windows cannot find yyge.exe

mikehende · Oct 21, 2014

I am seeing this error message when I start up my pc, can't find anything on it online?

starbuck · Oct 21, 2014

Hi Mike,

Not all AV vendors recognise this,
But these do:
McAfee ........ Artemis!B8C28F56DE98
Malwarebytes... Trojan.Dropper
ESET-NOD32..... a variant of Win32/Injector.BNUF
BitDefender.... Gen:Variant.Graftor.160158
Emsisoft....... Gen:Variant.Graftor.160158 (B)
DrWeb ......... Trojan.PWS.Panda.655
Baidu-International ....Trojan.Win32.Injector.BBNUF

Obviously the reason for the message at start up is because a security program has removed the threat but has left the startup entry on the system.
Windows is then looking for the file to start.
Just remove the entry from the startup folder.

can't find anything on it online?

Take a look Here

mikehende · Oct 22, 2014

Hi Pete, sorry not understanding this, I looked in the Task Manager and Msconfig lists but not seeing an entry with the letters "yyge"? If you mean the programs under "All Programs" from the Start menu, not understanding which program to remove?

starbuck · Oct 22, 2014

Hi Mike,

Ok, let's do this the easy way:

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
When the tool opens click Yes to disclaimer.
Make sure that Addition.txt is selected at the bottom
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

