Jump to content

kingdemon576

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by kingdemon576

  1. kingdemon576
    Ok, it's done!
  2. kingdemon576
    I think the computer is clean now, problems have been solved. However,there's a problem with ERUNT whenever I start my computer.It's been displaying some warning dialogues stating something like some files cannot be saved. Csn I just uninstall ERUNT?
  3. kingdemon576
    mbam-log-2013-10-16 (17-47-06): Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.16.04 Windows 7 x86 NTFSInternet Explorer 9.0.8112.16421Justine :: MG [administrator] 10/16/2013 5:47:06 PMmbam-log-2013-10-16 (17-47-06).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 227630Time elapsed: 6 minute(s), 39 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) checkup: Results of screen317's Security Check version 0.99.74 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox 21.0 Firefox out of Date! Google Chrome 29.0.1547.76 Google Chrome 30.0.1599.101 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. kingdemon576
    Sorry, I wasn't able to generate a log file because I couldn't find the Open Report button. But after the scan, there were no threats detected.
  5. kingdemon576
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013 Ran by Justine at 2013-10-14 19:53:17 Run:1 Running from C:\Users\Justine\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\kpcgrhynko..vbs C:\kpcgrhynko.vbs C:\Users\Justine\Downloads\CheatEngine61.exe HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [uSB_Support] - wscript.exe "C:\Windows\USB2.0.vbs" HKCU\...\Run: [kpcgrhynko] - wscript.exe //B "C:\Users\Justine\AppData\Roaming\kpcgrhynko..vbs" ProxyServer: 0.0.0.0:80 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dts.search-re...temid=3&sr=0&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-re...temid=3&sr=0&q={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms} BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) C:\Users\Justine\random.dat Task: {167C7F99-EE10-4011-A5F4-6F96CCEF757F} - System32\Tasks\0 => Iexplore.exe Task: {D5396F1A-A9AC-4FF8-BF51-50BA50DBB9E4} - System32\Tasks\4919 => C:\Users\Justine\AppData\Local\Temp\launchie.vbsC:\Users\Justine\AppData\Local\Temp\launchie.vbs //B Task: {D923BE93-469B-41DC-9A12-4520B03671D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-03] (Google Inc.) Task: {E92A3180-8EFE-40D0-AEB6-34DE116B7A80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-03] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ***************** C:\kpcgrhynko..vbs => Moved successfully. "C:\kpcgrhynko.vbs" => File/Directory not found. C:\Users\Justine\Downloads\CheatEngine61.exe => Moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\USB_Support => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\kpcgrhynko => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully. HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} => Key not found. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found. HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2 => Key deleted successfully. C:\Windows\system32\npDeployJava1.dll => Moved successfully. HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key not found. C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found. C:\Users\Justine\random.dat => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{167C7F99-EE10-4011-A5F4-6F96CCEF757F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{167C7F99-EE10-4011-A5F4-6F96CCEF757F} => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5396F1A-A9AC-4FF8-BF51-50BA50DBB9E4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5396F1A-A9AC-4FF8-BF51-50BA50DBB9E4} => Key deleted successfully. C:\Windows\System32\Tasks\4919 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4919 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D923BE93-469B-41DC-9A12-4520B03671D0} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D923BE93-469B-41DC-9A12-4520B03671D0} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E92A3180-8EFE-40D0-AEB6-34DE116B7A80} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E92A3180-8EFE-40D0-AEB6-34DE116B7A80} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. ==== End of Fixlog ====
  6. kingdemon576
