.0
08-02-2015 17:21:11 Software Distribution Service 3.0
10-02-2015 09:09:36 System Checkpoint
10-02-2015 12:20:09 Software Distribution Service 3.0
11-02-2015 12:19:14 Software Distribution Service 3.0
12-02-2015 14:51:13 System Checkpoint
12-02-2015 17:30:53 Software Distribution Service 3.0
13-02-2015 09:49:39 Installed Chilkat HTTP ActiveX
13-02-2015 09:50:04 Installed Chilkat Crypt ActiveX
13-02-2015 10:01:24 Installed Microsoft SOAP Toolkit 3.0
14-02-2015 16:10:43 Software Distribution Service 3.0
15-02-2015 01:52:04 Software Distribution Service 3.0
15-02-2015 16:11:03 Software Distribution Service 3.0
16-02-2015 10:17:27 priortoComboFix
16-02-2015 16:10:35 Software Distribution Service 3.0
17-02-2015 16:10:50 Software Distribution Service 3.0
18-02-2015 16:10:20 Software Distribution Service 3.0
19-02-2015 14:21:59 precombofix
20-02-2015 12:46:50 Software Distribution Service 3.0
20-02-2015 17:14:46 Revo Uninstaller Pro's restore point - ComboFix
21-02-2015 17:21:43 Software Distribution Service 3.0
22-02-2015 02:08:11 Software Distribution Service 3.0
22-02-2015 17:21:30 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 12:00 - 2015-02-19 15:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-30 12:35 - 2014-07-10 15:35 - 00468224 _____ () C:\Program Files\MEO Internet Movel-ZTE\CheckNDISPort_df.exe
2015-01-30 12:35 - 2014-05-16 11:37 - 00448256 _____ () C:\Program Files\MEO Internet Movel-ZTE\CancelAutoPlay_df.exe
2013-05-29 16:12 - 2013-05-29 16:12 - 00095232 _____ () C:\Program Files\TechSmith\Snagit 11\VideoRecording.dll
2013-05-29 16:11 - 2013-05-29 16:11 - 00089088 _____ () C:\Program Files\TechSmith\Snagit 11\SDKRecorder.dll
2013-05-29 16:05 - 2013-05-29 16:05 - 04710400 ____R () C:\Program Files\TechSmith\Snagit 11\PDFNetC.dll
2015-02-10 21:00 - 2015-02-10 21:00 - 00750080 _____ () C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\libGLESv2.dll
2015-02-23 12:56 - 2015-02-23 12:56 - 00043008 _____ () c:\Documents and Settings\c.oliveira\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfe7sha.dll
2015-02-10 21:00 - 2015-02-10 21:00 - 00047616 _____ () C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\libEGL.dll
2015-02-10 21:00 - 2015-02-10 21:00 - 00865280 _____ () C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 21:00 - 2015-02-10 21:00 - 00200704 _____ () C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.11

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1275210071-1364589140-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1275210071-1364589140-682003330-1005 - Limited - Enabled)
c.laptop (S-1-5-21-1275210071-1364589140-682003330-1007 - Limited - Enabled)
Guest (S-1-5-21-1275210071-1364589140-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1275210071-1364589140-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1275210071-1364589140-682003330-1002 - Limited - Disabled)
XTR (S-1-5-21-1275210071-1364589140-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\XTR

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2015 01:01:02 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/23/2015 00:48:52 PM) (Source: Userenv) (EventID: 1085) (User: NT AUTHORITY)
Description: The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.

Error: (02/23/2015 00:48:52 PM) (Source: Folder Redirection) (EventID: 107) (User: BPCC)
Description: Failed to perform redirection of folder My Documents.
The folder is configured to be redirected from <u:\> to <\\SRVMAIN\RedirectedFolders\c.oliveira\My Documents>.
The following error occurred:
%%267

Error: (02/23/2015 11:33:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6691.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/23/2015 11:31:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application PHCCORPORATE.EXE, version 16.10.251.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/20/2015 05:11:39 PM) (Source: Userenv) (EventID: 1085) (User: NT AUTHORITY)
Description: The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.

Error: (02/20/2015 05:11:39 PM) (Source: Folder Redirection) (EventID: 107) (User: BPCC)
Description: Failed to perform redirection of folder My Documents.
The folder is configured to be redirected from <u:\> to <\\SRVMAIN\RedirectedFolders\c.oliveira\My Documents>.
The following error occurred:
%%267

Error: (02/20/2015 01:15:30 PM) (Source: Userenv) (EventID: 1085) (User: NT AUTHORITY)
Description: The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.

Error: (02/20/2015 01:15:30 PM) (Source: Folder Redirection) (EventID: 107) (User: BPCC)
Description: Failed to perform redirection of folder My Documents.
The folder is configured to be redirected from <u:\> to <\\SRVMAIN\RedirectedFolders\c.oliveira\My Documents>.
The following error occurred:
%%267

Error: (02/20/2015 00:36:45 PM) (Source: Userenv) (EventID: 1085) (User: NT AUTHORITY)
Description: The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension.


System errors:
=============
Error: (02/22/2015 00:10:17 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (02/20/2015 00:37:25 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 000000ea, parameter1 89a51ba0, parameter2 8a507e68, parameter3 8a5c1518, parameter4 00000001.

