Jump to content

PUM.UserWLoad Remove HELP!


Recommended Posts

Hi, I can't remove PUM.UserWLoad, he reappear after scan.

This is log file:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.07.05
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DStrikT :: DSTRIKTEN [administrator]
 
Protection: Enabled
 
08.09.2013 21:13:36
mbam-log-2013-09-08 (21-13-36).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217655
Time elapsed: 14 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\DStrikT\LOCALS~1\Temp\ccarcuyzq.pif -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

post-145318-0-05626500-1378665897_thumb.

Link to post
Share on other sites

Hello DStrikT and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  • One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

    If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

    Please read:

    Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

    Please let us know how you would like to proceed.

Link to post
Share on other sites

The best choice is to format. Good choice is to re-install Windows.

If you want to follow my instructions:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

I had this error when I scan Getting Office Sessions errors: 454 and log FRST.txt don't appeared, I had just Addition.txt :

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013 01

Ran by DStrikT at 2013-09-09 21:33:20

Running from C:\Users\DStrikT\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

Adblock Plus for IE (32-bit) (Version: 0.8.504)

Adobe AIR (Version: 1.1.0.5790)

Adobe Anchor Service CS4 (Version: 2.0)

Adobe Bridge CS4 (Version: 3)

Adobe CMaps CS4 (Version: 2.0)

Adobe Color - Photoshop Specific CS4 (Version: 2.0)

Adobe Color EU Extra Settings CS4 (Version: 2.0)

Adobe Color JA Extra Settings CS4 (Version: 2.0)

Adobe Color NA Recommended Settings CS4 (Version: 2.0)

Adobe Color Video Profiles CS CS4 (Version: 2.0)

Adobe CSI CS4 (Version: 1)

Adobe Default Language CS4 (Version: 2.0)

Adobe Device Central CS4 (Version: 2)

Adobe Drive CS4 (Version: 1)

Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)

Adobe Extension Manager CS4 (Version: 2.0)

Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)

Adobe Fonts All (Version: 2.0)

Adobe Linguistics CS4 (Version: 4.0.0)

Adobe Media Player (Version: 0.0.0)

Adobe Media Player (Version: 1.1)

Adobe Output Module (Version: 2.0)

Adobe PDF Library Files CS4 (Version: 9.0)

Adobe Photoshop CS4 (Version: 11.0)

Adobe Photoshop CS4 Support (Version: 11.0)

Adobe Reader XI (11.0.03) (Version: 11.0.03)

Adobe Search for Help (Version: 1.0)

Adobe Service Manager Extension (Version: 1.0)

Adobe Setup (Version: 2.0)

Adobe Shockwave Player 12.0 (Version: 12.0.2.122)

Adobe Type Support CS4 (Version: 9.0)

Adobe Update Manager CS4 (Version: 6.0.0)

Adobe WinSoft Linguistics Plugin (Version: 1.1)

Adobe XMP Panels CS4 (Version: 2.0)

AdobeColorCommonSetCMYK (Version: 2.0)

AdobeColorCommonSetRGB (Version: 2.0)

Audiosurf (Version: 1.00.0000)

Battlefield 1942™ (Version: 1.6.20.0)

BBSAK (Version: 1.9.11)

BitTorrent (Version: 7.7.0.27987)

BlackBerry App World Browser Plugin (Version: 4.3.1.18)

BlackBerry Desktop Software 7.1 (Version: 7.1.0.41)

BlackBerry Device Manager 7.0 (Version: 7.0.0.43)

BS.Player FREE (Version: 2.64.1073)

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon MP Navigator EX 1.0

Canon MP210 series

Canon My Printer

Canon Utilities Solution Menu

Connect (Version: 1.0.0.1)

Counter-Strike

Counter-Strike: Source

Dell Resource CD (Version: 1.00.0000)

Dell Touchpad (Version: 13.2.3.0)

Dell Wireless WLAN Card Utility (Version: 5.30.21.0)

Football Superstars

Google Chrome (Version: 29.0.1547.66)

Google Talk Plugin (Version: 4.5.3.14917)

Google Update Helper (Version: 1.3.21.153)

IDT Audio (Version: 1.0.6217.0)

Inkscape 0.48.4 (Version: 0.48.4)

Intel® Graphics Media Accelerator Driver

Java 7 Update 25 (Version: 7.0.250)

Java Auto Updater (Version: 2.1.9.5)

kuler (Version: 2.0)

League of Legends (Version: 1.3)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Expression Web (Version: 12.0.6215.1000)

Microsoft Expression Web MUI (English) (Version: 12.0.6612.1000)

Microsoft Expression Web Service Pack 1 (SP1)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)

Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)

MSVC80_x86_v2 (Version: 1.0.3.0)

MSVC90_x86 (Version: 1.0.1.2)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Mumble 1.2.3 (Version: 1.2.3)

Need For Speed Hot Pursuit 2

Need For Speed™ World (Version: 1.0.0.1229)

Nero 7 Ultra Edition (Version: 7.03.1151)

neroxml (Version: 1.0.0)

NVIDIA PhysX (Version: 9.09.0203)

OpenAL

Origin (Version: 9.3.1.4482)

Pando Media Booster (Version: 2.6.0.8)

Pandora Service

PDF Settings CS4 (Version: 9.0)

Photoshop Camera Raw (Version: 5.0)

Saints Row 2

Skype™ 6.6 (Version: 6.6.106)

SopCast 3.5.0 (Version: 3.5.0)

Steam (Version: 1.0.0.0)

Suite Shared Configuration CS4 (Version: 1.0)

swMSM (Version: 12.0.0.1)

System Requirements Lab CYRI (Version: 6.0.7.0)

TeamViewer 8 (Version: 8.0.16642)

The KMPlayer (remove only) (Version: 3.6.0.87)

Thomas Was Alone

Torchlight (Version: 0.0.66.192)

Trine

TuneUp Utilities 2007 (Version: 6.0.1255)

Unity Web Player (HKCU Version: )

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

VLC media player 2.0.4 (Version: 2.0.4)

WinRAR archiver

Worms Crazy Golf

Worms Pinball

Yahoo! Messenger

Yahoo! Software Update

 

 

==================== Restore Points  =========================

 

07-09-2013 20:30:06 Windows Update

07-09-2013 20:37:37 Windows Update

07-09-2013 21:01:22 Windows Update

08-09-2013 18:06:35 Windows Update

08-09-2013 20:55:00 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started

Task: {1E6463B0-3C91-439E-97EF-FC21F7937DA6} - System32\Tasks\DStrikTEN\DStrikT - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)