mikehende · Oct 22, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014
Ran by user (administrator) on USER-PC on 22-10-2014 16:29:48
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [566112 2014-07-29] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKU\S-1-5-21-3001920249-2789374724-3985487498-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE [219008 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3001920249-2789374724-3985487498-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-22] (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs ()
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x26C8480E975DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: https://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default\searchplugins\conduit-search.xml
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-08-26]
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-05-21]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-05-21]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-07-29] (Copyright 2013 SAMSUNG)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2014-04-21] () [File not signed]
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [103416 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [290376 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83864 2013-12-03] (Trend Micro Inc.)
R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 16:29 - 2014-10-22 16:30 - 00012461 _____ () C:\Users\user\Desktop\FRST.txt
2014-10-22 16:29 - 2014-10-22 16:29 - 00000000 ____D () C:\FRST
2014-10-22 16:28 - 2014-10-22 16:28 - 01103360 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-10-21 13:07 - 2014-10-21 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-10-21 13:07 - 2014-10-21 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-21 13:04 - 2014-10-21 13:04 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-10-21 13:04 - 2014-10-21 13:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-10-21 13:03 - 2014-10-21 13:03 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-21 13:03 - 2014-10-21 13:03 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-10-21 13:03 - 2014-10-21 13:03 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-10-21 13:01 - 2014-10-21 13:01 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-10-21 13:00 - 2014-10-21 13:00 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-10-21 12:59 - 2014-10-21 13:03 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-21 12:59 - 2014-10-21 12:59 - 00000000 __RHD () C:\MSOCache
2014-10-20 07:29 - 2014-10-21 12:36 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-10-20 07:26 - 2014-10-20 07:30 - 00021528 _____ () C:\Windows\DCEBoot.exe
2014-10-20 07:25 - 2014-10-20 07:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\sqmjyr
2014-10-15 01:27 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 01:27 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 01:27 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 01:27 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 01:27 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 01:27 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 01:27 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 01:27 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 01:27 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 01:27 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 01:27 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 01:27 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 01:27 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 01:27 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 01:27 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 01:27 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 01:27 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 01:27 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 01:27 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 01:27 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 01:27 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 01:27 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 01:27 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 01:27 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 01:27 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 01:26 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 01:26 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 01:26 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 01:26 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 01:26 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 01:26 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 01:26 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 01:26 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 01:26 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 01:26 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 01:26 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 01:26 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 01:26 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 01:26 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 01:26 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 01:26 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 01:26 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 01:26 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 01:26 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 01:26 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 01:26 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 01:26 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:26 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-15 01:26 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-15 01:26 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-15 01:26 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-15 01:25 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 01:25 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 01:25 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 01:25 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 01:25 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 01:25 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 01:25 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 01:25 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 01:25 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 01:25 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 01:25 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 01:25 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 01:25 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 01:25 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 01:25 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 01:25 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 01:25 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 01:25 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 01:25 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 01:25 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 17:45 - 2014-10-15 18:45 - 00000000 ____D () C:\ALBUMS
2014-10-14 08:03 - 2014-10-14 08:03 - 00000000 ____D () C:\Users\user\AppData\Local\MediaMonkey
2014-10-14 08:02 - 2014-10-20 07:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\MediaMonkey
2014-10-14 08:02 - 2014-10-14 08:02 - 00001005 _____ () C:\Users\Public\Desktop\MediaMonkey.lnk
2014-10-14 08:02 - 2014-10-14 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2014-10-14 08:02 - 2014-10-14 08:02 - 00000000 ____D () C:\ProgramData\MediaMonkey
2014-10-14 08:02 - 2014-10-14 08:02 - 00000000 ____D () C:\Program Files\MediaMonkey
