Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows 7 with a lot of malware problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows 7 with a lot of malware problems

Unread postby goncalo_silva » January 11th, 2016, 7:22 am

Hello Malware Removal Community.
I'm new here, so I hope I'm giving every information I should.
I'm having a problem on my computer with Malware. I've installed an exe I shouldn't and it started installing a lot of programs on my computer and opening new tabs on Chrome. It installed things like "MyBestOffersToday", "SpaceSoundPro", an Opera launcher, a lot of other programs which I couldn't uninstall and when asked if I wanted to remove from the list on Programs and Features, I said yes so I don't even know if they are still there.
In the middle of all the junk that was appearing on Task Manager, I've noticed one program I couldn't close the process called apphguotoloS. Searching on Google, took me to this threat http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=64154.
I've tried using some advices like Fixlist.txt with FRST.exe and Malwarebytes' Anti-Malware... FRST seemed to solve the problem with the Malware, but something ruined my internet connection. I can connect to my router, but don't have Internet access... Despite that, I've made the download of Malwarebytes' Anti-Malware on another computer and installed on the computer with the problem... Couldn't update the database since I didn't have Internet connection, but still the program was able to found a lot of errors. At this moment, I still have at least two programs on Programs and Features I cannot uninstall and are asking me if I want to remove from the list and a program called runonce.exe on task manager which prevents explorer.exe from opening. I don't know if all Malware was deleted and my computer is okay or not.

If someone could help me, I would be quite appreciated.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by Gonçalo (administrator) on GONÇALO-TOSHIBA (11-01-2016 10:28:25)
Running from C:\Users\Gonçalo\Desktop
Loaded Profiles: Gonçalo (Available Profiles: Gonçalo)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Português (Portugal)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe [1960288 2015-08-19] ()
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [mbot_pt_014010202] => "C:\Program Files\mbot_pt_014010202\mbot_pt_014010202.exe"
HKLM\...\Run: [WindoWeather] => "C:\Program Files\WindoWeather\WindoWeather.exe" monetize
HKLM\...\Run: [QualityChecker] => C:\Program Files\QualityChecker\QC.exe [156792 2016-01-04] ()
HKLM\...\RunOnce: [QualityChecker] => C:\Program Files\QualityChecker\QC.exe [156792 2016-01-04] ()
HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Run: [Spotify Web Helper] => C:\Users\Gonçalo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-08] (Spotify Ltd)
HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Run: [GoogleChromeAutoLaunch_496EFAF177E0DE33F593DA9A51967293] => C:\Program Files\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIMDE.EXE [262208 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-01-08] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\ApphguotoloS\Lamnix.dll => No File
Startup: C:\Users\Gonçalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk [2016-01-11]
ShortcutTarget: Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: iSkysoft iTube Studio 4.3.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\ProgramData\iSkysoft\iTube Studio\WSBrowserAppMgr.dll [2015-08-19] (Wondershare)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - No File

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com
FF Extension: iSkysoft iTube Studio - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com [2015-10-10] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.pt/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP47E0B1AB-5B5B-4650-AF6D-DBF5121FCFF0&SSPV=","hxxp://websearch.searchoholic.info/?pid=21529&r=2015/01/02&hid=17539484079195793811&lg=EN&cc=PT&unqvl=72","hxxp://www.mysites123.com/?type=hp&ts=1452442755&z=8a29128ec64eb5c11a23004gez8wfo9z2z2oam4w7w&from=amt&uid=toshibaxmk8037gsx_971st2vstxx971st2vst","hxxp://www.yoursearching.com/?type=hp&ts=1452502060&z=39c9ca6276d75bced2c2acdg1z4w3oew6e8oce8wdm&from=face&uid=TOSHIBAXMK8037GSX_971ST2VSTXX971ST2VST"
CHR DefaultSearchURL: Default -> hxxp://yoursearching.com/web?type=ds&ts ... 1ST2VST&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursearching
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Apresentações Google) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (wareztuga.tv streamer) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Filterable Grid View for YouTube™) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chefgadenjmbjpcaoecdmgdagcjljcmh [2015-11-19]
CHR Extension: (uBlock Origin) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (XJZ Survey Remover) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh [2015-07-08]
CHR Extension: (Subscriptions Grid For YouTube™) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed [2015-11-25]
CHR Extension: (Who Deleted Me) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2015-12-20]
CHR Extension: (PanicButton) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-11-26]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Documentos do Google offline) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Facebook Invite All) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2015-11-10]
CHR Extension: (Ahoy!) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljighgeflmhnpljodhpcifcojkpancpm [2016-01-06]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
StartMenuInternet: Google Chrome - Chrome.exe