    Details: 1. I ran mbar only once because there were no threats. 2. After scanning with AdwCleaner, I did not click the clean button. mbar-log.txt: Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.10.14.02 Windows 7 x86 NTFSInternet Explorer 9.0.8112.16421Justine :: MG [administrator] 10/14/2013 12:28:14 PMmbar-log-2013-10-14 (12-28-14).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 231254Time elapsed: 7 minute(s), 18 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) system-log.txt:---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.712000 GHzMemory total: 2079711232, free: 1328898048 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.712000 GHzMemory total: 2079711232, free: 1341313024 Downloaded database version: v2013.10.14.02Downloaded database version: v2013.10.11.02=======================================Initializing...DDA Driver installation error.======================================= ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.712000 GHzMemory total: 2079711232, free: 1040080896 =======================================Initializing...------------ Kernel report ------------ 10/14/2013 12:28:09------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\DRIVERS\pciide.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\nvstor.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\DRIVERS\nvstor32.sys\SystemRoot\system32\DRIVERS\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\vmstorfl.sys\SystemRoot\system32\DRIVERS\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\aswVmm.sys\SystemRoot\System32\Drivers\aswRvrt.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\aswSnx.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\Drivers\aswTdi.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\Drivers\aswrdr2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\System32\Drivers\aswSP.SYS\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\parport.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\nvmf6232.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\flpydisk.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvstor32.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\aswMonFlt.sys\SystemRoot\System32\Drivers\aswFsBlk.SYS\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\parvdm.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff864b9ac8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000006e\Lower Device Object: 0xffffffff86487030Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff859a1948Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000065\Lower Device Object: 0xffffffff854f8ae0Lower Device Driver Name: \Driver\nvstor32\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff859a1948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff859a1630, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff859a1948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8550df08, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff854f8ae0, DeviceName: \Device\00000065\, DriverName: \Driver\nvstor32\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 36D905A8 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 624932864 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff864b9ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff864b97b0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff864b9ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff86487030, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1EA13F Partition information: Partition 0 type is Other (0xb) Partition is ACTIVE. Partition starts at LBA: 64 Numsec = 8191936 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4194304000 bytesSector size: 512 bytes Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_64_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...Removal finished JRT.txt:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.4 (10.06.2013:1)OS: Windows 7 Ultimate x86Ran by Justine on Mon 10/14/2013 at 12:38:48.88~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 10/14/2013 at 12:41:07.07End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner[R0]:# AdwCleaner v3.007 - Report created 14/10/2013 at 12:42:32# Updated 09/10/2013 by Xplode# Operating System : Windows 7 Ultimate (32 bits)# Username : Justine - MG# Running from : E:\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xmlFile Found : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16421 -\\ Mozilla Firefox v21.0 (en-US) [ File : C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\uwpn1qnm.default\prefs.js ] ************************* AdwCleaner[R0].txt - [942 octets] - [14/10/2013 12:42:32] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1001 octets] ########## ESET.txt:C:\kpcgrhynko..vbs VBS/Kryptik.J trojanC:\Qoobox\Quarantine\C\Windows\USB2.0.vbs.vir VBS/Packed.Runner.C applicationC:\Users\Justine\Downloads\CheatEngine61.exe multiple threats FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013Ran by Justine (administrator) on MG on 14-10-2013 13:35:02Running from E:\Microsoft Windows 7 Ultimate (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11487848 2011-12-13] (Realtek Semiconductor)HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)HKLM\...