2014-10-14 08:01 - 2014-10-14 08:01 - 15197616 _____ (Ventis Media Inc. ) C:\Users\user\Downloads\MediaMonkey_4.1.4.1709.exe
2014-10-13 13:10 - 2014-10-13 13:10 - 00880272 _____ (Google Inc.) C:\Users\user\Downloads\googledrivesync.exe
2014-10-13 13:10 - 2014-10-13 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-08 16:29 - 2014-10-08 16:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB
2014-10-08 16:29 - 2014-10-08 16:29 - 00000000 ____D () C:\Program Files\RMPrepUSB
2014-10-07 09:43 - 2014-10-07 09:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerISO
2014-10-07 09:41 - 2014-10-08 08:01 - 00000000 ____D () C:\pebuilder3110a
2014-10-07 09:41 - 2014-10-07 09:41 - 03306678 _____ (Bart Lagerweij ) C:\Users\user\Downloads\pebuilder3110a.exe
2014-10-07 09:38 - 2014-10-07 09:38 - 02959872 _____ (Power Software Ltd) C:\Users\user\Downloads\PowerISO6.exe
2014-10-07 09:34 - 2014-10-07 09:34 - 00815616 _____ () C:\Users\user\Downloads\WinSetupFromUSB 0-2-2.exe
2014-10-07 09:31 - 2014-10-07 09:31 - 00815616 _____ () C:\Users\user\Downloads\WinSetupFromUSB 0-2-2.exe.exe
2014-10-06 18:35 - 2014-10-06 18:39 - 498751488 _____ () C:\Users\user\Documents\VRMSP_EN.ISO
2014-10-03 13:25 - 2014-10-03 13:59 - 00000000 ____D () C:\AlbumPlayerData
2014-10-03 13:23 - 2014-10-03 13:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\AlbumPlayer
2014-10-03 13:23 - 2014-10-03 13:25 - 00000000 ____D () C:\ProgramData\AlbumPlayer
2014-10-03 13:23 - 2014-10-03 13:23 - 00000000 ____D () C:\Users\user\AppData\Local\AlbumPlayer
2014-10-03 13:23 - 2014-10-03 13:23 - 00000000 ____D () C:\Program Files\Bonjour
2014-10-03 13:22 - 2014-10-03 13:22 - 00001005 _____ () C:\Users\user\Desktop\AlbumPlayer.lnk
2014-10-03 13:22 - 2014-10-03 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlbumPlayer
2014-10-03 13:21 - 2014-10-03 13:22 - 00000000 ____D () C:\Program Files\AlbumPlayer
2014-10-03 13:20 - 2014-10-03 13:21 - 27904340 _____ (Albumon ) C:\Users\user\Downloads\albumplayer_demo.exe
2014-09-27 07:37 - 2014-09-27 07:37 - 00000000 ___RD () C:\Program Files\Skype
2014-09-27 07:37 - 2014-09-27 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-27 07:37 - 2014-09-27 07:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-27 07:36 - 2014-09-27 07:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Apple Computer
2014-09-24 18:55 - 2014-09-24 18:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-23 13:55 - 2014-09-23 13:55 - 00000000 ____D () C:\Users\user\AppData\Local\Apple Computer
2014-09-23 07:15 - 2014-09-23 07:16 - 00000000 ____D () C:\Program Files\QuickTime
2014-09-23 07:15 - 2014-09-23 07:15 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-23 07:15 - 2014-09-23 07:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-23 07:15 - 2014-09-23 07:15 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-23 07:13 - 2014-09-23 07:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-23 07:12 - 2014-09-23 07:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-23 07:12 - 2014-09-23 07:12 - 00000000 ____D () C:\Users\user\AppData\Local\Apple
2014-09-23 07:12 - 2014-09-23 07:12 - 00000000 ____D () C:\ProgramData\Apple
2014-09-23 07:12 - 2014-09-23 07:12 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-09-23 07:09 - 2014-09-23 07:09 - 41945432 _____ (Apple Inc.) C:\Users\user\Downloads\QuickTimeInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 16:28 - 2014-04-21 15:40 - 00115288 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-22 16:28 - 2009-07-14 00:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 16:28 - 2009-07-14 00:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 16:15 - 2014-08-19 14:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 16:11 - 2014-08-26 09:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-10-22 15:59 - 2014-04-21 15:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 13:15 - 2014-08-19 14:16 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 12:13 - 2014-04-21 18:14 - 01085139 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 12:08 - 2014-04-22 06:31 - 00017298 _____ () C:\Windows\PFRO.log
2014-10-22 12:08 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 12:08 - 2009-07-14 00:39 - 00060662 _____ () C:\Windows\setupact.log
2014-10-22 12:08 - 2009-07-14 00:33 - 00428096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-22 11:54 - 2014-07-07 13:43 - 00000000 ____D () C:\Users\user\Desktop\JOBS
2014-10-22 06:38 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-21 19:25 - 2014-09-09 12:32 - 00000000 ____D () C:\Users\user\Desktop\Daisy
2014-10-21 14:27 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-21 13:11 - 2014-04-21 17:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-21 13:05 - 2009-07-14 03:48 - 00000000 ____D () C:\Windows\ShellNew
2014-10-21 13:05 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-10-21 13:05 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-21 13:03 - 2014-04-21 17:35 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-10-21 13:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-21 13:01 - 2009-07-13 22:04 - 00000478 _____ () C:\Windows\win.ini
2014-10-20 07:31 - 2014-09-15 15:37 - 00000000 ____D () C:\Users\user\Desktop\Test
2014-10-20 07:27 - 2014-05-30 11:06 - 00209432 _____ () C:\Windows\RegBootClean.exe
2014-10-18 08:34 - 2014-06-25 12:55 - 00000000 ____D () C:\goldwave
2014-10-18 08:22 - 2014-04-21 15:22 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-17 13:36 - 2014-08-19 14:17 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-15 04:16 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-10-14 17:42 - 2014-09-09 15:58 - 00000000 ___RD () C:\LUTHER
2014-10-14 17:06 - 2014-07-22 06:51 - 00000000 ____D () C:\Users\user\Desktop\Sur pics
2014-10-14 11:05 - 2014-05-21 19:59 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-10-13 13:10 - 2014-08-19 14:16 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-10-13 13:10 - 2014-08-19 14:16 - 00000000 ____D () C:\Program Files\Google
2014-10-10 15:27 - 2014-07-22 16:52 - 00000000 ____D () C:\Users\user\Desktop\Speakers
2014-10-07 08:31 - 2014-05-21 20:00 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-06 18:30 - 2014-09-12 10:41 - 00000000 ____D () C:\Cruzer files
2014-09-29 06:32 - 2014-04-21 15:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 07:37 - 2014-08-26 09:48 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-27 07:37 - 2014-08-26 09:47 - 00000000 ____D () C:\ProgramData\Skype
2014-09-24 14:59 - 2014-04-21 15:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 14:59 - 2014-04-21 15:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\39340F291.exe
C:\Users\user\AppData\Local\Temp\68e3f.exe
C:\Users\user\AppData\Local\Temp\6F19Aa.exe
C:\Users\user\AppData\Local\Temp\7b26.exe
C:\Users\user\AppData\Local\Temp\burnsetup.exe
C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\user\AppData\Local\Temp\i4jdel0.exe
C:\Users\user\AppData\Local\Temp\instract.exe
C:\Users\user\AppData\Local\Temp\nsc6F7D.exe
C:\Users\user\AppData\Local\Temp\nsh6D79.exe
C:\Users\user\AppData\Local\Temp\nsmF106.exe
C:\Users\user\AppData\Local\Temp\nss5248.exe
C:\Users\user\AppData\Local\Temp\nsx543C.exe
C:\Users\user\AppData\Local\Temp\ose00000.exe
C:\Users\user\AppData\Local\Temp\ose00001.exe
C:\Users\user\AppData\Local\Temp\SamsungAPInstaller_1409741304560.exe
C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\user\AppData\Local\Temp\sp-downloader.exe
C:\Users\user\AppData\Local\Temp\tmp8B39.exe
C:\Users\user\AppData\Local\Temp\vpsetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 08:41