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.yoursearching.com/?type=sc&t ... X971ST2VST

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 hujunywuzbt; C:\Program Files\DC812464-1452444290-4733-E100-001D60F184B2\knsjDE69.tmpfs [X]
S2 TDataSvr; C:\Program Files\TDataDld\TData.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 asiovad; C:\Windows\System32\DRIVERS\asiovad.sys [27336 2014-11-20] (Odeus Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl0c0a58ec; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E805B35E-70EF-47DB-B35B-0A95FEC3EC95}\MpKsl0c0a58ec.sys [39168 2016-01-11] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 protect; C:\Program Files\QualityChecker\qc.sys [10752 2015-12-30] () [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation )
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2013-09-03] (Wondershare)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-11 10:26 - 2016-01-11 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-11 09:53 - 2016-01-11 10:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-11 09:52 - 2016-01-11 10:26 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-11 09:52 - 2016-01-11 09:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-11 09:52 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-11 09:52 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-11 09:52 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-11 09:30 - 2016-01-11 09:30 - 22908888 _____ (Malwarebytes ) C:\Users\Gonçalo\Desktop\mbam-setup-2.2.0.1024.exe
2016-01-11 09:14 - 2016-01-11 09:16 - 00020108 _____ C:\Users\Gonçalo\Desktop\Fixlog.txt
2016-01-11 09:11 - 2016-01-11 09:14 - 00023670 _____ C:\Users\Gonçalo\Desktop\Addition.txt
2016-01-11 09:09 - 2016-01-11 10:28 - 00014014 _____ C:\Users\Gonçalo\Desktop\FRST.txt
2016-01-11 09:08 - 2016-01-11 10:28 - 00000000 ____D C:\FRST
2016-01-11 09:07 - 2016-01-11 09:08 - 01721856 _____ (Farbar) C:\Users\Gonçalo\Desktop\FRST.exe
2016-01-11 08:52 - 2016-01-11 08:58 - 00000000 ____D C:\Users\Gonçalo\AppData\Roaming\systweak
2016-01-10 17:54 - 2016-01-10 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-01-10 17:53 - 2016-01-10 17:53 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-01-10 17:53 - 2016-01-10 17:53 - 00000000 ____D C:\Program Files\VS Revo Group
2016-01-10 17:34 - 2016-01-10 17:34 - 00000296 _____ C:\task.vbs
2016-01-10 17:21 - 2016-01-10 17:33 - 00000000 ____D C:\Program Files\Opera
2016-01-10 17:20 - 2016-01-11 09:18 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-01-10 17:20 - 2016-01-11 08:26 - 00000008 _____ C:\END
2016-01-10 17:03 - 2016-01-10 17:03 - 00000000 ____D C:\Users\Gonçalo\AppData\Roaming\Mozilla
2016-01-10 16:49 - 2016-01-10 17:00 - 00000000 ____D C:\ProgramData\ApplicationHosting
2016-01-10 16:47 - 2016-01-10 16:47 - 00000000 ____D C:\Program Files\ExploreTech
2016-01-10 16:47 - 2016-01-10 16:41 - 00001002 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-10 16:42 - 2016-01-11 10:22 - 00000000 ____D C:\Program Files\QualityChecker
2016-01-02 17:59 - 2016-01-02 17:59 - 00252108 _____ C:\Users\Gonçalo\Desktop\Crazy Factory Piercing.pdf
2015-12-30 08:50 - 2015-12-30 08:51 - 87150434 ____T C:\Users\Gonçalo\Desktop\Incognito - Still a Friend of Mine (Cm).wav
2015-12-19 21:16 - 2015-12-20 15:54 - 00000000 ____D C:\Users\Gonçalo\Desktop\Chapa Dux - #OneLove
2015-12-18 21:53 - 2015-12-29 09:50 - 00002237 _____ C:\Users\Gonçalo\Desktop\Set Passagem de Ano.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-11 10:22 - 2009-07-14 04:53 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-11 10:22 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-11 10:19 - 2015-10-06 11:41 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-11 10:19 - 2015-01-07 22:06 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-11 10:19 - 2015-01-07 18:51 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-11 10:19 - 2009-07-14 04:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-11 10:19 - 2009-07-14 04:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-11 10:19 - 2009-07-14 04:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-11 10:18 - 2015-03-07 19:34 - 00001808 _____ C:\Users\Gonçalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-11 10:18 - 2015-03-02 01:33 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2016-01-11 10:18 - 2015-01-08 03:44 - 00000881 _____ C:\Users\Gonçalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2016-01-11 10:18 - 2009-07-14 04:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-11 10:18 - 2009-07-14 04:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-11 10:17 - 2015-06-29 23:19 - 00001942 _____ C:\Users\Gonçalo\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.eu.lnk
2016-01-11 10:17 - 2015-01-08 04:55 - 00000359 _____ C:\Users\Gonçalo\Desktop\Computador.lnk
2016-01-11 09:14 - 2015-11-18 17:14 - 00000917 _____ C:\Windows\Tasks\EPSON WF-2630 Series Update {1E0C0845-6CEC-4E5A-A176-964292702E09}.job
2016-01-11 09:09 - 2009-07-14 02:37 - 00000000 ____D C:\Windows
2016-01-11 08:52 - 2015-01-07 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-11 08:48 - 2015-01-07 20:00 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-11 08:09 - 2009-07-14 04:34 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-11 08:09 - 2009-07-14 04:34 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-11 08:01 - 2015-01-07 20:00 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 15:09 - 2015-12-11 23:38 - 00000000 ____D C:\stremio-cache
2016-01-06 16:41 - 2015-11-18 17:10 - 00000000 ____D C:\Users\Gonçalo\AppData\Roaming\Epson
2016-01-06 16:41 - 2015-11-18 16:58 - 00000000 ____D C:\ProgramData\Epson
2016-01-06 16:19 - 2015-10-06 11:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-05 21:06 - 2015-01-07 19:15 - 01654886 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-05 21:06 - 2009-07-14 08:31 - 00720822 _____ C:\Windows\system32\prfh0816.dat
2016-01-05 21:06 - 2009-07-14 08:31 - 00152774 _____ C:\Windows\system32\prfc0816.dat
2016-01-05 21:06 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf
2015-12-30 07:50 - 2015-01-08 03:45 - 00000000 ____D C:\ProgramData\Ableton
2015-12-30 07:01 - 2015-04-06 21:25 - 00000000 ____D C:\ProgramData\iSkysoft iTube Studio
2015-12-30 06:51 - 2015-04-06 22:08 - 00000000 ____D C:\ProgramData\xml_param
2015-12-19 03:04 - 2015-04-04 22:47 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-18 20:57 - 2015-11-04 07:20 - 00000000 ____D C:\Users\Gonçalo\AppData\Roaming\stremio