Error: (02/20/2015 00:32:59 PM) (Source: 0) (EventID: 108) (User: )
Description: \Device\Video0displayati2dvag

Error: (02/20/2015 00:10:16 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (02/18/2015 00:10:16 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (02/16/2015 00:10:15 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (02/14/2015 00:10:15 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (02/13/2015 04:02:19 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 000000ea, parameter1 88b28428, parameter2 8a1831c8, parameter3 8a4c5310, parameter4 00000001.

Error: (02/13/2015 03:57:31 PM) (Source: 0) (EventID: 108) (User: )
Description: \Device\Video0displayati2dvag

Error: (02/12/2015 04:39:38 PM) (Source: Print) (EventID: 22) (User: NT AUTHORITY)
Description: Failed to ugrade printer settings for printer \\wst-eb\HP Officejet Estela,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 5.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 34%
Total physical RAM: 3326.11 MB
Available physical RAM: 2182.87 MB
Total Pagefile: 3914.16 MB
Available Pagefile: 2824.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.94 MB

==================== Drives ================================

Drive b: () (Network) (Total:700 GB) (Free:355.4 GB)
Drive c: () (Fixed) (Total:149.04 GB) (Free:86.4 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data2) (Fixed) (Total:48.83 GB) (Free:16.76 GB) NTFS
Drive I: () (Network) (Total:700 GB) (Free:355.4 GB)
Drive j: (Data) (Fixed) (Total:184.05 GB) (Free:14.17 GB) NTFS
Drive s: () (Network) (Total:700 GB) (Free:355.4 GB)
Drive u: () (Network) (Total:700 GB) (Free:355.4 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: D499E787)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 1A77DAFE)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

[Broni]

I noticed some legitimate programmes that I have running on my system, have these been modified and will any of them stop working because of these scans?

I'd have to know which ones you have in mind.
You can open attached file in Notepad and see if there is anything there what concerns you.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[wildchildpt]

ok, is the information in the txt fle all that was actually cleaned? I was getting worried because of the very long list in the log and how each header said that "(If an entry is included in the fixlist, it will be removed or cleaned...)" from the txt file the only one that I can recognise is something to do with dropbox, but not sure that is a necessary component for dropbox to work as it is still functioning on my PC.
I will run the fix you sent just now.

 

[wildchildpt]

Sorry, I just read the rest of the post... I guess that the txt file is what will be fixed when I run FRST again with the file in the same drectory (instructions to clean). will the dropbox item in the fixlist affect the normal usage of dropbox for file sharing? that is something that I use regularly.

 

[Broni]

No. You're fine.

 

[wildchildpt]

Great, here is the log


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-02-2015
Ran by c.oliveira at 2015-02-25 09:48:35 Run:1
Running from C:\Documents and Settings\c.oliveira\Desktop
Loaded Profiles: c.oliveira (Available profiles: XTR & c.oliveira & supportbpcc)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\DOCUME~1\C3937~1.OLI\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
2015-01-16 17:29 - 2015-01-20 16:03 - 0001109 _____ () C:\Documents and Settings\c.oliveira\Application Data\ConvAPIPlugin.log
2015-01-27 10:39 - 2015-02-02 11:33 - 0004608 _____ () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\c.oliveira\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfe7sha.dll
C:\Documents and Settings\c.oliveira\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\c.oliveira\Local Settings\Temp\sqlite3.dll

*****************

"HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
catchme => Service deleted successfully.
IntelIde => Service deleted successfully.
C:\Documents and Settings\c.oliveira\Application Data\ConvAPIPlugin.log => Moved successfully.
C:\Documents and Settings\c.oliveira\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
"C:\Documents and Settings\c.oliveira\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfe7sha.dll" => File/Directory not found.
C:\Documents and Settings\c.oliveira\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\c.oliveira\Local Settings\Temp\sqlite3.dll => Moved successfully.

==== End of Fixlog 09:48:35 ====

 

[wildchildpt]