\Run: [uSB_Support] - wscript.exe "C:\Windows\USB2.0.vbs"HKCU\...\Run: [kpcgrhynko] - wscript.exe //B "C:\Users\Justine\AppData\Roaming\kpcgrhynko..vbs"Startup: C:\Users\Justine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnkShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()BootExecute: autocheck autochk /p \??\F:autocheck autochk * ==================== Internet (Whitelisted) ==================== ProxyServer: 0.0.0.0:80HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.ph/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=3&sr=0&q={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=3&sr=0&q={searchTerms}SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabWinsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\uwpn1qnm.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @t.garena.com/garenatalk - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xmlFF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll ()CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Garena Talk Plugin) - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)CHR Extension: (Google Docs) - C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1CHR Extension: (Gmail) - C:\Users\Justine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-03-04] ()S3 npggsvc; C:\Windows\system32\GameMon.des [5017816 2013-01-21] (INCA Internet Co., Ltd.)R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-03-04] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-13] (DT Soft Ltd)S3 AhnRptTfFRegF; \??\C:\Users\Justine\AppData\Local\Temp\nsi6182.tmp\TfFRegNt.sys [x]S3 catchme; \??\C:\Users\Justine\AppData\Local\Temp\catchme.sys [x]S3 cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-14 13:34 - 2013-10-14 13:34 - 00000000 ____D C:\FRST2013-10-14 12:50 - 2013-10-14 12:50 - 00000000 ____D C:\Program Files\ESET2013-10-14 12:48 - 2013-10-14 12:49 - 02347384 _____ (ESET) C:\Users\Justine\Downloads\esetsmartinstaller_enu.exe2013-10-14 12:42 - 2013-10-14 12:42 - 00000000 ____D C:\AdwCleaner2013-10-14 12:41 - 2013-10-14 12:41 - 00000746 _____ C:\Users\Justine\Desktop\JRT.txt2013-10-14 12:28 - 2013-10-14 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-14 12:28 - 2013-10-14 12:28 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2013-10-14 12:24 - 2013-10-14 12:27 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-10-14 12:23 - 2013-10-14 12:37 - 00000000 ____D C:\Users\Justine\Desktop\mbar2013-10-14 12:21 - 2013-10-14 12:21 - 00000558 _____ C:\Windows\PFRO.log2013-10-14 09:59 - 2013-10-14 09:59 - 00010416 _____ C:\ComboFix.txt2013-10-14 09:46 - 2013-10-14 09:59 - 00000000 ____D C:\Qoobox2013-10-14 09:46 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe2013-10-14 09:46 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe2013-10-14 09:46 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-10-14 09:46 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-10-14 09:46 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-10-14 09:46 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe2013-10-14 09:46 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe2013-10-14 09:46 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe2013-10-14 09:44 - 2013-10-14 09:44 - 05132614 ____R (Swearware) C:\Users\Justine\Desktop\ComboFix.exe2013-10-12 12:19 - 2013-10-12 12:19 - 00003027 _____ C:\Users\Justine\Desktop\RKreport[0]_S_10122013_121952.txt2013-10-12 12:17 - 2013-10-14 09:58 - 00000000 ____D C:\Windows\ERDNT2013-10-12 12:17 - 2013-10-12 12:19 - 00000000 ____D C:\Users\Justine\Desktop\RK_Quarantine2013-10-12 12:17 - 2013-10-12 12:17 - 00000898 _____ C:\Users\Justine\Desktop\NTREGOPT.lnk2013-10-12 12:17 - 2013-10-12 12:17 - 00000879 _____ C:\Users\Justine\Desktop\ERUNT.lnk2013-10-12 12:15 - 2013-10-12 12:16 - 00003160 _____ C:\Users\Justine\Desktop\Rkill.txt2013-10-12 11:54 - 2013-10-12 12:17 - 00000898 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk2013-10-12 11:54 - 2013-10-12 12:17 - 00000879 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk2013-10-12 11:54 - 2013-10-12 12:17 - 00000000 ____D C:\Program Files\ERUNT2013-10-12 11:43 - 2013-10-12 12:15 - 00000000 ____D C:\Users\Justine\Desktop\rkill2013-10-12 08:14 - 2013-10-12 08:14 - 00010726 _____ C:\Users\Justine\Desktop\dds.txt2013-10-12 08:14 - 2013-10-12 08:14 - 00004367 _____ C:\Users\Justine\Desktop\attach.txt2013-09-30 20:37 - 2013-10-14 12:47 - 00001680 _____ C:\Windows\setupact.log2013-09-30 20:37 - 2013-09-30 20:37 - 00000000 _____ C:\Windows\setuperr.log2013-09-28 05:30 - 2013-09-11 17:03 - 00167773 ___SH C:\kpcgrhynko..vbs2013-09-22 16:12 - 2013-10-14 12:50 - 00090782 _____ C:\Windows\WindowsUpdate.log2013-09-15 20:37 - 2013-09-15 20:37 - 00000000 ____D C:\Users\Justine\Documents\College ==================== One Month Modified Files and Folders ======= 2013-10-14 13:34 - 2013-10-14 13:34 - 00000000 ____D C:\FRST2013-10-14 13:03 - 2013-03-02 19:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-14 13:03 - 2012-05-11 11:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2013-10-14 13:03 - 2012-01-10 20:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2013-10-14 13:00 - 2011-02-03 23:23 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-10-14 12:52 - 2009-07-14 12:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-14 12:52 - 2009-07-14 12:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-14 12:50 - 2013-10-14 12:50 - 00000000 ____D C:\Program Files\ESET2013-10-14 12:50 - 2013-09-22 16:12 - 00090782 _____ C:\Windows\WindowsUpdate.log2013-10-14 12:49 - 2013-10-14 12:48 - 02347384 _____ (ESET) C:\Users\Justine\Downloads\esetsmartinstaller_enu.exe2013-10-14 12:47 - 2013-09-30 20:37 - 00001680 _____ C:\Windows\setupact.log2013-10-14 12:47 - 2011-02-03 23:23 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-10-14 12:47 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-14 12:42 - 2013-10-14 12:42 - 00000000 ____D C:\AdwCleaner2013-10-14 12:41 - 2013-10-14 12:41 - 00000746 _____ C:\Users\Justine\Desktop\JRT.txt2013-10-14 12:37 - 2013-10-14 12:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-14 12:37 - 2013-10-14 12:23 - 00000000 ____D C:\Users\Justine\Desktop\mbar2013-10-14 12:28 - 2013-10-14 12:28 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2013-10-14 12:27 - 2013-10-14 12:24 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-10-14 12:21 - 2013-10-14 12:21 - 00000558 _____ C:\Windows\PFRO.log2013-10-14 09:59 - 2013-10-14 09:59 - 00010416 _____ C:\ComboFix.txt2013-10-14 09:59 - 2013-10-14 09:46 - 00000000 ____D C:\Qoobox2013-10-14 09:59 - 2009-07-14 10:37 - 00000000 ___RD C:\Users\Public2013-10-14 09:58 - 2013-10-12 12:17 - 00000000 ____D C:\Windows\ERDNT2013-10-14 09:57 - 2009-07-14 10:04 - 00000215 _____ C:\Windows\system.ini2013-10-14 09:44 - 2013-10-14 09:44 - 05132614 ____R (Swearware) C:\Users\Justine\Desktop\ComboFix.exe2013-10-12 12:19 - 2013-10-12 12:19 - 00003027 _____ C:\Users\Justine\Desktop\RKreport[0]_S_10122013_121952.txt2013-10-12 12:19 - 2013-10-12 12:17 - 00000000 ____D C:\Users\Justine\Desktop\RK_Quarantine2013-10-12 12:17 - 2013-10-12 12:17 - 00000898 _____ C:\Users\Justine\Desktop\NTREGOPT.lnk2013-10-12 12:17 - 2013-10-12 12:17 - 00000879 _____ C:\Users\Justine\Desktop\ERUNT.lnk2013-10-12 12:17 - 2013-10-12 11:54 - 00000898 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk2013-10-12 12:17 - 2013-10-12 11:54 - 00000879 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk2013-10-12 12:17 - 2013-10-12 11:54 - 00000000 ____D C:\Program Files\ERUNT2013-10-12 12:16 - 2013-10-12 12:15 - 00003160 _____ C:\Users\Justine\Desktop\Rkill.txt2013-10-12 12:15 - 2013-10-12 11:43 - 00000000 ____D C:\Users\Justine\Desktop\rkill2013-10-12 11:54 - 2011-01-21 20:50 - 00000000 ____D C:\Users\Justine\AppData\Local\VirtualStore2013-10-12 11:38 - 2012-03-19 18:23 - 00000000 ____D C:\Program Files\Warcraft III2013-10-12 08:14 - 2013-10-12 08:14 - 00010726 _____ C:\Users\Justine\Desktop\dds.txt2013-10-12 08:14 - 2013-10-12 08:14 - 00004367 _____ C:\Users\Justine\Desktop\attach.txt2013-10-12 08:06 - 2013-09-08 14:24 - 00000000 ____D C:\Users\Justine\Downloads\Half-Life 2(no steam)2013-10-02 15:51 - 2011-01-23 11:34 - 00000145 _____ C:\Users\Justine\AppData\Roaming\default.rss2013-09-30 20:51 - 2009-07-14 10:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy2013-09-30 20:37 - 2013-09-30 20:37 - 00000000 _____ C:\Windows\setuperr.log2013-09-30 20:31 - 2009-07-14 12:53 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-28 05:34 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\NDF2013-09-24 17:17 - 2011-01-21 20:59 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-15 21:01 - 2013-09-13 13:29 - 00000000 ____D C:\Users\Justine\AppData\Roaming\vlc2013-09-15 20:37 - 2013-09-15 20:37 - 00000000 ____D C:\Users\Justine\Documents\College2013-09-15 20:21 - 2011-10-21 19:48 - 00000000 ____D C:\Users\Justine\AppData\Local\Paint.NET2013-09-15 11:48 - 2013-09-08 08:42 - 00000000 ____D C:\Users\Justine\Desktop\Utilities Files to move or delete:====================C:\Users\Justine\random.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-22 08:39 ==================== End Of Log ============================ Addition.txt:Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013Ran by Justine at 2013-10-14 13:35:38Running from E:\Boot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== ABBYY FineReader 9.0 Sprint (Version: 9.01.506.5829)Adobe AIR (Version: 3.8.0.1430)Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)Adobe Flash Player 11 Plugin (Version: 11.8.800.168)Adobe Reader XI (11.0.04) (Version: 11.0.04)Advertising Center (Version: 0.0.0.1)Apple Application Support (Version: 2.3.4)Apple Mobile Device Support (Version: 6.1.0.13)Apple Software Update (Version: 2.1.3.127)avast! Free Antivirus (Version: 8.0.1497.0)Bonjour (Version: 3.0.0.10)CCleaner (Version: 4.04)D3DX10 (Version: 15.4.2368.0902)DAEMON Tools Lite (Version: 4.47.1.0333)Epson Easy Photo Print 2 (Version: 2.2.0.0)Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)Epson Event Manager (Version: 2.40.0001)EPSON ScanEPSON TX121 Series ManualEPSON TX121 Series Printer UninstallERUNT 1.1jESET Online Scanner v3Google Chrome (Version: 29.0.1547.76)ImagXpress (Version: 7.0.74.0)iTunes (Version: 11.0.4.4)Java 7 Update 25 (Version: 7.0.250)Java Auto Updater (Version: 2.1.9.5)Java SE Development Kit 7 Update 15 (Version: 1.7.0.150)JavaFX 2.1.1 (Version: 2.1.1)Junk Mail filter update (Version: 15.4.3502.0922)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Mesh Runtime (Version: 15.4.5722.2)Messenger Companion (Version: 15.4.3502.0922)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Office PowerPoint 2010 (Version: 14.0.4763.1000)Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)Microsoft Office Publisher 2010 (Version: 14.0.4763.1000)Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)Microsoft Office Word 2010 (Version: 14.0.4763.1000)Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)Microsoft PowerPoint 2010 (Version: 14.0.4763.1000)Microsoft Publisher 2010 (Version: 14.0.4763.1000)Microsoft Silverlight (Version: 4.0.50401.0)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Word 2010 (Version: 14.0.4763.1000)Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)Mozilla Maintenance Service (Version: 21.0)MSVCRT (Version: 15.4.2862.0708)NBA 2K11 (Version: 1.0.0)Nero 9 EssentialsNero BurnRights (Version: 3.4.11.100)Nero BurnRights Help (Version: 3.4.4.100)Nero ControlCenter (Version: 9.0.0.1)Nero CoverDesigner (Version: 4.4.9.100)Nero CoverDesigner Help (Version: 4.4.9.100)Nero Disc Copy Gadget (Version: 2.4.22.0)Nero Disc Copy Gadget Help (Version: 2.4.34.0)Nero DiscSpeed (Version: 5.4.11.100)Nero DiscSpeed Help (Version: 5.4.4.100)Nero DriveSpeed (Version: 4.4.11.100)Nero DriveSpeed Help (Version: 4.4.4.100)Nero Express Help (Version: 9.6.2.101)Nero InfoTool (Version: 6.4.11.100)Nero InfoTool Help (Version: 6.4.4.100)Nero Installer (Version: 4.4.9.0)Nero Online Upgrade (Version: 1.3.0.0)Nero Rescue Agent (Version: 2.4.12.100)Nero RescueAgent Help (Version: 2.4.4.100)Nero ShowTime (Version: 5.4.0.100)Nero ShowTime (Version: 5.4.13.100)Nero StartSmart (Version: 9.4.12.100)Nero StartSmart Help (Version: 9.4.16.100)Nero Vision (Version: 6.4.12.100)Nero Vision Help (Version: 6.4.15.100)NeroExpress (Version: 9.4.17.100)NeroLiveGadget (Version: 1.2.12.100)NeroLiveGadget Help (Version: 1.2.19.100)neroxml (Version: 1.0.0)NVIDIA Control Panel 307.83 (Version: 307.83)NVIDIA Drivers (Version: 1.4)NVIDIA ForceWare Network Access Manager (Version: 1.00.7330.0)NVIDIA Graphics Driver 307.83 (Version: 307.83)NVIDIA Install Application (Version: 2.1002.109.706)NVIDIA Update 1.10.8 (Version: 1.10.8)NVIDIA Update Components (Version: 1.10.8)Paint.NET v3.5.11 (Version: 3.61.0)Realtek High Definition Audio Driver (Version: 6.0.1.6526)Revo Uninstaller 1.92 (Version: 1.92)System Requirements Lab CYRI (Version: 6.0.7.0)System Requirements Lab Test (Version: 5.0.6.0)VLC media player 2.0.8 (Version: 2.0.8)VoiceOver Kit (Version: 1.42.128.0)Warcraft IIIWarcraft III: All ProductsWindows Live Communications Platform (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3508.1109)Windows Live Family Safety (Version: 15.4.3502.0922)Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)Windows Live Installer (Version: 15.4.3502.0922)Windows Live Mail (Version: 15.4.3502.0922)Windows Live Mesh (Version: 15.4.3502.0922)Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)Windows Live Messenger (Version: 15.4.3502.0922)Windows Live Messenger Companion Core (Version: 15.4.3502.0922)Windows Live MIME IFilter (Version: 15.4.3502.0922)Windows Live Movie Maker (Version: 15.4.3502.0922)Windows Live Photo Common (Version: 15.4.3502.0922)Windows Live Photo Gallery (Version: 15.4.3502.0922)Windows Live PIMT Platform (Version: 15.4.3508.1109)Windows Live Remote Client (Version: 15.4.5722.2)Windows Live Remote Client Resources (Version: 15.4.5722.2)Windows Live Remote Service (Version: 15.4.5722.2)Windows Live Remote Service Resources (Version: 15.4.5722.2)Windows Live SOXE (Version: 15.4.3502.0922)Windows Live SOXE Definitions (Version: 15.4.3502.0922)Windows Live UX Platform (Version: 15.4.3502.0922)Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)Windows Live Writer (Version: 15.4.3502.0922)Windows Live Writer Resources (Version: 15.4.3502.0922)Windows Media Player Firefox Plugin (Version: 1.0.0.8)WinRAR 5.00 (32-bit) (Version: 5.00.0) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 10:04 - 2013-10-14 09:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {01426752-0FD3-4E4F-8223-C118DE10EAA2} - System32\Tasks\{88A5F921-5F97-4507-A1C2-37C6C0562816} => C:\Program Files\Warcraft III\Frozen Throne.exe [2007-01-25] (Blizzard Entertainment)Task: {151F7EA4-1AB7-4CBB-8C64-D5A4E1498F82} - System32\Tasks\{DA78573E-9513-4E08-8A40-08A268EB985E} => C:\Program Files\2K Sports\NBA 2K11\nba2k11.exe [2010-10-06] (2K Sports)Task: {167C7F99-EE10-4011-A5F4-6F96CCEF757F} - System32\Tasks\0 => Iexplore.exe Task: {1B90D421-8953-4721-B0D0-45761F4D6359} - System32\Tasks\{02BEA2FB-DEA3-4CB7-8B96-C20881E873C7} => C:\Program Files\Skype\\Phone\Skype.exeTask: {2674B148-D749-4B0D-B425-988B580CFF1D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)Task: {3EAEF43B-78E5-4340-AFC9-867112E30458} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-14] (Adobe Systems Incorporated)Task: {4C0BFCE1-2685-4035-912C-464DDD5A6235} - System32\Tasks\{E3D0CCB7-E325-45E2-B3CC-0B431B956482} => C:\Program Files\Warcraft III\War3.exeTask: {4E33F9E8-C462-45FA-B8E0-927D8F19F1AE} - System32\Tasks\{F9D4EC0F-220A-4979-84F7-2F1CC06A51E9} => C:\Users\Justine\Documents\Office 2010 professional 32 bit.exeTask: {56922F3F-4D12-493E-B695-FB92E78B4FF2} - System32\Tasks\{44D1DB9A-DDEF-400C-8B61-7A4C8FACF4EC} => C:\Program Files\Warcraft III\Frozen Throne.exe [2007-01-25] (Blizzard Entertainment)Task: {57B44C81-304C-4D31-A28F-F37FA520CE4B} - System32\Tasks\{A162C476-9FD1-4582-B637-D1C17C7684CB} => C:\Program Files\2K Sports\NBA 2K11\nba2k11.exe [2010-10-06] (2K Sports)Task: {84F67408-AC12-4BBD-91B6-0495FEE764D1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {91BA847A-D9FD-4406-8C6D-DEDACF23B895} - System32\Tasks\{EE4A4140-AE7C-43D8-B5A8-1ACBF65818F5} => C:\Program Files\2K Sports\NBA 2K11\nba2k11.exe [2010-10-06] (2K Sports)Task: {A3A44CBA-3D78-4A89-94B4-8AE9081C9AEE} - System32\Tasks\{75279B94-74FC-4BD6-84FF-7172A3D95074} => C:\Program Files\2K Sports\NBA 2K11\nba2k11.exe [2010-10-06] (2K Sports)Task: {AAFB444D-0C75-49C5-9BAF-A49638F8835B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-23] (Piriform Ltd)Task: {BCD7AED0-89E6-4900-B456-F04ACE889C3C} - System32\Tasks\{A4BC944D-2E9B-42BE-9E65-95D65BD3D28B} => C:\Program Files\Warcraft III\War3TFT_124a_English.exeTask: {D5396F1A-A9AC-4FF8-BF51-50BA50DBB9E4} - System32\Tasks\4919 => C:\Users\Justine\AppData\Local\Temp\launchie.vbsC:\Users\Justine\AppData\Local\Temp\launchie.vbs //BTask: {D923BE93-469B-41DC-9A12-4520B03671D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-03] (Google Inc.)Task: {E7A0F053-B718-4923-AFDC-3EFCCBE535B2} - System32\Tasks\{51A45D1F-F91E-475C-8DC8-F1DA2C1B021A} => C:\Program Files\Warcraft III\Frozen Throne.exe [2007-01-25] (Blizzard Entertainment)Task: {E92A3180-8EFE-40D0-AEB6-34DE116B7A80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-03] (Google Inc.)Task: {F8CD14C2-106E-409D-A203-454A91977E46} - System32\Tasks\{28751D89-643E-46C8-8683-848932C11DDF} => C:\Program Files\Warcraft III\War3TFT_124a_English.exeTask: {FF28DF7E-8FF9-48E5-9975-764380D4E6BA} - System32\Tasks\{46B26138-1D06-4191-BABF-4EC9F0266825} => C:\Program Files\Alwil Software\Avast5\AvastUI.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Justine\AppData\Roaming\default.rss:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/14/2013 00:47:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.. Error: (10/14/2013 00:41:52 PM) (Source: Microsoft-Windows-CAPI2) (User: )Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.. System errors:=============Error: (10/14/2013 00:51:25 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (10/14/2013 00:51:25 PM) (Source: nvstor32) (User: )Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD3200AAJS-00YZCA0 Firmware Version: 01.0 Serial Number: WD-WCAYU6332601 Port: 0 Error: (10/14/2013 00:51:23 PM) (Source: nvstor32) (User: )Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD3200AAJS-00YZCA0 Firmware Version: 01.0 Serial Number: WD-WCAYU6332601 Port: 0 Error: (10/14/2013 00:51:21 PM) (Source: nvstor32) (User: )Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD3200AAJS-00YZCA0 Firmware Version: 01.0 Serial Number: WD-WCAYU6332601 Port: 0 Error: (10/14/2013 00:51:19 PM) (Source: nvstor32) (User: )Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD3200AAJS-00YZCA0 Firmware Version: 01.0 Serial Number: WD-WCAYU6332601 Port: 0 Error: (10/14/2013 00:51:17 PM) (Source: nvstor32) (User: )Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD3200AAJS-00YZCA0 Firmware Version: 01.0 Serial Number: WD-WCAYU6332601 Port: 0 Error: (10/14/2013 00:51:16 PM) (Source: nvstor32) (User: )Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD3200AAJS-00YZCA0 Firmware Version: 01.0 Serial Number: WD-WCAYU6332601 Port: 0 Error: (10/14/2013 00:51:14 PM) (Source: nvstor32) (User: )Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD3200AAJS-00YZCA0 Firmware Version: 01.0 Serial Number: WD-WCAYU6332601 Port: 0 Error: (10/14/2013 00:51:12 PM) (Source: nvstor32) (User: )Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD3200AAJS-00YZCA0 Firmware Version: 01.0 Serial Number: WD-WCAYU6332601 Port: 0 Error: (10/14/2013 00:51:10 PM) (Source: nvstor32) (User: )Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD3200AAJS-00YZCA0 Firmware Version: 01.0 Serial Number: WD-WCAYU6332601 Port: 0 Microsoft Office Sessions:=========================Error: (10/14/2013 00:47:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/14/2013 00:41:52 PM) (Source: Microsoft-Windows-CAPI2)(User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. CodeIntegrity Errors:=================================== Date: 2013-03-14 18:04:52.051 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_184\avcuf32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-13 21:22:30.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-13 21:17:09.966 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-13 21:11:11.531 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-13 21:03:08.446 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-13 20:12:48.249 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-13 19:09:52.162 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_184\avcuf32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-13 18:32:23.408 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_184\avcuf32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-13 18:26:32.907 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_184\avcuf32.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-13 18:19:48.838 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_184\avcuf32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 42%Total physical RAM: 1983.37 MBAvailable physical RAM: 1138.19 MBTotal Pagefile: 3966.73 MBAvailable Pagefile: 3064.3 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1890.4 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:233.05 GB) NTFSDrive e: () (Removable) (Total:3.9 GB) (Free:3.88 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 36D905A8)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 4 GB) (Disk ID: 001EA13F)Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================
  7. kingdemon576
    Here is the log file attached log.txt
  8. kingdemon576
    Thank you for your help! Here are the logs: RKILL TEXT: Rkill 2.6.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/12/2013 12:15:15 PM in x86 mode.Windows Version: Windows 7 Ultimate Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Active Proxy Server Detected * Proxy Disabled. * ProxyOverride value deleted. * ProxyServer value deleted. * AutoConfigURL value deleted. * Proxy settings were backed up to Registry file. Checking Registry for malware related settings: * No issues found in the Registry. Backup Registry file created at: C:\Users\Justine\Desktop\rkill\rkill-10-12-2013-12-15-17.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Automatic (Delayed Start) * Security Center (wscsvc) is not Running. Startup Type set to: Automatic (Delayed Start) * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. RogueKiller Text: RogueKiller V8.7.2 [Oct 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits versionStarted in : Normal modeUser : Justine [Admin rights]Mode : Scan -- Date : 10/12/2013 12:19:52| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 11 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : kpcgrhynko (wscript.exe //B "C:\Users\Justine\AppData\Roaming\kpcgrhynko..vbs" [x][-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Run : kpcgrhynko (wscript.exe //B "C:\Users\Justine\AppData\Roaming\kpcgrhynko..vbs" [x][-]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Run : USB_Support (wscript.exe "C:\Windows\USB2.0.vbs" [x][-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-4142094387-1528978530-3875660502-1000\[...]\Run : kpcgrhynko (wscript.exe //B "C:\Users\Justine\AppData\Roaming\kpcgrhynko..vbs" [x][-]) -> FOUND[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (0.0.0.0:80) -> FOUND[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤[V2][ROGUE ST] 4919 : wscript.exe - C:\Users\Justine\AppData\Local\Temp\launchie.vbs //B -> FOUND[V2][sUSP PATH] {F9D4EC0F-220A-4979-84F7-2F1CC06A51E9} : C:\Users\Justine\Documents\Office 2010 professional 32 bit.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD32 00AAJS-00YZC SCSI Disk Device +++++--- User ---[MBR] acd39764c8279f058b2a2e03f1c3cfd3[bSP] 3cdd53122bf8e1ea20d2b03bf72bc71e : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MoUser = LL1 ... OK!Error reading LL2 MBR! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - Generic Mass Storage USB Device +++++--- User ---[MBR] fd24a7f7185036fa3dd9889ac13b29b5[bSP] ee3f8dea992cc1259ce0b4f6fd8dbe2a : Empty MBR CodePartition table:0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 64 | Size: 3999 MoUser = LL1 ... OK!Error reading LL2 MBR! Finished : << RKreport[0]_S_10122013_121952.txt >>
  9. kingdemon576
    At first, I couldn't open task manager, and regedit, so I thought my desktop was infected. Then I performed full system scan with MBAM (free version), and found 3 infections: hijack.folderoptions pum.hijack.regeditpum.hijack.taskmanager After the quarantine, I deleted them. But now, there is a problem with the Internet. Any browser won't load pages. I tried resetting Internet options in Internet Explorer, and it worked. But after less than five minutes, browsers won't load pages again, which means I have to restore the default options in Internet Explorer again. I also have a problem with attaching my USB. My files turn into shortcuts right away after plugging it. There's a virus called 'kpcgrhynko.vbs'. I had to reformat it on my laptop to remove the virus in my USB. The virus comes back whenever I plug it in my desktop. I tried boot-time scan with avast(free), but it wasn't able to detect any virus. I also noticed that every time I run other applications like regedit, games, etc., it would ask the my permission first. It wasn't like this before. And by the way, I use Windows 7. Thank you in the future! attach.txt dds.txt
  10. kingdemon576
    OK thanks, I'll do that.
  11. kingdemon576
    At first, I couldn't open task manager, and regedit, so I thought my desktop was infected. Then I performed full system scan with MBAM (free version), and found 3 infections: hijack.folderoptions pum.hijack.regeditpum.hijack.taskmanager After the quarantine, I deleted them. But now, there is a problem with the Internet. Any browser won't load pages. I tried resetting Internet options in Internet Explorer, and it worked. But after less than five minutes, browsers won't load pages again, which means I have to restore the default options in Internet Explorer again. I tried boot-time scan with avast(free), but it wasn't able to detect any virus. I also noticed that every time I run other applications like regedit, games, etc., it would ask the my permission first. It wasn't like this before. And by the way, I use Windows 7. Thank you in the future!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.