==================== Files in the root of some directories =======

2015-03-24 14:09 - 2015-05-06 02:10 - 0000132 _____ () C:\Users\Gonçalo\AppData\Roaming\Adobe PNG Format CS6 Prefs

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-09 22:39

==================== End of FRST.txt ============================















Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Gonçalo (2016-01-11 09:11:52)
Running from C:\Users\Gonçalo\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-01-07 19:16:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3268735155-487900952-46356077-500 - Administrator - Disabled)
Convidado (S-1-5-21-3268735155-487900952-46356077-501 - Limited - Disabled)
Gonçalo (S-1-5-21-3268735155-487900952-46356077-1001 - Administrator - Enabled) => C:\Users\Gonçalo
HomeGroupUser$ (S-1-5-21-3268735155-487900952-46356077-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{3573AD96-0B2F-4D56-BD66-2370C0F4EA99}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.64.1073 - AB Team, d.o.o.)
Epson Easy Photo Print 2 (HKLM\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{86B4A6B9-07FD-48EC-8730-1EC82E80C3D7}) (Version: 3.10.0030 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.50.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
GamesDesktop 009.005010202 (HKLM\...\gmsd_pt_005010202_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Guitar Pro 6 (HKLM\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iSkysoft iTube Studio(Build 4.5.0.0) (HKLM\...\iSkysoft iTube Studio_is1) (Version: 4.5.0.0 - iSkysoft Software)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Manuais EPSON (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.1.0 - SEIKO EPSON CORPORATION)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM\...\Native Instruments Kontakt 5) (Version: - Native Instruments)
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version: - Native Instruments)
Opera Stable 34.0.2036.25 (HKLM\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version: - PokerStars.eu)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Sample Modeling Mr. Sax T (HKLM\...\Sample Modeling Mr. Sax T) (Version: - )
Software Updater (HKLM\...\{E07D7C7B-F424-4EEF-BA17-B2C32BD1C107}) (Version: 4.3.0 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
Stremio (HKU\S-1-5-21-3268735155-487900952-46356077-1001\...\Stremio) (Version: 3.3.1 - Smart Code Ltd.)
SVH (HKLM\...\rec_en_77_is1) (Version: - ) <==== ATTENTION
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
yoursearching uninstall (HKLM\...\yoursearching uninstall) (Version: - yoursearching) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1234825F-75B0-45D3-951F-711541CDAF9B} - System32\Tasks\runTask => C:\Users\Gonçalo\AppData\Local\Temp/Updater.exe
Task: {17926254-6194-488D-B772-2A534153F369} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {1D4906CF-97C6-495B-B0B5-4A5C7D7B5813} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {6EEE9893-D143-42CA-ADF4-B8E0EC64B31F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B03A9EFF-4106-42F8-9B36-CA9C90F6FABC} - System32\Tasks\EPSON WF-2630 Series Update {1E0C0845-6CEC-4E5A-A176-964292702E09} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSMDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {B5C397AE-CD27-41CE-B419-9D909B84EC82} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {B6D7A44F-3B01-45E9-957B-C0629EDE1C86} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D4F6B847-E18D-4990-BC54-B2D5F5F1F4A0} - System32\Tasks\updateTask => c:\task.vbs [2016-01-10] ()
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON WF-2630 Series Update {1E0C0845-6CEC-4E5A-A176-964292702E09}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSMDE.EXE:/EXE:{1E0C0845-6CEC-4E5A-A176-964292702E09} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-02 15:18 - 2015-07-02 15:18 - 01758208 _____ () C:\Program Files\SpaceSoundPro\SpaceSoundPro.dll
2016-01-10 17:00 - 2016-01-10 16:33 - 00538112 _____ () C:\ProgramData\ApphguotoloS\ApphguotoloS.exe
2016-01-10 16:49 - 2016-01-10 16:33 - 00538112 _____ () C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
2016-01-10 13:43 - 2016-01-10 13:43 - 00202240 _____ () C:\Program Files\DC812464-1452444290-4733-E100-001D60F184B2\knsjDE69.tmpfs
2016-01-10 16:47 - 2016-01-10 16:47 - 00416256 _____ () C:\Program Files\DC812464-1452444290-4733-E100-001D60F184B2\hnse2FAC.tmp