Task: {2E96F8BC-DBDD-4C7E-9B9A-F68FA6E46FCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)

Task: {31D2832A-856E-46B4-AEC5-1CA93B284820} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)

Task: {63C2905B-B90E-47D8-B625-44EEB53F06F2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-72163911-695136897-3572053242-1000Core => C:\Users\DStrikT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)

Task: {6ABF1F63-1F2A-4164-8A1D-1CB6E802CF48} - System32\Tasks\1-Click Maintenance => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27] (TuneUp Software GmbH)

Task: {B1BD535D-0CB0-44F4-9ECB-BD470E9CD0F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-72163911-695136897-3572053242-1000UA => C:\Users\DStrikT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)

Task: {C89BC3DD-7828-4CA8-9143-B30F631EF14F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)

Task: {E0D942D6-95BD-482E-9C24-45BB18919D45} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe

Task: {E5702000-5CAB-4FD8-8605-7065E4410AA8} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe

Task: C:\Windows\Tasks\1-Click Maintenance.job => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-72163911-695136897-3572053242-1000Core.job => C:\Users\DStrikT\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-72163911-695136897-3572053242-1000UA.job => C:\Users\DStrikT\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-10-18 19:09 - 2009-06-03 20:24 - 00275968 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc

2012-10-18 19:12 - 2009-06-29 22:44 - 03600384 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang.dll

2012-10-18 19:12 - 2009-06-29 22:44 - 00485888 ____N (IDT, Inc.) C:\Windows\system32\stapi32.dll

2012-10-18 19:14 - 2009-06-26 05:25 - 00169256 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll

2012-10-18 19:14 - 2009-06-26 05:25 - 00161064 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll

2012-11-28 00:58 - 2009-07-17 10:06 - 00055808 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll

2013-01-18 17:10 - 2013-01-18 17:10 - 00270336 _____ (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll

2010-04-01 12:15 - 2010-04-01 12:15 - 01234240 _____ (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll

2010-04-01 12:16 - 2010-04-01 12:16 - 00419136 _____ (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLiteUI.dll

2010-04-01 12:18 - 2010-04-01 12:18 - 02217280 _____ (DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\Engine.dll

2009-11-02 02:28 - 2009-11-02 02:28 - 00295472 _____ (DT Soft Ltd.) C:\Program Files\DAEMON Tools Lite\imgengine.dll

2008-05-14 09:34 - 2008-05-14 09:34 - 03077416 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll

2008-01-22 11:13 - 2008-01-22 11:13 - 00059176 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll

2008-01-22 11:13 - 2008-01-22 11:13 - 00020264 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll

2008-01-22 11:13 - 2008-01-22 11:13 - 02721064 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll

2013-07-16 11:25 - 2013-07-16 11:25 - 00853896 ____T (Google Inc.) C:\Users\DStrikT\AppData\Local\Google\Update\1.3.21.153\goopdate.dll

2008-01-22 11:14 - 2008-01-22 11:14 - 00320808 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll

2008-01-22 11:13 - 2008-01-22 11:13 - 00054056 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll

2008-01-22 11:12 - 2008-01-22 11:12 - 00742696 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll

2008-01-22 11:13 - 2008-01-22 11:13 - 00541992 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll

2008-01-22 11:13 - 2008-01-22 11:13 - 00107816 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll

2008-01-22 11:13 - 2008-01-22 11:13 - 00181544 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll

2008-01-22 11:13 - 2008-01-22 11:13 - 00181544 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll

2013-09-06 00:05 - 2013-09-02 23:35 - 00709584 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\libglesv2.dll

2013-09-06 00:05 - 2013-09-02 23:35 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\libegl.dll

2013-09-06 00:05 - 2013-09-02 23:35 - 04053456 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll

2013-09-06 00:05 - 2013-09-02 23:35 - 00410576 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll

2013-09-06 00:05 - 2013-09-02 23:35 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll

2013-09-06 00:05 - 2013-09-02 23:35 - 13599184 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) ==========

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/09/2013 09:23:23 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/09/2013 01:14:28 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 10:10:26 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 09:28:12 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

 

Error: (09/08/2013 09:28:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

 

Error: (09/08/2013 08:38:41 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 08:31:54 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 08:29:07 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 07:58:12 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/08/2013 10:31:18 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (09/09/2013 09:21:38 PM) (Source: Service Control Manager) (User: )

Description: The TuneUp Theme Extension service terminated with the following error: 

%%127

 

Error: (09/09/2013 01:12:57 AM) (Source: Service Control Manager) (User: )

Description: The TuneUp Theme Extension service terminated with the following error: 

%%127

 

Error: (09/08/2013 10:13:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2862772).

 

Error: (09/08/2013 10:10:40 PM) (Source: Service Control Manager) (User: )

Description: The Windows Modules Installer service terminated with the following error: 

%%16405

 

Error: (09/08/2013 10:09:34 PM) (Source: Service Control Manager) (User: )

Description: The TuneUp Theme Extension service terminated with the following error: 

%%127

 

Error: (09/08/2013 08:36:54 PM) (Source: Service Control Manager) (User: )

Description: The TuneUp Theme Extension service terminated with the following error: 

%%127

 

Error: (09/08/2013 08:30:05 PM) (Source: Service Control Manager) (User: )

Description: The TuneUp Theme Extension service terminated with the following error: 

%%127

 

Error: (09/08/2013 08:27:22 PM) (Source: Service Control Manager) (User: )

Description: The TuneUp Theme Extension service terminated with the following error: 

%%127

 

Error: (09/08/2013 07:56:29 PM) (Source: Service Control Manager) (User: )

Description: The TuneUp Theme Extension service terminated with the following error: 

%%127

 

Error: (09/08/2013 10:29:33 AM) (Source: Service Control Manager) (User: )

Description: The TuneUp Theme Extension service terminated with the following error: 

%%127

 

 

Microsoft Office Sessions:

=========================
Link to post
Share on other sites

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites

That work! Thanks!