Hi,

I thought that I was clean as I had not seen any activity for quite a few days (except for some incoming, which I believe is beyond our control) but after doing all of the above and restarting my pc, Malwarebytes just blocked an outbound attempt (apprently there has been more, but during the night when there is nobody using the PC, so they all went unnoticed), there is no information except for the ip address that is trying to be reached, from what you have seen in my logs, is there any programme that may be legitimately trying to contact the outside world? I thought maybe bittorrent, but I noticed on my laptop that when it is bittorrent, it will be refferenced as bittorrent in the process field, besides, there are no torrents downloading, nor seeding at the momment. Anyway, here is the latest log from malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 25/02/2015 00:41:06, SYSTEM, WST-CO, Scheduler, Malware Database, 2015.2.24.7, 2015.2.25.1,
Protection, 25/02/2015 00:41:06, SYSTEM, WST-CO, Protection, Refresh, Starting,
Protection, 25/02/2015 00:41:06, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 25/02/2015 00:41:06, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 25/02/2015 00:41:39, SYSTEM, WST-CO, Protection, Refresh, Success,
Protection, 25/02/2015 00:41:39, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 25/02/2015 00:41:51, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 25/02/2015 02:36:54, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 212.117.179.107, 0, Outbound,
Detection, 25/02/2015 03:53:10, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 41.203.69.1, 0, Inbound,
Scan, 25/02/2015 04:14:05, SYSTEM, WST-CO, Manual, Start:25/02/2015 03:36:48, Duration:37 min 17 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Protection, 25/02/2015 04:14:05, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 25/02/2015 04:14:05, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 25/02/2015 04:14:05, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 25/02/2015 04:14:17, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 25/02/2015 04:46:04, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 46.172.212.57, 0, Inbound,
Detection, 25/02/2015 05:13:01, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 217.23.187.3, 0, Inbound,
Detection, 25/02/2015 05:36:54, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 212.117.179.107, 0, Outbound,
Update, 25/02/2015 05:39:41, SYSTEM, WST-CO, Scheduler, Malware Database, 2015.2.25.1, 2015.2.25.2,
Protection, 25/02/2015 05:39:41, SYSTEM, WST-CO, Protection, Refresh, Starting,
Protection, 25/02/2015 05:39:41, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 25/02/2015 05:39:41, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 25/02/2015 05:40:13, SYSTEM, WST-CO, Protection, Refresh, Success,
Protection, 25/02/2015 05:40:13, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 25/02/2015 05:40:27, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 25/02/2015 06:36:54, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 212.117.179.107, 0, Outbound,
Update, 25/02/2015 06:52:21, SYSTEM, WST-CO, Scheduler, Malware Database, 2015.2.25.2, 2015.2.25.3,
Protection, 25/02/2015 06:52:21, SYSTEM, WST-CO, Protection, Refresh, Starting,
Protection, 25/02/2015 06:52:21, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 25/02/2015 06:52:22, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 25/02/2015 06:52:55, SYSTEM, WST-CO, Protection, Refresh, Success,
Protection, 25/02/2015 06:52:55, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 25/02/2015 06:53:09, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 25/02/2015 06:56:45, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 217.23.187.200, 0, Inbound,
Detection, 25/02/2015 07:00:38, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 41.35.4.38, 0, Inbound,
Detection, 25/02/2015 07:15:02, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 213.55.114.116, 0, Inbound,
Detection, 25/02/2015 07:18:53, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 85.234.190.122, 0, Inbound,
Detection, 25/02/2015 09:31:00, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 41.203.69.1, 0, Inbound,
Detection, 25/02/2015 09:40:11, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 217.23.187.22, 0, Inbound,
Protection, 25/02/2015 09:53:57, SYSTEM, WST-CO, Protection, Malware Protection, Starting,
Protection, 25/02/2015 09:53:58, SYSTEM, WST-CO, Protection, Malware Protection, Started,
Protection, 25/02/2015 09:53:58, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 25/02/2015 09:54:07, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 25/02/2015 10:04:50, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 46.243.8.139, 0, Outbound,
Detection, 25/02/2015 10:09:26, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 41.35.122.127, 0, Inbound,
Detection, 25/02/2015 10:44:49, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 41.203.69.1, 0, Inbound,
Detection, 25/02/2015 10:57:25, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 93.171.172.25, 0, Outbound,

(end)

 

[Broni]

Let's finish cleaning process and see what happens.

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[wildchildpt]

Here is teh first log
Results of screen317's Security Check version 0.99.97
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Please wait while WMIC is being installed.d
I
s
p
l
a
y
N
a
m
e
ECHO is off.
M
I
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
I
t
y
ECHO is off.
E
s
e
n
t
I
a
l
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.287
Adobe Reader XI
Mozilla Firefox (36.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 42% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[wildchildpt]

FYI, the firewall is disabled on local pcs because we are on a network and have the firewall installed and running at the server, it was configured this way by our it tecnicians and we cannot activate the firewall locally.

 

[wildchildpt]

Second log
Farbar Service Scanner Version: 17-01-2015
Ran by c.oliveira (administrator) on 26-02-2015 at 11:26:01
Running from "C:\Documents and Settings\c.oliveira\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x080000000600000001000000020000000300000004000000050000000700000008000000
IpSec Tag value is correct.

**** End of log ****

 

[wildchildpt]

TFC has finished running, not sure if it is supposed to generate a log file, but I did not see one, and not sure where to look....
Moving on to Sophos

 

[wildchildpt]