2016-01-10 16:47 - 2016-01-10 16:47 - 00307712 _____ () C:\Program Files\DC812464-1452444290-4733-E100-001D60F184B2\jnse688.tmp
2016-01-10 17:01 - 2016-01-10 17:01 - 00257536 _____ () C:\ProgramData\ApphguotoloS\Lamnix.dll
2015-12-17 10:57 - 2015-12-11 03:54 - 01583432 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 10:56 - 2015-12-11 03:54 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-26 17:24 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Gonçalo\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2016-01-10 16:41 - 00001002 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activation.guitar-pro.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 http://www.czzsyzgm.com
127.0.0.1 http://www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3268735155-487900952-46356077-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{430BFE13-5EED-4BAA-AE01-5C494C6DDE3F}Z:\programas\tixati (download de torrents)\tixati_windows.exe] => (Allow) Z:\programas\tixati (download de torrents)\tixati_windows.exe
FirewallRules: [UDP Query User{A54D1824-32D6-4A10-A432-AB4936F3649F}Z:\programas\tixati (download de torrents)\tixati_windows.exe] => (Allow) Z:\programas\tixati (download de torrents)\tixati_windows.exe
FirewallRules: [{25198376-6BDC-4931-9C42-8D8FE6B1BF69}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{BD822D4C-36EB-4512-8E3F-05F799B6297A}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{42C69201-C98C-4082-A007-2EDE858CC840}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A7512290-1608-4F71-B133-D2FD95DA4EA6}C:\users\gonçalo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gonçalo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{83E64BF7-61EA-47AD-BEE8-E653816F138A}C:\users\gonçalo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gonçalo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E6C3E7AA-F5C7-4D28-A54E-CB8DD69A629C}C:\program files\iskysoft\itube studio\urlreqservice.exe] => (Allow) C:\program files\iskysoft\itube studio\urlreqservice.exe
FirewallRules: [UDP Query User{13C0D00E-4D7C-4D6E-941D-DFD7857978DF}C:\program files\iskysoft\itube studio\urlreqservice.exe] => (Allow) C:\program files\iskysoft\itube studio\urlreqservice.exe
FirewallRules: [TCP Query User{C4834787-4C7A-422B-ADFA-BB9DA862FCEB}C:\users\gonçalo\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\gonçalo\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{D3B97459-B7ED-422B-A366-D4312B589DDB}C:\users\gonçalo\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\gonçalo\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{A54D4A71-49B2-49A5-ABD6-31FD3B8773C0}C:\users\gonçalo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\gonçalo\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{11016AC2-F6A4-40DA-A490-228E18A6825C}C:\users\gonçalo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\gonçalo\appdata\local\popcorn time\nw.exe
FirewallRules: [{001BEA9D-DF73-4301-86D8-AEEE05A0CD75}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{49BB0B51-C0D3-4811-AF59-69346CD95C73}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{2B53365E-D34F-4D40-9442-D88BFE758828}C:\users\gonçalo\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\gonçalo\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{7F72EE43-24D7-4DC8-98AC-0F616294C51A}C:\users\gonçalo\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\gonçalo\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [{3FC8F20C-F151-4DBB-9C5A-F2532751E2FD}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{42DC9636-B954-443B-8938-AB2743BB995A}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{4BD9D6F2-6285-44A4-9415-D33A512EB7C0}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4BC9DDCD-6348-4F45-954E-7006CCEBAE35}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{7A7BAC5D-C627-4B44-B54B-703CEEA3ACD8}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{08F8B019-52F2-466C-8CA7-55743553D61B}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{0C929CBC-CF62-4712-B7DC-09FAA38D0AF1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-01-2016 21:14:47 Windows Update
09-01-2016 17:57:00 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2016 08:12:11 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2416) WindowsMail0: A cópia de segurança parou porque foi interrompida pelo cliente ou a ligação ao cliente falhou.