==================== End Of Log ============================

mikehende · Oct 22, 2014

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2014
Ran by user at 2014-10-22 16:30:21
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

95742 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AlbumPlayer V5.3e Demo Edition (HKLM\...\AlbumPlayer Demo Edition_is1) (Version: - Albumon)
AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
BPM Counter 1.6.0.0 (HKLM\...\BPM Counter_is1) (Version: 1.6.0.0 - AbyssMedia.com)
Briz MP3 Splitter (HKLM\...\Briz MP3 Splitter_is1) (Version: - )
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
GoldWave v5.70 (HKLM\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HP Softpaq SP45813 (HKLM\...\SP45813) (Version: - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2413 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Diags (HKLM\...\MP3Diags) (Version: - )
MP3 Splitter 5.5.1.a (HKLM\...\F87A61F2-76B1-4D8B-BBE5-C23086BF8E95_is1) (Version: - Accmeware Corporation)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RMPrepUSB (HKLM\...\RMPrepUSB) (Version: - )
Samsung Link 2.0.0.1407291559 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1407291559 - Copyright 2013 SAMSUNG)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
VirtualDJ (HKLM\...\VirtualDJ) (Version: - )
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

21-10-2014 16:28:23 Removed Microsoft Office Professional Plus 2010
21-10-2014 16:59:06 Installed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E577432-A09F-4C2C-97A7-FB0BF6BB203D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.)
Task: {6B6C1EEA-9A81-42BF-A948-9CA95F810552} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {854B572C-F8D7-4D76-8753-CD9E1C8A90DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {93AF4437-BB52-46F0-979A-AF35A95F3B4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.)
Task: {96EEC2D1-88A0-4324-8291-0F79E4AF8F60} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-04-21] ()
Task: {A2F352EE-0ABF-422D-8B97-4EDDE3E8E228} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-22 13:34 - 2014-07-29 15:59 - 00022016 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-04-22 13:34 - 2014-07-29 15:59 - 00041472 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\JNIInterface.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ASFAPI.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB_Manager.dll
2013-10-01 09:46 - 2013-10-01 09:46 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMS_Manager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-04-22 13:34 - 2014-07-29 15:59 - 01595392 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2014-04-22 13:34 - 2014-07-29 15:59 - 01165824 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2014-07-31 14:07 - 2014-07-31 14:07 - 00640512 _____ () C:\Windows\Temp\sqlite-3.7.151-x86-sqlitejdbc.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2014-09-24 18:55 - 2014-09-24 18:55 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-09 17:59 - 2014-09-09 17:59 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3001920249-2789374724-3985487498-500 - Administrator - Disabled)
Guest (S-1-5-21-3001920249-2789374724-3985487498-501 - Limited - Disabled)
user (S-1-5-21-3001920249-2789374724-3985487498-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2014 00:08:43 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/21/2014 00:36:46 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/20/2014 07:30:08 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/16/2014 06:19:19 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/15/2014 03:39:10 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/14/2014 07:33:21 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/12/2014 10:05:40 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/11/2014 07:14:02 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/11/2014 07:03:01 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (10/06/2014 04:02:40 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

System errors:
=============
Error: (10/21/2014 07:53:33 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (10/21/2014 01:58:48 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (10/20/2014 06:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (10/20/2014 05:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (10/20/2014 04:55:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (10/20/2014 03:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (10/20/2014 02:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (10/20/2014 01:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (10/20/2014 00:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (10/19/2014 11:55:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (10/22/2014 00:08:43 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (10/21/2014 00:36:46 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (10/20/2014 07:30:08 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (10/16/2014 06:19:19 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (10/15/2014 03:39:10 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (10/14/2014 07:33:21 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (10/12/2014 10:05:40 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (10/11/2014 07:14:02 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (10/11/2014 07:03:01 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (10/06/2014 04:02:40 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 64%
Total physical RAM: 1977.25 MB
Available physical RAM: 709.05 MB
Total Pagefile: 3954.49 MB
Available Pagefile: 2612.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:61.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

starbuck · Oct 22, 2014

Hi Mike,

Ok, there wasn't actually an .exe called yyge in the startup folder.
But if you look at the link i gave earlier about the malware, you will see some files created at the bottom of the first page:

C:\DOCUME~1\User\LOCALS~1\Temp\NEW-ORDER_11.scr
C:\Documents and Settings\User\Application Data\sqmjyr\yyge.exe
C:\Documents and Settings\User\Application Data\sqmjyr\yyge.bat
C:\Documents and Settings\User\Start Menu\Programs\Startup\yshrsg.vbs

The startup entry in your report is actually the:
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs
and although yyge.exe is not listed, the folder it resides in is showing:
C:\Users\user\AppData\Roaming\sqmjyr
So your security program that removed yyge.exe ... only did half a job.

Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

This fix should sort the problem for you.
You also had remnants of conduit on the system... so i've added these to the fix as well.

mikehende · Oct 22, 2014

Problem solved, wish I could do what you've just done, as usual thanks a million for the help Pete!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-10-2014
Ran by user at 2014-10-22 17:52:59 Run:1
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default\searchplugins\conduit-search.xml
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2014-10-20 07:25 - 2014-10-20 07:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\sqmjyr
C:\Users\user\AppData\Local\Temp\39340F291.exe
C:\Users\user\AppData\Local\Temp\68e3f.exe
C:\Users\user\AppData\Local\Temp\6F19Aa.exe
C:\Users\user\AppData\Local\Temp\7b26.exe
C:\Users\user\AppData\Local\Temp\burnsetup.exe
C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\user\AppData\Local\Temp\i4jdel0.exe
C:\Users\user\AppData\Local\Temp\instract.exe
C:\Users\user\AppData\Local\Temp\nsc6F7D.exe
C:\Users\user\AppData\Local\Temp\nsh6D79.exe
C:\Users\user\AppData\Local\Temp\nsmF106.exe
C:\Users\user\AppData\Local\Temp\nss5248.exe
C:\Users\user\AppData\Local\Temp\nsx543C.exe
C:\Users\user\AppData\Local\Temp\ose00000.exe
C:\Users\user\AppData\Local\Temp\ose00001.exe
C:\Users\user\AppData\Local\Temp\SamsungAPInstaller_1409741304560.exe
C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\user\AppData\Local\Temp\sp-downloader.exe
C:\Users\user\AppData\Local\Temp\tmp8B39.exe
C:\Users\user\AppData\Local\Temp\vpsetup.exe
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default\searchplugins\conduit-search.xml => Moved successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs => Moved successfully.
MBAMSwissArmy => Service deleted successfully.
C:\Users\user\AppData\Roaming\sqmjyr => Moved successfully.
C:\Users\user\AppData\Local\Temp\39340F291.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\68e3f.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\6F19Aa.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\7b26.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\burnsetup.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\instract.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\nsc6F7D.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\nsh6D79.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\nsmF106.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\nss5248.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\nsx543C.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\ose00001.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\SamsungAPInstaller_1409741304560.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\sp-downloader.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmp8B39.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\vpsetup.exe => Moved successfully.
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 2.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

starbuck · Oct 22, 2014

Problem solved

That's good to hear.

thanks a million for the help Pete!

You're more than welcome Mike.

To completely remove FRST:
Right click on the FRST icon and select delete ( you can also do this for the files that have been created on the Desktop).
Then navigate to:
C:\FRST

and delete the FRST folder.

Glad I was able to help.

Safe surfing.

windows cannot find yyge.exe

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator

mikehende

Active Member

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator

Attachments

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator