ogma
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ogma
-
-
Ah, thank you. Here is the FRST file copy-pasted as requested. The other (Addition) has been attached, also as requested.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014Ran by Zarnite (administrator) on RATCHET on 23-01-2014 09:14:18Running from C:\Users\Zarnite\Desktop\FRST64Windows 8.1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()HKLM\...\Run: [iAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-16] (AVAST Software)HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\2b4f1b02-5033-4130-9fcf-56afd2c4cc33.exe [180184 2013-11-23] (AVAST Software)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.comSearchScopes: HKLM - DefaultScope {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJSSearchScopes: HKLM - {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJSSearchScopes: HKLM-x32 - DefaultScope {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJSSearchScopes: HKLM-x32 - {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJSSearchScopes: HKCU - DefaultScope {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL =SearchScopes: HKCU - {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL =BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254FireFox:========FF ProfilePath: C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)FF Extension: Xmarks - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\foxmarks@kei.com [2013-11-20]FF Extension: Better Gmail 2 - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\bettergmail2@ginatrapani.org.xpi [2013-11-20]FF Extension: XKit - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\xkit@studioxenix.com.xpi [2014-01-19]FF Extension: Stylish - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-11-20]FF Extension: Adblock Plus - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-20]FF Extension: Tab Mix Plus - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-11-20]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-31]==================== Services (Whitelisted) =================U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-16] (AVAST Software)U2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)U2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)U2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)U2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]U3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]U2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x]==================== Drivers (Whitelisted) ====================U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)U2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [38984 2013-11-16] (AVAST Software)U2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [84328 2013-11-16] (AVAST Software)U1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2013-10-31] (AVAST Software)U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-31] ()U1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1032416 2013-11-16] (AVAST Software)U1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [409832 2013-11-08] (AVAST Software)U3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2013-10-31] (The OpenVPN Project)U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-31] ()U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)U0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-01-23 09:14 - 2014-01-23 09:14 - 00000000 ____D C:\FRST2014-01-23 09:11 - 2014-01-23 09:14 - 00000000 ____D C:\Users\Zarnite\Desktop\FRST642014-01-23 08:00 - 2014-01-23 08:00 - 00001518 _____ C:\Users\Zarnite\Desktop\RKreport[0]_S_01232014_080043.txt2014-01-23 07:58 - 2014-01-23 08:01 - 00000000 ____D C:\Users\Zarnite\Desktop\RK_Quarantine2014-01-23 07:52 - 2014-01-23 07:52 - 04406784 _____ C:\Users\Zarnite\Desktop\RogueKillerX64.exe2014-01-23 00:43 - 2014-01-23 00:48 - 05020016 _____ C:\Users\Zarnite\Desktop\Rkill.txt2014-01-23 00:43 - 2014-01-23 00:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Zarnite\Downloads\rkill.exe2014-01-22 21:36 - 2014-01-22 21:36 - 00001058 _____ C:\WINDOWS\PFRO.log2014-01-22 00:28 - 2014-01-23 09:10 - 00222916 _____ C:\WINDOWS\WindowsUpdate.log2014-01-20 00:12 - 2014-01-20 00:12 - 03912191 _____ C:\Users\Zarnite\Downloads\james-kass_code2000.zip2014-01-19 20:11 - 2014-01-22 01:28 - 00000000 ____D C:\Users\Zarnite\Documents\Tumblr2014-01-14 11:09 - 2014-01-14 11:09 - 00000000 ____D C:\Users\Zarnite\Documents\Registration Entries2014-01-01 22:52 - 2014-01-01 22:52 - 00002072 _____ C:\Users\Zarnite\Desktop\The Lord of the Rings Online™.lnk2014-01-01 19:36 - 2014-01-01 19:36 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Chromium2014-01-01 19:33 - 2014-01-01 19:33 - 00000000 ____D C:\Users\Zarnite\AppData\Local\The Lord of the Rings Online2014-01-01 19:31 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll2014-01-01 19:31 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll2014-01-01 19:31 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll2014-01-01 19:31 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll2014-01-01 19:29 - 2014-01-01 19:38 - 00000000 ____D C:\Users\Zarnite\Documents\The Lord of the Rings Online2014-01-01 19:28 - 2014-01-23 00:33 - 00001993 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk2013-12-27 23:54 - 2013-12-27 23:56 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Turbine2013-12-27 23:40 - 2014-01-01 19:14 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine2013-12-27 23:40 - 2013-12-27 23:40 - 00000000 ____D C:\ProgramData\Turbine2013-12-27 23:36 - 2014-01-01 19:14 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud2013-12-27 23:31 - 2014-01-01 19:33 - 00000000 ____D C:\ProgramData\HappyCloud==================== One Month Modified Files and Folders =======2014-01-23 09:14 - 2014-01-23 09:14 - 00000000 ____D C:\FRST2014-01-23 09:14 - 2014-01-23 09:11 - 00000000 ____D C:\Users\Zarnite\Desktop\FRST642014-01-23 09:10 - 2014-01-22 00:28 - 00222916 _____ C:\WINDOWS\WindowsUpdate.log2014-01-23 09:10 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru2014-01-23 08:18 - 2013-11-30 01:08 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-01-23 08:01 - 2014-01-23 07:58 - 00000000 ____D C:\Users\Zarnite\Desktop\RK_Quarantine2014-01-23 08:00 - 2014-01-23 08:00 - 00001518 _____ C:\Users\Zarnite\Desktop\RKreport[0]_S_01232014_080043.txt2014-01-23 07:52 - 2014-01-23 07:52 - 04406784 _____ C:\Users\Zarnite\Desktop\RogueKillerX64.exe2014-01-23 00:54 - 2013-07-19 16:38 - 00000000 ____D C:\WINDOWS\system32\MRT2014-01-23 00:53 - 2013-02-28 15:46 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-01-23 00:53 - 2013-02-26 15:01 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3341353730-563891076-2434624381-10012014-01-23 00:48 - 2014-01-23 00:43 - 05020016 _____ C:\Users\Zarnite\Desktop\Rkill.txt2014-01-23 00:43 - 2014-01-23 00:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Zarnite\Downloads\rkill.exe2014-01-23 00:35 - 2013-10-24 23:27 - 00000000 __RDO C:\Users\Zarnite\SkyDrive2014-01-23 00:33 - 2014-01-01 19:28 - 00001993 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-01-23 00:33 - 2013-03-28 16:51 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update2014-01-23 00:32 - 2013-11-30 01:08 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-01-23 00:32 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2014-01-22 22:09 - 2013-10-24 23:01 - 00000000 ____D C:\Users\Zarnite2014-01-22 22:05 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI2014-01-22 22:01 - 2013-12-20 01:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2014-01-22 22:01 - 2013-11-15 14:24 - 00000000 ____D C:\Program Files\Mozilla Firefox2014-01-22 22:01 - 2013-02-26 15:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2014-01-22 21:54 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\registration2014-01-22 21:54 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep2014-01-22 21:54 - 2013-02-26 15:54 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Skype2014-01-22 21:36 - 2014-01-22 21:36 - 00001058 _____ C:\WINDOWS\PFRO.log2014-01-22 01:30 - 2013-02-26 15:57 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Paint.NET2014-01-22 01:28 - 2014-01-19 20:11 - 00000000 ____D C:\Users\Zarnite\Documents\Tumblr2014-01-20 00:12 - 2014-01-20 00:12 - 03912191 _____ C:\Users\Zarnite\Downloads\james-kass_code2000.zip2014-01-14 11:09 - 2014-01-14 11:09 - 00000000 ____D C:\Users\Zarnite\Documents\Registration Entries2014-01-06 16:31 - 2013-08-22 09:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-01-06 16:31 - 2013-08-22 09:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-01-01 22:52 - 2014-01-01 22:52 - 00002072 _____ C:\Users\Zarnite\Desktop\The Lord of the Rings Online™.lnk2014-01-01 19:38 - 2014-01-01 19:29 - 00000000 ____D C:\Users\Zarnite\Documents\The Lord of the Rings Online2014-01-01 19:36 - 2014-01-01 19:36 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Chromium2014-01-01 19:33 - 2014-01-01 19:33 - 00000000 ____D C:\Users\Zarnite\AppData\Local\The Lord of the Rings Online2014-01-01 19:33 - 2013-12-27 23:31 - 00000000 ____D C:\ProgramData\HappyCloud2014-01-01 19:16 - 2013-08-22 08:44 - 00409920 _____ C:\WINDOWS\system32\FNTCACHE.DAT2014-01-01 19:14 - 2013-12-27 23:40 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine2014-01-01 19:14 - 2013-12-27 23:36 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud2014-01-01 19:14 - 2013-02-26 15:53 - 00000000 ___RD C:\Program Files\Skype2014-01-01 19:05 - 2013-02-26 15:53 - 00000000 ____D C:\ProgramData\Skype2013-12-27 23:56 - 2013-12-27 23:54 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Turbine2013-12-27 23:40 - 2013-12-27 23:40 - 00000000 ____D C:\ProgramData\TurbineFiles to move or delete:====================C:\Users\Zarnite\jagex_cl_speccollect_LIVE.datC:\Users\Zarnite\random.datSome content of TEMP:====================C:\Users\Zarnite\AppData\Local\Temp\ntdll_dump.dll==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-01-23 00:53==================== End Of Log ============================ -
Hi there. I am going to be doing most of the leg work for my partner based on what you say; thank you for your help.I don't think there's cracked software or anything piracy related on his system? Also, he is running Windows 8, so I take it to mean that by your stating DDS won't run on it that I won't be able to give you those first two logs? If that is a wrong interpretation and I have missed that step please let me know and I will do them.In any case, here is the RogueKiller information. I will go make a system restore point now.RogueKiller V8.8.2 _x64_ [Jan 17 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://www.adlice.comOperating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : Zarnite [Admin rights]Mode : Scan -- Date : 01/23/2014 08:00:43| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD064 +++++--- User ---[MBR] a84dd93b5b19931ceaddbccc47850486[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_01232014_080043.txt >>
-
Hello.
Earlier this evening I opened a blog on Tumblr and it turned into a fake FBI warning thing saying I had to pay money via Moneypak because it was 'locking my internet' and I wouldn't be able to get on the internet anymore. It wouldn't let me use the browser X button to close so I used the Task Manager to shut off my Chrome browser.
I ran a Malwarebytes full scan and it found nothing. I followed advice on the internet regarding getting into safe mode and doing a system restore, as well as checking various folders (like AppData) for suspicious files and even spent time looking for suspicious things in regedit from a list I found. Didn't see anything strange. Ran another scan while in safe mode and nothing. Cleared out everything (history, passwords, cache, the whole 9 yards) from Chrome, booted to normal mode. Ran Rkill and I'm mostly sure it didn't find anything either since it didn't say it did.
Incidentally, I am using Chrome to type this and it isn't locked down.
Is it safe to assume that I'm okay since nothing ever came up?
Safe after FBI browser lock scare?
in Resolved Malware Removal Logs
Posted
Oh, fabulous! Thank you ever so much for doublechecking for us.
We don't have a whole lot of cash to spare but I'm going to check and see with my partner if we can at least donate you a couple of dollars for saving us the worry of not knowing if we got it all. I know you must go through a lot of these things for people in your spare time and that's very kind. Bless you.