Error: (01/10/2016 04:49:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: DPE.exe, versão: 1.0.0.0, carimbo de data/hora: 0x55c8a75a
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de excepção: 0xc0000005
Desvio de falha: 0x003c41eb
ID do processo com falha: 0x57c
Data/hora de início da aplicação com falha: 0xDPE.exe0
Caminho da aplicação com falha: DPE.exe1
Caminho do módulo com falha: DPE.exe2
ID do Relatório: DPE.exe3

Error: (01/10/2016 04:49:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicação: DPE.exe
Versão do Framework: v4.0.30319
Descrição: O processo foi terminado devido a uma excepção não processada.
Informações da Excepção: System.NullReferenceException
Pilha:
em A..()
em A..(System.String[])

Error: (01/10/2016 04:40:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa gentlemjmp_ieu.tmp versão 51.52.0.0 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo do Centro de Acção.

ID do Processo: 1138

Hora de Início: 01d14bc2fadb74ba

Hora de Fim: 497

Caminho da Aplicação: C:\Users\GONALO~1\AppData\Local\Temp\is-VEJNC.tmp\gentlemjmp_ieu.tmp

ID do Relatório:

Error: (01/10/2016 02:51:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1706.No valid source could be found for product Adobe Refresh Manager. The Windows Installer cannot continue.

Error: (01/06/2016 09:28:57 PM) (Source: MsiInstaller) (EventID: 1024) (User: Gonçalo-TOSHIBA)
Description: Produto: Adobe Acrobat Reader DC - Português - Não foi possível instalar a actualização '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}'. Código de erro 1625. O Windows Installer pode criar registos para ajudar na resolução de problemas de instalação de pacotes de software. Utilize a seguinte hiperligação para obter instruções sobre a activação do suporte de registo: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/22/2015 10:09:11 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.106;lang=;guid=1D386151AE7D4A5387CE55955213F4CA;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\6cde3e82-d14d-40b1-8266-15c86bbf5bcf.dmp

Error: (12/18/2015 08:59:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicação: DS.exe
Versão do Framework: v4.0.30319
Descrição: O processo foi terminado devido a uma excepção não processada.
Informações da Excepção: System.Runtime.InteropServices.COMException
Pilha:
em Microsoft.Search.Interop.CSearchQueryHelperClass.GenerateSQLFromUserQuery(System.String)
em Microsoft.Samples.WindowsSearch.DSearch.DSearch.Main(System.String[])

Error: (12/07/2015 02:34:28 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=47.0.2526.73;lang=;guid=1D386151AE7D4A5387CE55955213F4CA;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\7093d435-dd8c-4e8d-a168-2ba2ce32d0a6.dmp

Error: (11/18/2015 05:06:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópia Sombra de Volumes: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Este é muitas vezes causado por definições de segurança incorrectas no processo do escritor ou requerente.