Final Log

2015-02-26 12:36:30.057 Sophos Virus Removal Tool version 2.5.4
2015-02-26 12:36:30.057 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-02-26 12:36:30.057 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-02-26 12:36:30.057 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2015-02-26 12:36:30.057 Checking for updates...
2015-02-26 12:36:30.479 Update progress: proxy server not available
2015-02-26 12:36:41.368 Option all = no
2015-02-26 12:36:41.368 Option recurse = yes
2015-02-26 12:36:41.368 Option archive = no
2015-02-26 12:36:41.368 Option service = yes
2015-02-26 12:36:41.368 Option confirm = yes
2015-02-26 12:36:41.368 Option sxl = yes
2015-02-26 12:36:41.368 Option max-data-age = 35
2015-02-26 12:36:41.368 Option EnableSafeClean = yes
2015-02-26 12:36:42.837 Option vdl-logging = yes
2015-02-26 12:36:42.837 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-26 12:36:42.837 Machine ID: 423edec7be5b4ac4904d5ecc9468fc3f
2015-02-26 12:36:42.837 Component SVRTcli.exe version 2.5.4
2015-02-26 12:36:42.837 Component control.dll version 2.5.4
2015-02-26 12:36:42.837 Component SVRTservice.exe version 2.5.4
2015-02-26 12:36:42.837 Component engine\osdp.dll version 1.44.1.2183
2015-02-26 12:36:42.853 Component engine\veex.dll version 3.58.3.2183
2015-02-26 12:36:42.853 Component engine\savi.dll version 8.1.5.2183
2015-02-26 12:36:42.853 Component rkdisk.dll version 1.5.30.0
2015-02-26 12:36:42.853 Version info: Product version 2.5.4
2015-02-26 12:36:42.853 Version info: Detection engine 3.58.3
2015-02-26 12:36:42.853 Version info: Detection data 5.11
2015-02-26 12:36:42.853 Version info: Build date 2/3/2015
2015-02-26 12:36:42.853 Version info: Data files added 303
2015-02-26 12:36:42.853 Version info: Last successful update (not yet updated)
2015-02-26 12:37:08.273 Downloading updates...
2015-02-26 12:37:08.273 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-02-26 12:37:08.273 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-02-26 12:37:08.273 Update progress: [I49502] Found supplement IDE512 LATEST
2015-02-26 12:37:08.273 Update progress: [I49502] Found supplement IDE513 LATEST
2015-02-26 12:37:08.273 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-26 12:37:08.273 Update progress: [I19463] Syncing product SAVIW32 51
2015-02-26 12:37:17.428 Update progress: [I19463] Syncing product IDE512 166
2015-02-26 12:37:18.131 Update progress: [I19463] Syncing product IDE513 142
2015-02-26 12:37:19.537 Installing updates...
2015-02-26 12:37:20.569 Error level 1
2015-02-26 12:37:40.286 Update successful
2015-02-26 12:37:51.629 Option all = no
2015-02-26 12:37:51.629 Option recurse = yes
2015-02-26 12:37:51.629 Option archive = no
2015-02-26 12:37:51.629 Option service = yes
2015-02-26 12:37:51.629 Option confirm = yes
2015-02-26 12:37:51.629 Option sxl = yes
2015-02-26 12:37:51.629 Option max-data-age = 35
2015-02-26 12:37:51.629 Option EnableSafeClean = yes
2015-02-26 12:37:51.722 Option vdl-logging = yes
2015-02-26 12:37:51.738 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-26 12:37:51.738 Machine ID: 423edec7be5b4ac4904d5ecc9468fc3f
2015-02-26 12:37:51.738 Component SVRTcli.exe version 2.5.4
2015-02-26 12:37:51.738 Component control.dll version 2.5.4
2015-02-26 12:37:51.738 Component SVRTservice.exe version 2.5.4
2015-02-26 12:37:51.738 Component engine\osdp.dll version 1.44.1.2183
2015-02-26 12:37:51.738 Component engine\veex.dll version 3.58.3.2183
2015-02-26 12:37:51.738 Component engine\savi.dll version 8.1.5.2183
2015-02-26 12:37:51.738 Component rkdisk.dll version 1.5.30.0
2015-02-26 12:37:51.738 Version info: Product version 2.5.4
2015-02-26 12:37:51.738 Version info: Detection engine 3.58.3
2015-02-26 12:37:51.738 Version info: Detection data 5.11G
2015-02-26 12:37:51.738 Version info: Build date 2/3/2015
2015-02-26 12:37:51.738 Version info: Data files added 304
2015-02-26 12:37:51.738 Version info: Last successful update 2/26/2015 12:37:40 PM

2015-02-26 14:13:36.264 >>> Virus 'Mal/Generic-S' found in file J:\Charlie\My Music\Random\Completed\ NIS 2014 ENG\NTR 2014 v1.0.exe
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file J:\Charlie\My Music\Random\Completed\ NIS 2014 ENG\NTR 2014 v1.0.exe
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-26 14:25:07.901 Could not check J:\My Documents\Work in progress\httpdocsJan2014\files\Booking_27Jan_Troika_FinancialEducation.doc (corrupt)
2015-02-26 14:26:56.273 Could not check J:\My Documents\Work in progress\httpdocs_April2014\files\Booking_27Jan_Troika_FinancialEducation.doc (corrupt)
2015-02-26 14:27:58.255 Could not check J:\My Documents\Work in progress\httpdocs_Ja2013\files\Booking_27Jan_Troika_FinancialEducation.doc (corrupt)
2015-02-26 14:28:44.676 Could not check J:\My Documents\Work in progress\httpdocs_July2012\files\Booking_27Jan_Troika_FinancialEducation.doc (corrupt)
2015-02-26 14:46:24.140 >>> Virus 'Mal/KeyGen-M' found in file J:\progs\SnagIt 8.2.0-ZWT\Snag.It.9.0.1.126_KEYGEN-FFF.exe
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file J:\progs\VSO Image resizer\Light Image Resizer 4.3.0.0 Software + Keygen\ImageResize_v4.exe
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file J:\progs\VSO Image resizer\VSO_Image_Resizer_4.0.2.5\Keygen\ImageResize_v4.exe
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-26 14:48:20.823 >>> Virus 'Mal/KeyGen-W' found in file J:\progs\YoutubeVideo\Alive_YouTube_Video_Converter_v1.6.2.2_by_AT4RE.zip\Alive YouTube Video Converter 1.6.2.2/Keygen.exe
2015-02-26 14:48:20.823 Disinfection not offered
2015-02-26 14:48:52.618 Could not open LOGICAL:000C:00000000
2015-02-26 14:48:52.634 Could not open M:\
2015-02-26 14:48:52.634 Could not open LOGICAL:000D:00000000
2015-02-26 14:48:52.650 Could not open N:\
2015-02-26 14:48:52.650 Could not open LOGICAL:000E:00000000
2015-02-26 14:48:52.665 Could not open O:\
2015-02-26 14:48:52.681 Could not open LOGICAL:000F:00000000
2015-02-26 14:48:52.697 Could not open P:\
2015-02-26 14:48:52.775 Could not open PHYSICAL:0082:0000:0000:0001
2015-02-26 14:48:52.790 Could not open PHYSICAL:0083:0000:0000:0001
2015-02-26 14:48:52.790 Could not open PHYSICAL:0084:0000:0000:0001
2015-02-26 14:48:52.790 Could not open PHYSICAL:0085:0000:0000:0001
2015-02-26 14:48:52.868 The following items will be cleaned up:
2015-02-26 14:48:52.900 Mal/Generic-S
2015-02-26 14:48:52.900 Mal/KeyGen-M
2015-02-26 14:48:52.900 Mal/KeyGen-W

 

[wildchildpt]

OK, one of the clean ups failed, here is a new log (Would physically deleting the file work)?

2015-02-26 12:36:30.057 Sophos Virus Removal Tool version 2.5.4
2015-02-26 12:36:30.057 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-02-26 12:36:30.057 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-02-26 12:36:30.057 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2015-02-26 12:36:30.057 Checking for updates...
2015-02-26 12:36:30.479 Update progress: proxy server not available
2015-02-26 12:36:41.368 Option all = no
2015-02-26 12:36:41.368 Option recurse = yes
2015-02-26 12:36:41.368 Option archive = no
2015-02-26 12:36:41.368 Option service = yes
2015-02-26 12:36:41.368 Option confirm = yes
2015-02-26 12:36:41.368 Option sxl = yes
2015-02-26 12:36:41.368 Option max-data-age = 35
2015-02-26 12:36:41.368 Option EnableSafeClean = yes
2015-02-26 12:36:42.837 Option vdl-logging = yes
2015-02-26 12:36:42.837 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-26 12:36:42.837 Machine ID: 423edec7be5b4ac4904d5ecc9468fc3f
2015-02-26 12:36:42.837 Component SVRTcli.exe version 2.5.4
2015-02-26 12:36:42.837 Component control.dll version 2.5.4
2015-02-26 12:36:42.837 Component SVRTservice.exe version 2.5.4
2015-02-26 12:36:42.837 Component engine\osdp.dll version 1.44.1.2183
2015-02-26 12:36:42.853 Component engine\veex.dll version 3.58.3.2183
2015-02-26 12:36:42.853 Component engine\savi.dll version 8.1.5.2183
2015-02-26 12:36:42.853 Component rkdisk.dll version 1.5.30.0
2015-02-26 12:36:42.853 Version info: Product version 2.5.4
2015-02-26 12:36:42.853 Version info: Detection engine 3.58.3
2015-02-26 12:36:42.853 Version info: Detection data 5.11
2015-02-26 12:36:42.853 Version info: Build date 2/3/2015
2015-02-26 12:36:42.853 Version info: Data files added 303
2015-02-26 12:36:42.853 Version info: Last successful update (not yet updated)
2015-02-26 12:37:08.273 Downloading updates...
2015-02-26 12:37:08.273 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-02-26 12:37:08.273 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-02-26 12:37:08.273 Update progress: [I49502] Found supplement IDE512 LATEST
2015-02-26 12:37:08.273 Update progress: [I49502] Found supplement IDE513 LATEST
2015-02-26 12:37:08.273 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-26 12:37:08.273 Update progress: [I19463] Syncing product SAVIW32 51
2015-02-26 12:37:17.428 Update progress: [I19463] Syncing product IDE512 166
2015-02-26 12:37:18.131 Update progress: [I19463] Syncing product IDE513 142
2015-02-26 12:37:19.537 Installing updates...
2015-02-26 12:37:20.569 Error level 1
2015-02-26 12:37:40.286 Update successful
2015-02-26 12:37:51.629 Option all = no
2015-02-26 12:37:51.629 Option recurse = yes
2015-02-26 12:37:51.629 Option archive = no
2015-02-26 12:37:51.629 Option service = yes
2015-02-26 12:37:51.629 Option confirm = yes
2015-02-26 12:37:51.629 Option sxl = yes
2015-02-26 12:37:51.629 Option max-data-age = 35
2015-02-26 12:37:51.629 Option EnableSafeClean = yes
2015-02-26 12:37:51.722 Option vdl-logging = yes
2015-02-26 12:37:51.738 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-26 12:37:51.738 Machine ID: 423edec7be5b4ac4904d5ecc9468fc3f
2015-02-26 12:37:51.738 Component SVRTcli.exe version 2.5.4
2015-02-26 12:37:51.738 Component control.dll version 2.5.4
2015-02-26 12:37:51.738 Component SVRTservice.exe version 2.5.4
2015-02-26 12:37:51.738 Component engine\osdp.dll version 1.44.1.2183
2015-02-26 12:37:51.738 Component engine\veex.dll version 3.58.3.2183
2015-02-26 12:37:51.738 Component engine\savi.dll version 8.1.5.2183
2015-02-26 12:37:51.738 Component rkdisk.dll version 1.5.30.0
2015-02-26 12:37:51.738 Version info: Product version 2.5.4
2015-02-26 12:37:51.738 Version info: Detection engine 3.58.3
2015-02-26 12:37:51.738 Version info: Detection data 5.11G
2015-02-26 12:37:51.738 Version info: Build date 2/3/2015
2015-02-26 12:37:51.738 Version info: Data files added 304
2015-02-26 12:37:51.738 Version info: Last successful update 2/26/2015 12:37:40 PM

2015-02-26 14:13:36.264 >>> Virus 'Mal/Generic-S' found in file J:\Charlie\My Music\Random\Completed\ NIS 2014 ENG\NTR 2014 v1.0.exe
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file J:\Charlie\My Music\Random\Completed\ NIS 2014 ENG\NTR 2014 v1.0.exe
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-26 14:13:36.436 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-26 14:25:07.901 Could not check J:\My Documents\Work in progress\httpdocsJan2014\files\Booking_27Jan_Troika_FinancialEducation.doc (corrupt)
2015-02-26 14:26:56.273 Could not check J:\My Documents\Work in progress\httpdocs_April2014\files\Booking_27Jan_Troika_FinancialEducation.doc (corrupt)
2015-02-26 14:27:58.255 Could not check J:\My Documents\Work in progress\httpdocs_Ja2013\files\Booking_27Jan_Troika_FinancialEducation.doc (corrupt)
2015-02-26 14:28:44.676 Could not check J:\My Documents\Work in progress\httpdocs_July2012\files\Booking_27Jan_Troika_FinancialEducation.doc (corrupt)
2015-02-26 14:46:24.140 >>> Virus 'Mal/KeyGen-M' found in file J:\progs\SnagIt 8.2.0-ZWT\Snag.It.9.0.1.126_KEYGEN-FFF.exe
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-26 14:46:24.171 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file J:\progs\VSO Image resizer\Light Image Resizer 4.3.0.0 Software + Keygen\ImageResize_v4.exe
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-26 14:47:45.965 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file J:\progs\VSO Image resizer\VSO_Image_Resizer_4.0.2.5\Keygen\ImageResize_v4.exe
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-02-26 14:47:53.121 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-02-26 14:48:20.823 >>> Virus 'Mal/KeyGen-W' found in file J:\progs\YoutubeVideo\Alive_YouTube_Video_Converter_v1.6.2.2_by_AT4RE.zip\Alive YouTube Video Converter 1.6.2.2/Keygen.exe
2015-02-26 14:48:20.823 Disinfection not offered
2015-02-26 14:48:52.618 Could not open LOGICAL:000C:00000000
2015-02-26 14:48:52.634 Could not open M:\
2015-02-26 14:48:52.634 Could not open LOGICAL:000D:00000000
2015-02-26 14:48:52.650 Could not open N:\
2015-02-26 14:48:52.650 Could not open LOGICAL:000E:00000000
2015-02-26 14:48:52.665 Could not open O:\
2015-02-26 14:48:52.681 Could not open LOGICAL:000F:00000000
2015-02-26 14:48:52.697 Could not open P:\
2015-02-26 14:48:52.775 Could not open PHYSICAL:0082:0000:0000:0001
2015-02-26 14:48:52.790 Could not open PHYSICAL:0083:0000:0000:0001
2015-02-26 14:48:52.790 Could not open PHYSICAL:0084:0000:0000:0001
2015-02-26 14:48:52.790 Could not open PHYSICAL:0085:0000:0000:0001
2015-02-26 14:48:52.868 The following items will be cleaned up:
2015-02-26 14:48:52.900 Mal/Generic-S
2015-02-26 14:48:52.900 Mal/KeyGen-M
2015-02-26 14:48:52.900 Mal/KeyGen-W
2015-02-26 15:33:58.348 Threat 'Mal/Generic-S' has been cleaned up.
2015-02-26 15:33:58.348 File "J:\Charlie\My Music\Random\Completed\ NIS 2014 ENG\NTR 2014 v1.0.exe" belongs to malware 'Mal/Generic-S'.
2015-02-26 15:33:58.348 File "J:\Charlie\My Music\Random\Completed\ NIS 2014 ENG\NTR 2014 v1.0.exe" has been cleaned up.
2015-02-26 15:33:58.348 Removal successful
2015-02-26 15:34:07.410 Threat 'Mal/KeyGen-M' has been cleaned up.
2015-02-26 15:34:07.410 File "J:\progs\SnagIt 8.2.0-ZWT\Snag.It.9.0.1.126_KEYGEN-FFF.exe" belongs to malware 'Mal/KeyGen-M'.
2015-02-26 15:34:07.410 File "J:\progs\SnagIt 8.2.0-ZWT\Snag.It.9.0.1.126_KEYGEN-FFF.exe" has been cleaned up.
2015-02-26 15:34:07.410 File "J:\progs\VSO Image resizer\Light Image Resizer 4.3.0.0 Software + Keygen\ImageResize_v4.exe" belongs to malware 'Mal/KeyGen-M'.
2015-02-26 15:34:07.410 File "J:\progs\VSO Image resizer\Light Image Resizer 4.3.0.0 Software + Keygen\ImageResize_v4.exe" has been cleaned up.
2015-02-26 15:34:07.410 File "J:\progs\VSO Image resizer\VSO_Image_Resizer_4.0.2.5\Keygen\ImageResize_v4.exe" belongs to malware 'Mal/KeyGen-M'.
2015-02-26 15:34:07.410 File "J:\progs\VSO Image resizer\VSO_Image_Resizer_4.0.2.5\Keygen\ImageResize_v4.exe" has been cleaned up.
2015-02-26 15:34:07.410 Removal successful
2015-02-26 15:34:07.613 >>> Virus 'Mal/KeyGen-W' found in file J:\progs\YoutubeVideo\Alive_YouTube_Video_Converter_v1.6.2.2_by_AT4RE.zip\Alive YouTube Video Converter 1.6.2.2/Keygen.exe
2015-02-26 15:34:07.613 Disinfection not offered
2015-02-26 15:34:07.613 Disinfection failed [0xa0040208]
2015-02-26 15:34:07.644 Error: cleanup failed.
2015-02-26 15:34:07.644 Contents of SafeClean bin directory:
2015-02-26 15:34:07.675 {
2015-02-26 15:34:07.675 RecordID : "0000000000000001",
2015-02-26 15:34:07.675 ItemType : "1",
2015-02-26 15:34:07.675 Location : "J:\Charlie\My Music\Random\Completed\ NIS 2014 ENG\",
2015-02-26 15:34:07.675 FileName : "NTR 2014 v1.0.exe",
2015-02-26 15:34:07.675 ThreatName : "Mal/Generic-S",
2015-02-26 15:34:07.675 Checksum : "7cca1e97ddcb47652b059261ed8e5b35d2d6093bb6228cbce3da8f940383d372",
2015-02-26 15:34:07.675 TimeStamp : "Thu Feb 26 15:33:45 2015"
2015-02-26 15:34:07.675 }
2015-02-26 15:34:07.675 {
2015-02-26 15:34:07.675 RecordID : "0000000000000002",
2015-02-26 15:34:07.675 ItemType : "1",
2015-02-26 15:34:07.675 Location : "J:\progs\SnagIt 8.2.0-ZWT\",
2015-02-26 15:34:07.675 FileName : "Snag.It.9.0.1.126_KEYGEN-FFF.exe",
2015-02-26 15:34:07.675 ThreatName : "Mal/KeyGen-M",
2015-02-26 15:34:07.675 Checksum : "a1076617ad91c758f93f7bd5ec0d4df976578ec2669711c95af4e1cfb0b3cc13",
2015-02-26 15:34:07.675 TimeStamp : "Thu Feb 26 15:33:58 2015"
2015-02-26 15:34:07.675 }
2015-02-26 15:34:07.675 {
2015-02-26 15:34:07.675 RecordID : "0000000000000003",
2015-02-26 15:34:07.675 ItemType : "1",
2015-02-26 15:34:07.675 Location : "J:\progs\VSO Image resizer\Light Image Resizer 4.3.0.0 Software + Keygen\",
2015-02-26 15:34:07.675 FileName : "ImageResize_v4.exe",
2015-02-26 15:34:07.675 ThreatName : "Mal/KeyGen-M",
2015-02-26 15:34:07.675 Checksum : "120154c3bfd0885a352cd34f5d4e956a4ce0a485f31abc5002153781646ff5ff",
2015-02-26 15:34:07.675 TimeStamp : "Thu Feb 26 15:33:58 2015"
2015-02-26 15:34:07.675 }
2015-02-26 15:34:07.675 {
2015-02-26 15:34:07.675 RecordID : "0000000000000004",
2015-02-26 15:34:07.675 ItemType : "1",
2015-02-26 15:34:07.675 Location : "J:\progs\VSO Image resizer\VSO_Image_Resizer_4.0.2.5\Keygen\",
2015-02-26 15:34:07.675 FileName : "ImageResize_v4.exe",
2015-02-26 15:34:07.675 ThreatName : "Mal/KeyGen-M",
2015-02-26 15:34:07.675 Checksum : "120154c3bfd0885a352cd34f5d4e956a4ce0a485f31abc5002153781646ff5ff",
2015-02-26 15:34:07.675 TimeStamp : "Thu Feb 26 15:33:58 2015"
2015-02-26 15:34:07.675 }
2015-02-26 15:34:09.675 Error level 0

 

[Broni]

Keygen.exe indicates some bootleg program(s) and it'll always be marked by most security programs.
Since I don't want to discuss illegal downloads that's all I can say.

=================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[wildchildpt]

Thanks for all of your help,
I understand about the Keygens and bootleg programmes, under normal circumstances I may download a temporary copyof a bootlegged programme to try and see if it brings value to my work, if so I will buy the programme, otherwise I will uninstall it (though usually I leave the installer and keygen prog on my PC).

regarding my PC being clean, what I did notice today was several Blue screens, the problem causing this is something to do with my graphics card or the driver for it. I have noticed a problem in the past, but never so many blue screens in such a short period (most probably a coincidence, and nothing to do with all of the cleaning. the error that is mentioned is the ati2dvag.dll is entering an infinite loop) I am looking to get a new graphics card to resolve this problem.

regarding the cleaning, I noticed that malwarebytes blocked a couple of outbound attempts this morning, not sure if there are any legitimate programmes on my PC that you might have noticed during this process that might be behaving this way. Malwarebytes does not identify the process that is trying to access the internet.

For your information I have copied below the latest log from Malwarebytes;
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 27/02/2015 02:58:32, SYSTEM, WST-CO, Scheduler, Malware Database, 2015.2.26.5, 2015.2.27.1,
Protection, 27/02/2015 02:58:32, SYSTEM, WST-CO, Protection, Refresh, Starting,
Protection, 27/02/2015 02:58:32, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 27/02/2015 02:58:32, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 27/02/2015 02:58:54, SYSTEM, WST-CO, Protection, Refresh, Success,
Protection, 27/02/2015 02:58:54, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 27/02/2015 02:59:07, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Update, 27/02/2015 03:58:38, SYSTEM, WST-CO, Scheduler, Malware Database, 2015.2.27.1, 2015.2.27.2,
Protection, 27/02/2015 03:58:38, SYSTEM, WST-CO, Protection, Refresh, Starting,
Protection, 27/02/2015 03:58:38, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 27/02/2015 03:58:38, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 27/02/2015 03:59:06, SYSTEM, WST-CO, Protection, Refresh, Success,
Protection, 27/02/2015 03:59:06, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 27/02/2015 03:59:21, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Scan, 27/02/2015 04:26:20, SYSTEM, WST-CO, Manual, Start:27/02/2015 03:46:37, Duration:39 min 42 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Protection, 27/02/2015 04:26:20, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 27/02/2015 04:26:20, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 27/02/2015 04:26:20, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 27/02/2015 04:26:33, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Update, 27/02/2015 05:43:41, SYSTEM, WST-CO, Scheduler, Malware Database, 2015.2.27.2, 2015.2.27.3,
Protection, 27/02/2015 05:43:41, SYSTEM, WST-CO, Protection, Refresh, Starting,
Protection, 27/02/2015 05:43:41, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 27/02/2015 05:43:41, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 27/02/2015 05:44:08, SYSTEM, WST-CO, Protection, Refresh, Success,
Protection, 27/02/2015 05:44:08, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 27/02/2015 05:44:21, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 27/02/2015 07:03:19, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 94.100.16.151, 0, Inbound,
Detection, 27/02/2015 07:29:42, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 94.100.16.151, 0, Inbound,
Detection, 27/02/2015 07:42:37, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 94.185.80.40, 0, Inbound,
Detection, 27/02/2015 09:55:05, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 114.79.151.140, 0, Inbound,
Protection, 27/02/2015 10:36:47, SYSTEM, WST-CO, Protection, Malware Protection, Starting,
Protection, 27/02/2015 10:36:47, SYSTEM, WST-CO, Protection, Malware Protection, Started,
Protection, 27/02/2015 10:36:47, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 27/02/2015 10:39:05, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 27/02/2015 10:42:02, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 114.79.151.140, 0, Inbound,
Detection, 27/02/2015 10:48:37, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 114.79.151.140, 0, Outbound,
Detection, 27/02/2015 10:49:30, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 94.100.16.159, 0, Outbound,
Protection, 27/02/2015 11:13:42, SYSTEM, WST-CO, Protection, Malware Protection, Starting,
Protection, 27/02/2015 11:13:42, SYSTEM, WST-CO, Protection, Malware Protection, Started,
Protection, 27/02/2015 11:13:42, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 27/02/2015 11:14:44, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 27/02/2015 11:21:11, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 94.100.16.159, 0, Outbound,
Update, 27/02/2015 11:38:16, SYSTEM, WST-CO, Scheduler, Malware Database, 2015.2.27.3, 2015.2.27.4,
Protection, 27/02/2015 11:38:16, SYSTEM, WST-CO, Protection, Refresh, Starting,
Protection, 27/02/2015 11:38:16, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 27/02/2015 11:38:16, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 27/02/2015 11:38:30, SYSTEM, WST-CO, Protection, Refresh, Success,
Protection, 27/02/2015 11:38:30, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 27/02/2015 11:38:35, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 27/02/2015 12:07:49, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 31.192.57.29, 0, Inbound,
Protection, 27/02/2015 13:48:47, SYSTEM, WST-CO, Protection, Malware Protection, Starting,
Protection, 27/02/2015 13:48:47, SYSTEM, WST-CO, Protection, Malware Protection, Started,
Protection, 27/02/2015 13:48:47, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 27/02/2015 13:49:39, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 27/02/2015 13:56:12, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 94.100.16.159, 0, Outbound,
Detection, 27/02/2015 14:43:50, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 41.35.87.80, 0, Inbound,
Detection, 27/02/2015 15:00:16, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 188.211.239.10, 0, Inbound,
Detection, 27/02/2015 15:25:34, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 94.100.16.151, 0, Inbound,
Update, 27/02/2015 16:33:27, SYSTEM, WST-CO, Scheduler, Malware Database, 2015.2.27.4, 2015.2.27.5,
Protection, 27/02/2015 16:33:27, SYSTEM, WST-CO, Protection, Refresh, Starting,
Protection, 27/02/2015 16:33:27, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopping,
Protection, 27/02/2015 16:33:27, SYSTEM, WST-CO, Protection, Malicious Website Protection, Stopped,
Protection, 27/02/2015 16:33:41, SYSTEM, WST-CO, Protection, Refresh, Success,
Protection, 27/02/2015 16:33:41, SYSTEM, WST-CO, Protection, Malicious Website Protection, Starting,
Protection, 27/02/2015 16:33:51, SYSTEM, WST-CO, Protection, Malicious Website Protection, Started,
Detection, 27/02/2015 16:41:53, SYSTEM, WST-CO, Protection, Malicious Website Protection, IP, 221.192.199.52, 0, Inbound,

(end)

 

[Broni]

As for BSODs I suggest new topic in Windows or hardware forum.

As for MBAM blocking see here: http://www.bleepingcomputer.com/forums/t/491689/mbam-blocks-potential-malicious-access/#entry3026376

Good luck and stay safe

 

[wildchildpt]

Thank you very much for your time and help

 

[Broni]

You're very welcome