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01
Ran by SYSTEM on MININT-92Q29UQ on 10-09-2013 19:13:22
Running from H:\
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-27] (Nero AG)
HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4562944 2009-07-16] (Dell Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKU\DStrikT\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2010-04-01] (DT Soft Ltd)
HKU\DStrikT\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2008-01-22] (Nero AG)
HKU\DStrikT\...\Run: [Google Update] - C:\Users\DStrikT\AppData\Local\Google\Update\GoogleUpdate.exe [ 2012-10-18] (Google Inc.)
HKU\DStrikT\...\Run: [Akamai NetSession Interface] - "C:\Users\DStrikT\AppData\Local\Akamai\netsession_win.exe"
HKU\DStrikT\...\CurrentVersion\Windows: [Load] C:\Users\DStrikT\LOCALS~1\Temp\ccarcuyzq.pif <===== ATTENTION
Startup: C:\Users\DStrikT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
========================== Services (Whitelisted) =================
 
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-07-14] (Flexera Software LLC)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-27] (Pandora.TV)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe [221266 2009-06-29] (IDT, Inc.)
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3086848 2009-07-16] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-07-16] (Broadcom Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-10-21] (Duplex Secure Ltd.)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
S3 RkHit; \??\C:\Windows\system32\drivers\RKHit.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-10 07:55 - 2013-09-10 07:55 - 01082349 _____ (Farbar) C:\Users\DStrikT\Desktop\FRST (1).exe
2013-09-10 03:48 - 2013-09-10 05:24 - 00019233 _____ C:\Users\DStrikT\Desktop\Addition.txt
2013-09-10 03:46 - 2013-09-10 03:46 - 01082349 _____ (Farbar) C:\Users\DStrikT\Desktop\FRST.exe
2013-09-09 10:31 - 2013-09-09 10:31 - 00000000 ____D C:\FRST
2013-09-08 12:56 - 2013-09-08 12:56 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-09-08 12:56 - 2013-09-08 12:56 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-09-08 11:08 - 2013-09-08 11:08 - 00000438 _____ C:\Windows\PFRO.log
2013-09-08 11:04 - 2012-12-16 06:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-09-08 11:04 - 2012-12-16 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-09-08 11:02 - 2013-09-10 08:08 - 00000784 _____ C:\Windows\setupact.log
2013-09-08 11:02 - 2013-09-08 11:02 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 10:54 - 2013-09-08 10:56 - 00000000 ____D C:\Windows\System32\MRT
2013-09-08 10:29 - 2010-02-10 23:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-08 10:08 - 2013-09-08 10:08 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-08 10:08 - 2013-09-08 10:08 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-09-08 10:08 - 2013-09-08 10:08 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-09-08 10:08 - 2013-09-08 10:08 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-09-08 10:08 - 2013-09-08 10:08 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-09-08 10:08 - 2013-09-08 10:08 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-09-08 10:05 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-07 13:03 - 2013-09-07 13:03 - 01505280 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-09-07 12:59 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-09-07 12:59 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-09-07 12:59 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-09-07 12:59 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-09-07 12:59 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-09-07 12:59 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-09-07 12:59 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-09-07 12:59 - 2013-02-14 20:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-09-07 12:59 - 2013-02-14 20:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-09-07 12:59 - 2013-02-14 19:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-09-07 12:58 - 2012-11-01 21:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-09-07 12:58 - 2012-06-05 21:05 - 01236992 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-09-07 12:58 - 2010-06-25 19:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2013-09-07 12:57 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-09-07 12:57 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-09-07 12:57 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-07 12:57 - 2013-07-08 20:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-07 12:57 - 2013-07-08 20:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-09-07 12:57 - 2013-07-05 21:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-09-07 12:57 - 2013-06-14 19:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-09-07 12:57 - 2013-06-14 19:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-09-07 12:57 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-07 12:57 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-09-07 12:57 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-09-07 12:57 - 2013-04-12 05:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-09-07 12:57 - 2013-04-09 21:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-09-07 12:57 - 2013-04-09 21:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-09-07 12:57 - 2013-03-18 20:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-07 12:57 - 2013-03-18 18:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-07 12:57 - 2013-02-11 19:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-09-07 12:57 - 2013-01-02 21:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-09-07 12:57 - 2012-11-19 20:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-09-07 12:57 - 2012-10-31 20:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-09-07 12:57 - 2012-09-25 14:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-09-07 12:57 - 2012-08-22 09:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-09-07 12:57 - 2012-08-10 15:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-09-07 12:57 - 2012-07-04 13:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-09-07 12:57 - 2012-07-04 13:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\browser.dll
2013-09-07 12:57 - 2012-07-04 13:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\browcli.dll
2013-09-07 12:57 - 2012-06-05 21:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-09-07 12:57 - 2012-06-01 20:45 - 00134000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-09-07 12:57 - 2012-06-01 20:45 - 00067440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-09-07 12:57 - 2012-06-01 20:40 - 00369336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-09-07 12:57 - 2012-06-01 20:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-09-07 12:57 - 2012-05-13 20:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-09-07 12:57 - 2011-04-08 21:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2013-09-07 12:51 - 2013-01-03 20:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-07 12:51 - 2012-10-04 08:43 - 00868352 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-07 12:51 - 2012-10-04 08:43 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 08:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 06:57 - 00271360 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-07 12:51 - 2012-10-04 06:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 06:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 06:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-07 12:51 - 2012-10-04 06:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-07 12:50 - 2013-02-26 21:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-09-07 12:50 - 2013-02-26 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-07 12:50 - 2013-02-26 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-07 12:50 - 2013-02-26 20:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-09-07 12:50 - 2013-02-26 20:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-09-07 12:38 - 2012-06-02 14:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-09-07 12:38 - 2012-06-02 14:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-09-07 12:38 - 2012-06-02 14:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-09-07 12:38 - 2012-06-02 14:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-09-07 12:38 - 2012-06-02 14:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-09-07 12:38 - 2012-06-02 14:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-09-07 12:38 - 2012-06-02 14:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-09-07 12:37 - 2012-06-02 04:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-09-07 12:37 - 2012-06-02 04:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-09-03 00:31 - 2013-09-03 00:31 - 00000000 ____D C:\Users\DStrikT\AppData\Roaming\.mono
2013-09-02 22:27 - 2013-09-02 22:27 - 00000000 ____D C:\ATI
2013-08-20 05:33 - 2013-08-20 05:33 - 00001164 _____ C:\Users\Public\Desktop\Battlefield 1942.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-09-10 08:08 - 2013-09-08 11:02 - 00000784 _____ C:\Windows\setupact.log
2013-09-10 08:07 - 2012-10-18 16:35 - 01888809 _____ C:\Windows\WindowsUpdate.log
2013-09-10 08:07 - 2009-07-13 20:34 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 08:07 - 2009-07-13 20:34 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 08:03 - 2010-11-20 13:01 - 00778730 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-10 07:55 - 2013-09-10 07:55 - 01082349 _____ (Farbar) C:\Users\DStrikT\Desktop\FRST (1).exe
2013-09-10 06:31 - 2012-10-18 06:59 - 00000000 ____D C:\Program Files\Steam
2013-09-10 06:30 - 2012-10-18 06:59 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-09-10 05:24 - 2013-09-10 03:48 - 00019233 _____ C:\Users\DStrikT\Desktop\Addition.txt
2013-09-10 05:17 - 2012-10-24 08:27 - 00000000 ____D C:\Users\DStrikT\AppData\Roaming\BitTorrent
2013-09-10 04:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-10 04:41 - 2012-10-18 07:08 - 00000000 ____D C:\Users\DStrikT\AppData\Local\PMB Files
2013-09-10 04:18 - 2012-10-24 09:02 - 00000000 ____D C:\Users\DStrikT\AppData\Roaming\vlc
2013-09-10 03:46 - 2013-09-10 03:46 - 01082349 _____ (Farbar) C:\Users\DStrikT\Desktop\FRST.exe
2013-09-10 03:30 - 2012-10-18 07:08 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-10 01:32 - 2012-10-20 08:12 - 00000000 ____D C:\Users\DStrikT\AppData\Roaming\Skype
2013-09-09 10:31 - 2013-09-09 10:31 - 00000000 ____D C:\FRST
2013-09-08 13:17 - 2012-12-07 01:09 - 00000000 ___RD C:\Program Files\Skype
2013-09-08 13:17 - 2012-10-20 08:12 - 00000000 ____D C:\ProgramData\Skype
2013-09-08 12:58 - 2012-10-21 03:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-08 12:56 - 2013-09-08 12:56 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-09-08 12:56 - 2013-09-08 12:56 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-09-08 11:09 - 2009-07-13 20:33 - 02417272 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-08 11:08 - 2013-09-08 11:08 - 00000438 _____ C:\Windows\PFRO.log
2013-09-08 11:07 - 2010-11-20 16:46 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-08 11:07 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-08 11:02 - 2013-09-08 11:02 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 10:56 - 2013-09-08 10:54 - 00000000 ____D C:\Windows\System32\MRT
2013-09-08 10:41 - 2012-10-21 03:17 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-08 10:24 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-08 10:22 - 2009-07-13 18:04 - 00000478 _____ C:\Windows\win.ini
2013-09-08 10:15 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-08 10:08 - 2013-09-08 10:08 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-08 10:08 - 2013-09-08 10:08 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-09-08 10:08 - 2013-09-08 10:08 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-09-08 10:08 - 2013-09-08 10:08 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-09-08 10:08 - 2013-09-08 10:08 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-09-08 10:08 - 2013-09-08 10:08 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-09-08 10:08 - 2013-09-08 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-09-08 10:08 - 2013-09-08 10:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-09-08 09:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-09-07 13:05 - 2013-09-07 13:05 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-07 13:05 - 2013-09-07 13:05 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-09-07 13:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-09-07 13:03 - 2013-09-07 13:03 - 01505280 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-09-05 11:59 - 2013-04-02 09:02 - 00005082 _____ C:\Users\DStrikT\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-09-05 11:59 - 2013-04-02 09:02 - 00004928 _____ C:\Users\DStrikT\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-03 00:31 - 2013-09-03 00:31 - 00000000 ____D C:\Users\DStrikT\AppData\Roaming\.mono
2013-09-02 22:27 - 2013-09-02 22:27 - 00000000 ____D C:\ATI
2013-08-31 10:26 - 2012-11-07 09:24 - 00000000 ____D C:\ProgramData\Origin
2013-08-31 10:24 - 2012-11-07 09:24 - 00000000 ____D C:\Program Files\Origin
2013-08-31 09:34 - 2012-11-07 09:25 - 00000000 ____D C:\Users\DStrikT\AppData\Roaming\Origin
2013-08-30 01:07 - 2013-01-19 02:20 - 00000000 ____D C:\Users\DStrikT\AppData\Roaming\Mozilla
2013-08-20 05:36 - 2012-11-07 09:24 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-20 05:33 - 2013-08-20 05:33 - 00001164 _____ C:\Users\Public\Desktop\Battlefield 1942.lnk
2013-08-20 05:24 - 2012-11-07 09:25 - 00000000 ____D C:\Program Files\Origin Games
2013-08-15 10:52 - 2012-11-07 09:25 - 00000000 ____D C:\Users\DStrikT\AppData\Local\Origin
 