Operação:
A Recolher Dados de Escritor

Contexto:
ID de Classe de Escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nome de Escritor: System Writer
ID de Instância de Escritor: {10178741-3739-4cba-ab09-063ca40fb08b}


System errors:
=============
Error: (01/11/2016 09:14:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87

Error: (01/11/2016 09:13:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87

Error: (01/11/2016 09:13:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87

Error: (01/11/2016 09:12:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87

Error: (01/11/2016 09:12:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87

Error: (01/11/2016 09:11:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87

Error: (01/11/2016 09:11:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87

Error: (01/11/2016 09:10:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87

Error: (01/11/2016 09:09:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87

Error: (01/11/2016 09:09:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o seguinte erro:
%%87


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Percentage of memory in use: 90%
Total physical RAM: 1015.24 MB
Available physical RAM: 99.63 MB
Total Virtual: 2811.32 MB
Available Virtual: 1204.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:34.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive z: (Gonçalo WD EXT) (Fixed) (Total:1397.26 GB) (Free:889.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: DD258F44)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 00025083)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
goncalo_silva
Active Member
 
Posts: 6
Joined: January 11th, 2016, 6:36 am
Location: Portugal
Advertisement
Register to Remove

Re: Windows 7 with a lot of malware problems

Unread postby mAL_rEm018 » January 11th, 2016, 11:12 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello goncalo_silva,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 818
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Windows 7 with a lot of malware problems

Unread postby mAL_rEm018 » January 12th, 2016, 11:16 am

Hello goncalo_silva,

goncalo_silva wrote:Searching on Google, took me to this threat viewtopic.php?f=11&t=64154.
I've tried using some advices like Fixlist.txt with FRST.exe and Malwarebytes' Anti-Malware... FRST seemed to solve the problem with the Malware, but something ruined my internet connection.

You should never run a fix that was created for another user, even if the problems seem similar. We are using powerful tools to remove infections and the fixes that we provide to people are adapted for the computer of the user that has requested help. No two computers are identical! In this case you have lost access to internet and if you repeat this mistake again in the future, your computer could become inoperable..


Since you don't have access to the internet with your computer, please download all tools to a USB flash drive using another computer and transfer them to the infected computer.


Please run the following scans..


TSG-SysInfo
  • Please download and save the following tool to your Desktop: Link.
  • Right-click on SysInfo.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • A window entitled TSG SysInfo will open. Please copy/paste the highlighted text in your next reply.


MGA Diagnostics
  • Please download and save the following tool to your Desktop: Link.
  • Right-click on MGADiag.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Continue. The diagnosis will now begin.
  • When the process is over, click Copy.
  • Open Notepad and paste the contents.
  • Save this file as MGADiag.txt.
  • Post the content on MGADiag.txt in your next reply.


CKScanner
  • Please download following tool to your Desktop: Link
  • Right-Click on CKScanner.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.


-----------------------------------------
In your next reply, I would like to see..
  • TSG-SysInfo log
  • MGADiag.txt
  • CKFiles.txt

    Please post each log separately to prevent it being cut off by the forum post size limiter.
    Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 818
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Windows 7 with a lot of malware problems

Unread postby goncalo_silva » January 12th, 2016, 12:45 pm

Hi mAL.
Thank you very much for taking the time to helping me. :)
My computer was quite broken and my Chrome session with a lot of important tabs had just disappeared thanks to the malware, so I tried to solve the problem in an attempt to recovered them... Unfortunately I couldn't and thanks to the malware, a part of my History was erased, so they're lost forever... In other news, I regain access to internet by trying to connect with my smartphone Hotspot... Windows said there were some protocols missing and after installing I was able to connect again with my router.
One more thing that is happening: My laptop speakers work fine, but if I connect headphones, only the left channel works... disconnecting them makes only the left laptop speaker to work... If I reboot with the headphones connected, the sound on both channels works fine, but if I disconnect them, only the left speaker of the laptop works... reconnecting them keeps the problem
Last edited by goncalo_silva on January 12th, 2016, 1:11 pm, edited 2 times in total.
goncalo_silva
Active Member
 