Files to move or delete:
====================
C:\Users\DStrikT\AppData\Local\Temp\SkypeSetup.exe
C:\Users\DStrikT\AppData\Local\Temp\SRLDetectionLibrary5400507551721536459.dll
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-09-07 12:30:15
Restore point made on: 2013-09-07 12:37:46
Restore point made on: 2013-09-07 13:01:29
Restore point made on: 2013-09-08 10:06:45
Restore point made on: 2013-09-08 12:55:11
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 4056.36 MB
Available physical RAM: 3540.39 MB
Total Pagefile: 4054.65 MB
Available Pagefile: 3544.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.1 GB) (Free:31.83 GB) NTFS
Drive e: () (Fixed) (Total:365.56 GB) (Free:276.01 GB) NTFS
Drive h: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00000080)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 962 MB) (Disk ID: 32BA38E1)
Partition 1: (Not Active) - (Size=962 MB) - (Type=06)
 
 
LastRegBack: 2013-07-25 13:24
 
==================== End Of Log ============================
Link to post
Share on other sites

Well done! :)

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\DStrikT\...\CurrentVersion\Windows: [Load] C:\Users\DStrikT\LOCALS~1\Temp\ccarcuyzq.pif <===== ATTENTION

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Done:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-09-2013
Ran by SYSTEM at 2013-09-11 18:45:13 Run:1
Running from H:\
Boot Mode: Recovery
 
==============================================
 
Content of fixlist:
*****************
HKU\DStrikT\...\CurrentVersion\Windows: [Load] C:\Users\DStrikT\LOCALS~1\Temp\ccarcuyzq.pif <===== ATTENTION
*****************
 
HKU\DStrikT\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by DStrikT at 18:57:52 on 2013-09-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3544.2692 [GMT 3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\DStrikT\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Google Update] "c:\users\dstrikt\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\users\dstrikt\appdata\local\akamai\netsession_win.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\dstrikt\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B627A8B0-0913-49BD-807C-2E2138F06BB7} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B627A8B0-0913-49BD-807C-2E2138F06BB7}\350756564645F6573686345423546324 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B627A8B0-0913-49BD-807C-2E2138F06BB7}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B627A8B0-0913-49BD-807C-2E2138F06BB7}\46C696E6B60223 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B627A8B0-0913-49BD-807C-2E2138F06BB7}\46C696E6B6022333 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B627A8B0-0913-49BD-807C-2E2138F06BB7}\46C696E6B62C0A23D6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B627A8B0-0913-49BD-807C-2E2138F06BB7}\46C696E6B62C0A23E2 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EEC8D60C-19AC-44F3-9E2C-FDDFC3280FBC} : DHCPNameServer = 95.77.94.88 78.96.7.88
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dstrikt\appdata\roaming\mozilla\firefox\profiles\5ihqme8k.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\users\dstrikt\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\dstrikt\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\dstrikt\appdata\roaming\mozilla\firefox\profiles\5ihqme8k.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}\plugins\np-mswmp.dll
FF - plugin: c:\users\dstrikt\appdata\roaming\mozilla\firefox\profiles\5ihqme8k.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\users\dstrikt\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\dstrikt\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\dstrikt\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 428582c9000000000000701a04a080e3
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15821
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1610:55:24
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [2012-10-18 81920]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-6-16 625304]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-14 3467768]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-4 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-4 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-4 22856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-15 1343400]
.
=============== Created Last 30 ================
.
2013-09-09 18:31:51 -------- d-----w- C:\FRST
2013-09-08 19:04:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-09-08 19:04:02 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-09-08 18:54:05 -------- d-----w- c:\windows\system32\MRT
2013-09-08 18:29:41 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-09-08 18:13:25 -------- d-----w- c:\program files\MSXML 4.0
2013-09-08 18:05:04 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-09-07 21:03:51 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-09-07 20:59:43 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-09-07 20:59:43 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-07 20:59:43 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-09-07 20:59:43 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-07 20:59:27 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-07 20:59:11 903168 ----a-w- c:\windows\system32\certutil.exe
2013-09-07 20:59:11 43008 ----a-w- c:\windows\system32\certenc.dll
2013-09-07 20:59:04 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-09-07 20:59:04 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-09-07 20:59:04 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-09-07 20:58:37 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-09-07 20:58:14 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-09-07 20:58:14 1236992 ----a-w- c:\windows\system32\msxml3.dll
2013-09-07 20:58:06 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-09-07 20:58:06 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-09-07 20:58:06 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-09-07 20:58:05 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-09-07 20:50:52 101720 ----a-w- c:\windows\system32\consent.exe
2013-09-07 20:50:51 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-09-07 20:50:51 1796096 ----a-w- c:\windows\system32\authui.dll
2013-09-07 20:38:15 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-09-07 20:38:04 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-09-07 20:37:53 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-09-07 20:37:53 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-09-07 20:30:29 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-09-07 20:30:24 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c691f904-f215-48c1-8c62-9804adc0820b}\mpengine.dll
2013-09-03 08:31:45 -------- d-----w- c:\users\dstrikt\appdata\roaming\.mono
2013-09-03 06:27:00 -------- d-----w- C:\ATI
2013-08-20 13:33:54 -------- d--h--w- c:\program files\common files\EAInstaller
.
==================== Find3M  ====================
.
2013-09-07 21:05:14 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-07 01:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-23 17:10:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-23 17:10:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-09 05:03:34 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:50:42 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-06 05:05:35 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-25 19:31:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 19:31:09 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 19:31:09 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-15 03:40:42 918528 ----a-w- c:\windows\system32\rdpcorets.dll
2013-06-15 03:38:43 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
============= FINISH: 18:58:27,85 ===============
 
 
 
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 19.10.2012 03:34:40
System Uptime: 11.09.2013 18:46:07 (0 hours ago)
.
Motherboard: Dell Inc. |  | 0F642T
Processor: Intel® Core2 Duo CPU     T6600  @ 2.20GHz | Microprocessor | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 30,583 GiB free.
D: is FIXED (NTFS) - 366 GiB total, 276,006 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP94: 07.09.2013 23:30:06 - Windows Update
RP95: 07.09.2013 23:37:37 - Windows Update
RP96: 08.09.2013 00:01:22 - Windows Update
RP97: 08.09.2013 21:06:35 - Windows Update
RP98: 08.09.2013 23:55:00 - Windows Update
.
==== Installed Programs ======================
.
Adblock Plus for IE (32-bit)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader XI (11.0.04)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 12.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Audiosurf
Battlefield 1942™
BBSAK
BitTorrent
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
BlackBerry Device Manager 7.0
BS.Player FREE
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 1.0
Canon MP210 series
Canon My Printer
Canon Utilities Solution Menu
Connect
Counter-Strike
Counter-Strike: Source
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card Utility
Football Superstars
Google Chrome
Google Talk Plugin
Google Update Helper
IDT Audio
Inkscape 0.48.4
Intel® Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
kuler
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 18.0.1 (x86 en-US)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
Need For Speed Hot Pursuit 2
Need For Speed™ World
Nero 7 Ultra Edition
neroxml
NVIDIA PhysX
OpenAL
Origin
Pando Media Booster
Pandora Service
PDF Settings CS4
Photoshop Camera Raw
Saints Row 2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Shockwave
Skype™ 6.6
SopCast 3.5.0
Steam
Suite Shared Configuration CS4
swMSM
System Requirements Lab CYRI
TeamViewer 8
The KMPlayer (remove only)
Thomas Was Alone
Torchlight
Trine
TuneUp Utilities 2007
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
VLC media player 2.0.4
WinRAR archiver
Worms Crazy Golf
Worms Pinball
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
11.09.2013 18:46:21, Error: Service Control Manager [7023]  - The TuneUp Theme Extension service terminated with the following error:  The specified procedure could not be found.
11.09.2013 18:40:19, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
11.09.2013 18:40:19, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11.09.2013 18:40:19, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11.09.2013 18:40:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11.09.2013 18:40:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11.09.2013 18:40:09, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11.09.2013 18:40:02, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11.09.2013 18:39:52, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11.09.2013 18:39:52, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11.09.2013 18:39:38, Error: sptd [4]  - Driver detected an internal error in its data structures for .
10.09.2013 15:53:47, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10.09.2013 15:53:47, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
08.09.2013 22:13:16, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2862772).
08.09.2013 22:10:40, Error: Service Control Manager [7023]  - 
08.09.2013 00:05:13, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706be: Internet Explorer 10 for Windows 7.
.
==== End Of File ===========================
Link to post
Share on other sites

Step 1

Please uninstall this application: BitTorrent

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

  • Junkware Removal Tool log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.9 (09.07.2013:1)

OS: Windows 7 Ultimate x86

Ran by DStrikT on 11.09.2013 at 19:13:53,59

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} 

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-72163911-695136897-3572053242-1000\Software\SweetIM

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C989B3BB-8A1A-4462-9A3B-99937DC48441}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_current_user\software\pip"

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\Users\DStrikT\appdata\local\apn"

Successfully deleted: [Folder] "C:\Users\DStrikT\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\DStrikT\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\DStrikT\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"

 

 

 

~~~ FireFox

 

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\DStrikT\AppData\Roaming\mozilla\firefox\profiles\5ihqme8k.default\user.js

Successfully deleted: [File] C:\Users\DStrikT\AppData\Roaming\mozilla\firefox\profiles\5ihqme8k.default\invalidprefs.js

Successfully deleted: [File] C:\Users\DStrikT\AppData\Roaming\mozilla\firefox\profiles\5ihqme8k.default\searchplugins\conduit.xml

Successfully deleted: [File] C:\Users\DStrikT\AppData\Roaming\mozilla\firefox\profiles\5ihqme8k.default\searchplugins\delta.xml

Successfully deleted: [Folder] C:\Users\DStrikT\AppData\Roaming\mozilla\firefox\profiles\5ihqme8k.default\smartbar

Successfully deleted the following from C:\Users\DStrikT\AppData\Roaming\mozilla\firefox\profiles\5ihqme8k.default\prefs.js

 

user_pref("CT3176921.installType", "conduitnsisintegration");

user_pref("CT3176921.search.searchAppId", "10000002");

user_pref("CT3176921.search.searchCount", "0");

user_pref("CT3176921.smartbar.CTID", "CT3176921");

user_pref("CT3176921.smartbar.Uninstall", "0");

user_pref("CT3176921.smartbar.homepage", "true");

user_pref("CT3176921.smartbar.isHidden", true);

user_pref("CT3176921.smartbar.toolbarName", "express-files ");

user_pref("Smartbar.ConduitHomepagesList", "");

user_pref("Smartbar.ConduitSearchEngineList", "");

user_pref("Smartbar.ConduitSearchUrlList", "");

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

user_pref("Smartbar.keywordURLSelectedCTID", "CT3176921");

user_pref("browser.search.defaultenginename", "express-files Customized Web Search");

user_pref("browser.search.defaultthis.engineName", "express-files Customized Web Search");

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.dfltLng", "en");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.id", "428582c9000000000000701a04a080e3");

user_pref("extensions.delta.instlDay", "15821");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.16.16");

user_pref("extensions.delta.vrsnTs", "1.8.16.1610:55:24");

user_pref("extensions.delta.vrsni", "1.8.16.16");

user_pref("smartbar.addressBarOwnerCTID", "CT3176921");

user_pref("smartbar.machineId", "ASKFBW+6PBJUNFF0OV4K/HJUEEESCXWGZATQOTFB9GLUUYV2/FJ3EEDQ9ZDLVDZ1TDWCQVKQPQND25B3SPUBTA");

user_pref("smartbar.originalHomepage", "about:home");

user_pref("smartbar.originalSearchAddressUrl", "");

user_pref("smartbar.originalSearchEngine", "");

Emptied folder: C:\Users\DStrikT\AppData\Roaming\mozilla\firefox\profiles\5ihqme8k.default\minidumps [4 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 11.09.2013 at 19:16:18,37

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

  • AdwCleaner log

# AdwCleaner v3.003 - Report created 11/09/2013 at 19:20:23

# Updated 07/09/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

# Username : DStrikT - DSTRIKTEN

# Running from : C:\Users\DStrikT\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files\ExpressFiles

Folder Deleted : C:\Program Files\Gophoto.it

Folder Deleted : C:\Program Files\HDvidCodec.com

Folder Deleted : C:\Users\DStrikT\AppData\Roaming\ExpressFiles

Folder Deleted : C:\Users\DStrikT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com

Folder Deleted : C:\Users\DStrikT\AppData\Roaming\Mozilla\Firefox\Profiles\5ihqme8k.default\CT3176921

Folder Deleted : C:\Users\DStrikT\AppData\Roaming\Mozilla\Firefox\Profiles\5ihqme8k.default\Extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}

File Deleted : C:\Users\DStrikT\AppData\Roaming\Mozilla\Firefox\Profiles\5ihqme8k.default\Extensions\gophoto@gophoto.it.xpi

File Deleted : C:\Users\DStrikT\AppData\Roaming\Mozilla\Firefox\Profiles\5ihqme8k.default\Extensions\hdvc@hdvc.com.xpi

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\ExpressFiles

Key Deleted : HKLM\Software\ExpressFiles

Key Deleted : HKLM\Software\PIP

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Mozilla Firefox v18.0.1 (en-US)

 

[ File : C:\Users\DStrikT\AppData\Roaming\Mozilla\Firefox\Profiles\5ihqme8k.default\prefs.js ]

 

Line Deleted : user_pref("CT3176921.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU5OTk3Mjk5OTUxLCJ1cGRhdGVSZXNwVGltZSI6MTM1OTk5NzMwMDQ5NSwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]

Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_followers.enc", "MHgwMDM1LDB4MDAzNCwweDAwMzksMHgwMDMwLDB4MDAzNiwweDAwMzksMHgwMDM2LDB4MDAzMSwweDAwMzQsMHgwMDIwLDB4MDAzMCwweDA[...]

Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_followers_count.enc", "MzE=");

Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_following.enc", "");

Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_following_count.enc", "MA==");

Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_home.enc", "MHgwMDMxLDB4MDAzOSwweDAwMzAsMHgwMDM3LDB4MDAzNywweDAwMzYsMHgwMDMxLDB4MDAzMCwweDAwMzIsMHgwMDMwLDB4MDAzMiwweDAwMzcs[...]

Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_home_count.enc", "Nw==");

Line Deleted : user_pref("CT3176921.3176921a129720553164390415000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU5OTk3Mjk5NTA5LCJ1cGRhdGVSZXNwVGltZSI6MTM1OTk5NzMwMDA2NSwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]

Line Deleted : user_pref("CT3176921.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3176921.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3176921.FirstTime", "true");

Line Deleted : user_pref("CT3176921.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3176921.LoginRevertSettingsEnabled", true);

Line Deleted : user_pref("CT3176921.PG_ENABLE", "dHJ1ZQ==");

Line Deleted : user_pref("CT3176921.RevertSettingsEnabled", true);

Line Deleted : user_pref("CT3176921.UserID", "UN20075866713062491");

Line Deleted : user_pref("CT3176921.addressBarTakeOverEnabledInHidden", "true");

Line Deleted : user_pref("CT3176921.autoDisableScopes", -1);

Line Deleted : user_pref("CT3176921.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3176921.cbfirsttime.enc", "TW9uIEZlYiAwNCAyMDEzIDE5OjAxOjQyIEdNVCswMjAwIChHVEIgU3RhbmRhcmQgVGltZSk=");

Line Deleted : user_pref("CT3176921.countryCode", "RO");

Line Deleted : user_pref("CT3176921.defaultSearch", "true");

Line Deleted : user_pref("CT3176921.enableAlerts", "always");

Line Deleted : user_pref("CT3176921.enableFix404ByUser", "FALSE");

Line Deleted : user_pref("CT3176921.enableSearchFromAddressBar", "true");

Line Deleted : user_pref("CT3176921.firstTimeDialogOpened", "true");

Line Deleted : user_pref("CT3176921.fixPageNotFoundError", "true");

Line Deleted : user_pref("CT3176921.fixPageNotFoundErrorByUser", "true");

Line Deleted : user_pref("CT3176921.fixPageNotFoundErrorInHidden", "true");

Line Deleted : user_pref("CT3176921.fixUrls", true);

Line Deleted : user_pref("CT3176921.fullUserID", "UN20075866713062491.UP.20130901194104");

Line Deleted : user_pref("CT3176921.homepageuserchanged", true);

Line Deleted : user_pref("CT3176921.installDate", "4/2/2013 18:03:26");

Line Deleted : user_pref("CT3176921.installId", "stub.exe");

Line Deleted : user_pref("CT3176921.isCheckedStartAsHidden", true);

Line Deleted : user_pref("CT3176921.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3176921.isFirstTimeToolbarLoading", "false");

Line Deleted : user_pref("CT3176921.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT3176921.keyword", "true");

Line Deleted : user_pref("CT3176921.lastVersion", "10.19.2.505");

Line Deleted : user_pref("CT3176921.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3176921.migrateAppsAndComponents", true);

Line Deleted : user_pref("CT3176921.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fedit.europe.yahoo.com%2Fforgot\",\"EB_MAIN_FRAME_TITLE\":\"Yahoo!%20Password%20Helper%3A%20[...]

Line Deleted : user_pref("CT3176921.openThankYouPage", "false");

Line Deleted : user_pref("CT3176921.openUninstallPage", "true");

Line Deleted : user_pref("CT3176921.price-gong.isManagedApp", "true");

Line Deleted : user_pref("CT3176921.revertSettingsEnabled", "false");

Line Deleted : user_pref("CT3176921.searchInNewTabEnabledByUser", "true");

Line Deleted : user_pref("CT3176921.searchInNewTabEnabledInHidden", "true");

Line Deleted : user_pref("CT3176921.searchSuggestEnabledByUser", "true");

Line Deleted : user_pref("CT3176921.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3176921.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3176921.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

Line Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3176921\"}");

Line Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"express-files \"}");

Line Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3176921.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

Line Deleted : user_pref("CT3176921.serviceLayer_services_Configuration_lastUpdate", "1378053786763");

Line Deleted : user_pref("CT3176921.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1359997296791");

Line Deleted : user_pref("CT3176921.serviceLayer_services_appsMetadata_lastUpdate", "1359997296738");

Line Deleted : user_pref("CT3176921.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1359997296480");

Line Deleted : user_pref("CT3176921.serviceLayer_services_login_10.14.42.7_lastUpdate", "1377941946259");

Line Deleted : user_pref("CT3176921.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378053787394");

Line Deleted : user_pref("CT3176921.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1359997296658");

Line Deleted : user_pref("CT3176921.serviceLayer_services_searchAPI_lastUpdate", "1378053786757");

Line Deleted : user_pref("CT3176921.serviceLayer_services_serviceMap_lastUpdate", "1378053786575");

Line Deleted : user_pref("CT3176921.serviceLayer_services_toolbarContextMenu_lastUpdate", "1359997296750");

Line Deleted : user_pref("CT3176921.serviceLayer_services_toolbarSettings_lastUpdate", "1378053787141");

Line Deleted : user_pref("CT3176921.serviceLayer_services_translation_lastUpdate", "1378053787075");

Line Deleted : user_pref("CT3176921.settingsINI", true);

Line Deleted : user_pref("CT3176921.shouldFirstTimeDialog", "false");

Line Deleted : user_pref("CT3176921.showToolbarPermission", "false");

Line Deleted : user_pref("CT3176921.startPage", "true");

Line Deleted : user_pref("CT3176921.toolbarBornServerTime", "4-2-2013");

Line Deleted : user_pref("CT3176921.toolbarCurrentServerTime", "1-9-2013");

Line Deleted : user_pref("CT3176921.toolbarLoginClientTime", "Sun Sep 01 2013 19:41:06 GMT+0300 (GTB Daylight Time)");

Line Deleted : user_pref("CT3176921.twitterTemplate_3176921a129719618372458539000000_DailyActivity.enc", "MTM1OTk5NzMwMTUyNA==");

Line Deleted : user_pref("CT3176921.twitterTemplate_3176921a129719618372458539000000_LifetimeSent.enc", "VFJVRQ==");

Line Deleted : user_pref("CT3176921.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");

Line Deleted : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1378053663859,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("ct3176921.UserID", "UN20075866713062491");

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\DStrikT\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [10885 octets] - [11/09/2013 19:18:27]

AdwCleaner[s0].txt - [11025 octets] - [11/09/2013 19:20:23]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11086 octets] ##########

 

 

 

  • Malwarebytes Anti-Malware log

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.11.06

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16660

DStrikT :: DSTRIKTEN [administrator]

 

Protection: Enabled

 

11.09.2013 19:24:01

mbam-log-2013-09-11 (19-24-01).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217762

Time elapsed: 7 minute(s), 24 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix 13-09-10.03 - DStrikT 11.09.2013  20:13:47.1.2 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3544.2186 [GMT 3:00]

Running from: c:\users\DStrikT\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RKHIT

-------\Service_RkHit

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-11 to 2013-09-11  )))))))))))))))))))))))))))))))

.

.

2013-09-11 16:18 . 2013-09-11 16:20 -------- d-----w- C:\AdwCleaner

2013-09-11 16:13 . 2013-09-11 16:13 -------- d-----w- c:\windows\ERUNT

2013-09-09 18:31 . 2013-09-09 18:31 -------- d-----w- C:\FRST

2013-09-08 20:56 . 2013-09-08 20:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2013-09-08 19:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-09-08 19:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-09-08 18:54 . 2013-09-08 18:56 -------- d-----w- c:\windows\system32\MRT

2013-09-08 18:29 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe

2013-09-08 18:13 . 2013-09-08 18:13 -------- d-----w- c:\program files\MSXML 4.0

2013-09-08 18:05 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-09-07 21:03 . 2013-09-07 21:03 1505280 ----a-w- c:\windows\system32\d3d11.dll

2013-09-07 20:59 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-09-07 20:59 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-09-07 20:59 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-09-07 20:59 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-09-07 20:59 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-09-07 20:59 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe

2013-09-07 20:59 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll

2013-09-07 20:59 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll

2013-09-07 20:59 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll

2013-09-07 20:59 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-09-07 20:58 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2013-09-07 20:58 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll

2013-09-07 20:58 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll

2013-09-07 20:58 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-09-07 20:58 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-09-07 20:58 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-09-07 20:58 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-09-07 20:51 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-09-07 20:50 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe

2013-09-07 20:50 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll

2013-09-07 20:50 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll

2013-09-07 20:38 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2013-09-07 20:38 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2013-09-07 20:38 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2013-09-07 20:38 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2013-09-07 20:38 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2013-09-07 20:38 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2013-09-07 20:38 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2013-09-07 20:37 . 2012-06-02 12:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2013-09-07 20:37 . 2012-06-02 12:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2013-09-07 20:30 . 2013-08-19 21:47 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C691F904-F215-48C1-8C62-9804ADC0820B}\mpengine.dll

2013-09-03 08:31 . 2013-09-03 08:31 -------- d-----w- c:\users\DStrikT\AppData\Roaming\.mono

2013-09-03 06:27 . 2013-09-03 06:27 -------- d-----w- C:\ATI

2013-08-20 13:33 . 2013-08-20 13:33 -------- d--h--w- c:\program files\Common Files\EAInstaller

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-07 01:22 . 2012-10-19 00:34 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-07-23 17:10 . 2012-10-18 14:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-23 17:10 . 2012-10-18 14:58 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-25 19:31 . 2013-06-25 19:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-06-25 19:31 . 2012-10-18 15:05 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-25 19:31 . 2012-10-18 15:05 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-01-19 10:23 . 2013-01-19 10:20 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 150552]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-26 1537320]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\DStrikT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]

R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-01-18 577536]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-15 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-10-21 691696]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe [2009-03-02 81920]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]

S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-05 21:02 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-28 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 03:51]

.

2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 00:40]

.

2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-19 00:40]

.

2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-72163911-695136897-3572053242-1000Core.job

- c:\users\DStrikT\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-23 05:46]

.

2013-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-72163911-695136897-3572053242-1000UA.job

- c:\users\DStrikT\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-23 05:46]

.

.

------- Supplementary Scan -------

.


uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\DStrikT\AppData\Roaming\Mozilla\Firefox\Profiles\5ihqme8k.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Akamai NetSession Interface - c:\users\DStrikT\AppData\Local\Akamai\netsession_win.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe

c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\PANDORA.TV\PanService\PanProcess.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2013-09-11  20:26:27 - machine was rebooted

ComboFix-quarantined-files.txt  2013-09-11 17:26

.

Pre-Run: 33.876.922.368 bytes free

Post-Run: 33.704.759.296 bytes free

.

- - End Of File - - 64B54F5C9D7D736A0980F43E773D3A0F

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Program Files\ExpressFiles\uninstall.exe.vir a variant of Win32/ExpressFiles.B application cleaned by deleting - quarantined

D:\DStrikT\Diverse\Site-uri\DZCP\dzcp1.5.4\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined

D:\DStrikT\Diverse\Site-uri\DZCP\Galben\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined

D:\DStrikT\Diverse\Site-uri\DZCP\GT_DZCP_v1.5.5.4_11\Hochladen\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined

D:\DStrikT\Diverse\Site-uri\DZCP\MightyMemory\Original\Hochladen\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined

D:\DStrikT\Diverse\Site-uri\DZCP\MightyMemory\public_html\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined

D:\DStrikT\Diverse\Site-uri\DZCP\Pure Gaming\public_html\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined
Link to post
Share on other sites

 

C:\AdwCleaner\Quarantine\C\Program Files\ExpressFiles\uninstall.exe.vir a variant of Win32/ExpressFiles.B application cleaned by deleting - quarantined
D:\DStrikT\Diverse\Site-uri\DZCP\dzcp1.5.4\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined
D:\DStrikT\Diverse\Site-uri\DZCP\Galben\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined
D:\DStrikT\Diverse\Site-uri\DZCP\GT_DZCP_v1.5.5.4_11\Hochladen\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined
D:\DStrikT\Diverse\Site-uri\DZCP\MightyMemory\Original\Hochladen\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined
D:\DStrikT\Diverse\Site-uri\DZCP\MightyMemory\public_html\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined
D:\DStrikT\Diverse\Site-uri\DZCP\Pure Gaming\public_html\inc\buffer.php PHP/Obfuscated.F application cleaned by deleting - quarantined

 

This Obfuscated.F is a problem for my sistem? But no problems i delete these files because i don't need them.

Link to post
Share on other sites

No, not for your system, if you don't opened and clicking there. Those files are injected with malicious PHP code. Their mission is to exploit.

One additional scan too:

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.