Posts: 6
Joined: January 11th, 2016, 6:36 am
Location: Portugal

Re: Windows 7 with a lot of malware problems

Unread postby goncalo_silva » January 12th, 2016, 12:45 pm

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 1015 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 76308 MB, Free - 41178 MB; Z: Total - 1430798 MB, Free - 911229 MB;
Motherboard: TOSHIBA, Satellite L40
Antivirus: Microsoft Security Essentials, Updated and Enabled
goncalo_silva
Active Member
 
Posts: 6
Joined: January 11th, 2016, 6:36 am
Location: Portugal

Re: Windows 7 with a lot of malware problems

Unread postby goncalo_silva » January 12th, 2016, 1:07 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc0000022
Windows Product Key: *****-*****-3CVJH-QTCFD-9YTQG
Windows Product Key Hash: cNQNZa8KSB87BVcX8ST4xMoNZZc=
Windows Product ID: 00426-260-1989895-85746
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {023B5A8D-1988-404F-B336-F884626EBCD8}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.151019-1254
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{023B5A8D-1988-404F-B336-F884626EBCD8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9YTQG</PKey><PID>00426-260-1989895-85746</PID><PIDType>5</PIDType><SID>S-1-5-21-3268735155-487900952-46356077</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L40</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V5.50 </Version><SMBIOSVersion major="2" minor="4"/><Date>20080514000000.000000+000</Date></BIOS><HWID>84873207018400EA</HWID><UserLCID>0816</UserLCID><SystemLCID>0816</SystemLCID><TimeZone>Hora padrão de GMT(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSASU</OEMID><OEMTableID>TOSASU00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Num computador que esteja a executar uma edição não básica do Microsoft Windows, execute 'slui.exe 0x2a 0x80070426' para apresentar o texto do erro.
Erro: 0x80070426

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEABAABAAIAAAACAAAAAgABAAEAnJ/m/uYmcK7+10aDBgxMHc4E0GeWERRhpvFlKyqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSASU T0SASU00
FACP TOSASU T0SASU00
DBGP TOSASU T0SASU00
HPET TOSASU TOSASU00
BOOT TOSASU T0SASU00
MCFG TOSASU T0SASU00
SLIC TOSASU TOSASU00
ECDT TOSASU T0SASU00
OEMB TOSASU T0SASU00
GSCI TOSASU GMCHSCI
ATKG A_M_I_ OEMATKG
SSDT PmRef CpuPm
goncalo_silva
Active Member
 
Posts: 6
Joined: January 11th, 2016, 6:36 am
Location: Portugal

Re: Windows 7 with a lot of malware problems

Unread postby goncalo_silva » January 12th, 2016, 1:09 pm

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\common files\native instruments\kontakt 5\presets\effects\convolution\05 drum reverbs\0.4s firecracker snare orven.nkp
c:\program files\common files\native instruments\shared content\sounds\massive\crackle carl.ksd
c:\program files\common files\native instruments\shared content\sounds\massive\digitoy crackle.ksd
c:\program files\iskysoft\itube studio\youtube_dl\extractor\cracked.pyc
scanner sequence 3.BB.11.NPAPBZ
----- EOF -----
goncalo_silva
Active Member
 
Posts: 6
Joined: January 11th, 2016, 6:36 am
Location: Portugal

Re: Windows 7 with a lot of malware problems

Unread postby mAL_rEm018 » January 13th, 2016, 12:05 pm

Hello goncalo_silva,

Please answer the following questions..
  • Could you tell me why you are running a Windows 7 Ultimate version on your computer?
  • Why is your host file blocking Guitar Pro from accessing the software's activation website?
    127.0.0.1 activation.guitar-pro.com
User avatar
mAL_rEm018
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 818
Joined: November 11th, 2013, 6:26 pm
Location: Canada

Re: Windows 7 with a lot of malware problems

Unread postby goncalo_silva » January 13th, 2016, 5:43 pm

Hey mAL.

I have Windows 7 Ultimate because it was the version my father had and I needed to upgrade from XP.
The host file is blocking Guitar Pro because it's the only way I found to make the program work.
goncalo_silva
Active Member
 
Posts: 6
Joined: January 11th, 2016, 6:36 am
Location: Portugal

Re: Windows 7 with a lot of malware problems

Unread postby Gary R » January 13th, 2016, 8:19 pm

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs :
  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware