Jump to content

Recommended Posts

Ran MBAM in safe mode.  Removed 20 bugs.  Still reboots in Normal Mode.  DDS ran in Safe Mode

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by Family at 16:05:21 on 2013-10-10
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2047.1316 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - C:\Program Files (x86)\FantastiGames Toolbar\Datamngr\ToolBar\fantastigamesdtx.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DataMngr: {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\FantastiGames Toolbar\Datamngr\BrowserConnection.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - C:\Program Files (x86)\FantastiGames Toolbar\Datamngr\ToolBar\fantastigamesdtx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup
uRun: [Deployment] rundll32 "C:\Users\Family\AppData\Local\Apps\Deployment\ikgkjlcidd.dll",DllRegisterServer
uRun: [engineCommsInterval] rundll32.exe "C:\Users\Family\AppData\Roaming\engineCommsInterval\engineCommsInterval.dll",gdMapnt5 btutilpnp
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [Exetender] "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup
dRun: [Deployment] rundll32 "C:\Users\Family\AppData\Local\Apps\Deployment\ikgkjlcidd.dll",DllRegisterServer
StartupFolder: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{906D7BF5-08A8-46D3-9C98-6CE2F11278F9} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= C:\PROGRA~2\FANTAS~1\Datamngr\datamngr.dll C:\PROGRA~2\FANTAS~1\Datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: DataMngr: {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\FantastiGames Toolbar\Datamngr\x64\BrowserConnection.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.sys [2013-6-16 56136]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
.
=============== Created Last 30 ================
.
2013-10-10 21:26:40 -------- d-----w- C:\Users\Family\AppData\Roaming\Malwarebytes
2013-10-10 21:26:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-10 21:26:29 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-10 21:26:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-10 21:26:12 -------- d-----w- C:\Users\Family\AppData\Local\Programs
.
==================== Find3M  ====================
.
.
============= FINISH: 16:06:14.49 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2011 4:55:35 PM
System Uptime: 10/10/2013 3:43:39 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5N-E SLI
Processor: Intel® Core2 CPU          6600  @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 111.388 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\ATK0110\1010110
Manufacturer: 
Name: 
PNP Device ID: ACPI\ATK0110\1010110
Service: 
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP8: 12/18/2012 5:42:21 PM - Installed Adobe Reader 9.5.0.
.
==== Installed Programs ======================
.
7 Wonders II
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Agatha Christie: Dead Man's Folly
Chainz 2 Relinked
Curse Client
Fantastigames
FantastiGames Toolbar
Forté Agent
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Island Tribe 3
Java Auto Updater
Java 6 Update 22
Lottso Deluxe
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.5.20
NVIDIA Update Components
ROBLOX Player
ROBLOX Studio 2013
The Poppit Show
Unity Web Player
World of Warcraft
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
10/10/2013 4:06:11 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
10/10/2013 4:02:51 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/10/2013 4:02:51 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/10/2013 4:02:51 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/10/2013 4:02:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
10/10/2013 3:53:17 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/10/2013 3:53:17 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/10/2013 3:53:17 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/10/2013 3:46:17 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
10/10/2013 3:46:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/10/2013 3:46:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/10/2013 3:45:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/10/2013 3:45:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/10/2013 3:44:57 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache spldr Wanarpv6
10/10/2013 3:44:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x0000000000001018, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f10525). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101013-30420-01.
10/10/2013 3:42:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
10/10/2013 3:42:30 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
10/10/2013 3:42:00 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
10/10/2013 3:42:00 PM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
10/10/2013 3:42:00 PM, Error: Service Control Manager [7001]  - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
10/10/2013 3:42:00 PM, Error: Service Control Manager [7000]  - The Peer Networking Identity Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/10/2013 3:34:52 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 3 time(s).
10/10/2013 3:34:52 PM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).
10/10/2013 3:34:52 PM, Error: Service Control Manager [7034]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 3 time(s).
10/10/2013 3:15:49 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
10/10/2013 3:08:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f19525). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101013-27050-01.
10/10/2013 2:58:35 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
10/10/2013 2:57:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/10/2013 2:57:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/10/2013 2:56:48 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
10/10/2013 2:56:47 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
10/10/2013 2:56:47 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/10/2013 2:56:47 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/10/2013 2:56:47 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/10/2013 2:56:47 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/10/2013 2:56:38 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/10/2013 2:56:38 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/10/2013 2:56:38 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
10/10/2013 2:56:38 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/10/2013 2:56:38 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/10/2013 2:52:15 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
10/10/2013 2:52:15 PM, Error: Service Control Manager [7000]  - The Yahoo! Updater service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/10/2013 2:49:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e9b7d5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101013-38111-01.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Family (administrator) on FAMILY-PC on 10-10-2013 16:21:28

Running from C:\Users\Family\Downloads

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Safe Mode (with Networking)

 

==================== Processes (Whitelisted) =================

 

(Google Inc.) C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE

(Google Inc.) C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]

HKCU\...\Run: [Google Update] - C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-30] (Google Inc.)

HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6497592 2011-11-24] (Yahoo! Inc.)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-30] (Google Inc.)

HKCU\...\Run: [Exetender] - C:\Program Files (x86)\FantastiGames\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)

HKCU\...\Run: [Deployment] - rundll32 "C:\Users\Family\AppData\Local\Apps\Deployment\ikgkjlcidd.dll",DllRegisterServer <===== ATTENTION

HKCU\...\Run: [engineCommsInterval] - rundll32.exe "C:\Users\Family\AppData\Roaming\engineCommsInterval\engineCommsInterval.dll",gdMapnt5 btutilpnp <===== ATTENTION

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)

HKU\UpdatusUser\...\Run: [Exetender] - C:\Program Files (x86)\FantastiGames\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)

HKU\UpdatusUser\...\Run: [Google Update] - C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-30] (Google Inc.)

HKU\UpdatusUser\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6497592 2011-11-24] (Yahoo! Inc.)

HKU\UpdatusUser\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-30] (Google Inc.)

HKU\UpdatusUser\...\Run: [Deployment] - rundll32 "C:\Users\Family\AppData\Local\Apps\Deployment\ikgkjlcidd.dll",DllRegisterServer <===== ATTENTION

AppInit_DLLs: C:\PROGRA~2\FANTAS~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\FANTAS~1\Datamngr\x64\IEBHO.dll  [1527920 2012-09-02] (Koyote-Lab, inc)

AppInit_DLLs-x32: C:\PROGRA~2\FANTAS~1\Datamngr\datamngr.dll C:\PROGRA~2\FANTAS~1\Datamngr\IEBHO.dll [1184368 2012-09-02] (Koyote-Lab, inc)

Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x80FBB145B4AFCC01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8

URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=455&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=455&sr=0&q={searchTerms}

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=455&sr=0&q={searchTerms}

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)

BHO: DataMngr - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\FantastiGames Toolbar\Datamngr\x64\BrowserConnection.dll (Koyote-Lab, inc)

BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

BHO-x32: FantastiGames Toolbar - {b4de90bb-150d-4b33-95fe-6baac97e1c21} - C:\Program Files (x86)\FantastiGames Toolbar\Datamngr\ToolBar\fantastigamesdtx.dll ()

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: DataMngr - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\FantastiGames Toolbar\Datamngr\BrowserConnection.dll (Koyote-Lab, inc)

BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

Toolbar: HKLM-x32 - FantastiGames Toolbar - {b4de90bb-150d-4b33-95fe-6baac97e1c21} - C:\Program Files (x86)\FantastiGames Toolbar\Datamngr\ToolBar\fantastigamesdtx.dll ()

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======



CHR DefaultSearchURL: (Search Results) - http://search.fantastigames.com/web?src=crb&appid=101&systemid=455&sr=0&q={searchTerms}

CHR DefaultSuggestURL: (Search Results) -       "suggest_url": ""

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Family\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Family\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Family\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Yontoo) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0

CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Family\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

 

==================== Drivers (Whitelisted) ====================

 

S2 X5XSEx_Pr143; C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S2 X5XSEx_Pr143; C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-10-10 16:21 - 2013-10-10 16:21 - 00000000 ____D C:\FRST

2013-10-10 16:20 - 2013-10-10 16:20 - 01954124 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe

2013-10-10 16:06 - 2013-10-10 16:06 - 00012656 _____ C:\Users\Family\Desktop\attach.txt

2013-10-10 16:06 - 2013-10-10 16:06 - 00008122 _____ C:\Users\Family\Desktop\dds.txt

2013-10-10 16:03 - 2013-10-10 16:03 - 00688992 _____ (Swearware) C:\Users\Family\Downloads\dds (1).scr

2013-10-10 15:59 - 2013-10-10 15:59 - 00688992 ____R (Swearware) C:\Users\Family\Desktop\dds.scr

2013-10-10 15:44 - 2013-10-10 15:44 - 00283336 _____ C:\Windows\Minidump\101013-30420-01.dmp

2013-10-10 15:26 - 2013-10-10 15:26 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-10 15:26 - 2013-10-10 15:26 - 00000000 ____D C:\Users\Family\AppData\Roaming\Malwarebytes

2013-10-10 15:26 - 2013-10-10 15:26 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-10 15:26 - 2013-10-10 15:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-10 15:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-10 15:25 - 2013-10-10 15:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Family\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-10 15:08 - 2013-10-10 15:08 - 00283336 _____ C:\Windows\Minidump\101013-27050-01.dmp

2013-10-10 14:49 - 2013-10-10 14:49 - 00283224 _____ C:\Windows\Minidump\101013-38111-01.dmp

 

==================== One Month Modified Files and Folders =======

 

2013-10-10 16:21 - 2013-10-10 16:21 - 00000000 ____D C:\FRST

2013-10-10 16:20 - 2013-10-10 16:20 - 01954124 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe

2013-10-10 16:06 - 2013-10-10 16:06 - 00012656 _____ C:\Users\Family\Desktop\attach.txt

2013-10-10 16:06 - 2013-10-10 16:06 - 00008122 _____ C:\Users\Family\Desktop\dds.txt

2013-10-10 16:03 - 2013-10-10 16:03 - 00688992 _____ (Swearware) C:\Users\Family\Downloads\dds (1).scr

2013-10-10 15:59 - 2013-10-10 15:59 - 00688992 ____R (Swearware) C:\Users\Family\Desktop\dds.scr

2013-10-10 15:44 - 2013-10-10 15:44 - 00283336 _____ C:\Windows\Minidump\101013-30420-01.dmp

2013-10-10 15:44 - 2013-07-18 22:43 - 00000000 ____D C:\Windows\Minidump

2013-10-10 15:43 - 2013-07-18 22:42 - 272796530 _____ C:\Windows\MEMORY.DMP

2013-10-10 15:40 - 2011-11-30 17:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-10 15:39 - 2011-11-29 18:00 - 00000000 ____D C:\ProgramData\NVIDIA

2013-10-10 15:39 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-10 15:39 - 2009-07-13 22:51 - 00050781 _____ C:\Windows\setupact.log

2013-10-10 15:38 - 2010-11-20 21:47 - 00014398 _____ C:\Windows\PFRO.log

2013-10-10 15:26 - 2013-10-10 15:26 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-10 15:26 - 2013-10-10 15:26 - 00000000 ____D C:\Users\Family\AppData\Roaming\Malwarebytes

2013-10-10 15:26 - 2013-10-10 15:26 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-10 15:26 - 2013-10-10 15:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-10 15:25 - 2013-10-10 15:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Family\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-10 15:08 - 2013-10-10 15:08 - 00283336 _____ C:\Windows\Minidump\101013-27050-01.dmp

2013-10-10 14:49 - 2013-10-10 14:49 - 00283224 _____ C:\Windows\Minidump\101013-38111-01.dmp

 

Some content of TEMP:

====================

C:\Users\Family\AppData\Local\Temp\btsek9ld.dll

C:\Users\Family\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe

C:\Users\Family\AppData\Local\Temp\installhelper.dll

C:\Users\Family\AppData\Local\Temp\notepad.exe

C:\Users\Family\AppData\Local\Temp\SRAssetsHelper.dll

C:\Users\Family\AppData\Local\Temp\stub_455_softonic.exe

C:\Users\Family\AppData\Local\Temp\tkp-vsc7.dll

C:\Users\Family\AppData\Local\Temp\yontoo-c5.exe

C:\Users\Family\AppData\Local\Temp\YontooSetup-S.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2011-11-29 18:36

 

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013

Ran by Family at 2013-10-10 16:24:50

Running from C:\Users\Family\Downloads

Boot Mode: Safe Mode (with Networking)

==========================================================

 

 

==================== Security Center ========================

 

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

7 Wonders II (x32)

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)

Adobe Reader 9.5.0 (x32 Version: 9.5.0)

Agatha Christie: Dead Man's Folly (x32)

Chainz 2 Relinked (x32)

Curse Client (HKCU Version: 5.1.1.792)

Fantastigames (x32)

FantastiGames Toolbar (x32 Version: 4.1.0.3110)

Forté Agent (x32)

Google Chrome (HKCU Version: 28.0.1500.72)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)

Google Update Helper (x32 Version: 1.3.21.153)

Island Tribe 3 (x32)

Java Auto Updater (x32 Version: 2.0.2.4)

Java 6 Update 22 (x32 Version: 6.0.220)

Lottso Deluxe (x32)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)

NVIDIA 3D Vision Driver 285.62 (Version: 285.62)

NVIDIA Control Panel 285.62 (Version: 285.62)

NVIDIA Graphics Driver 285.62 (Version: 285.62)

NVIDIA Install Application (Version: 2.1002.46.235)

NVIDIA PhysX (x32 Version: 9.11.0621)

NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8562)

NVIDIA Update 1.5.20 (Version: 1.5.20)

NVIDIA Update Components (Version: 1.5.20)

ROBLOX Player (x32)

ROBLOX Studio 2013 (x32)

The Poppit Show (x32)

Unity Web Player (HKCU Version: )

World of Warcraft (x32 Version: 5.3.0.17128)

Yahoo! BrowserPlus 2.9.8 (HKCU)

Yahoo! Messenger (x32)

Yahoo! Software Update (x32)

Yahoo! Toolbar (x32)

Yontoo 1.10.02 (Version: 1.10.02)

 

==================== Restore Points  =========================

 

19-12-2012 00:42:21 Installed Adobe Reader 9.5.0.

 

==================== Hosts content: ==========================

 

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0303B0E2-4319-45B9-B2DD-F7BC87DBCAD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)

Task: {0307127A-E5A1-4FF3-8DC9-28E125B3DB3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)

Task: {1B669CB7-DD93-4477-88BA-ADA5D27E1232} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3048505303-2481802283-1831824445-1000Core => C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)

Task: {B4AF2576-9F7B-4A13-B0CE-FD2C96AE0E40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3048505303-2481802283-1831824445-1000UA => C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)

Task: {C0247A50-E395-4D50-A241-9DB8AFA190D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3048505303-2481802283-1831824445-1000Core.job => C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3048505303-2481802283-1831824445-1000UA.job => C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{7C458F7C-CFB9-4CA0-8575-7E00E8DFDA00}.job => C:\Windows\system32\msfeedssync.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-07-17 21:07 - 2013-07-12 12:49 - 04052944 _____ () C:\Users\Family\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll

2013-07-17 21:07 - 2013-07-12 12:49 - 00396240 _____ () C:\Users\Family\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll

2013-07-17 21:07 - 2013-07-12 12:48 - 01597392 _____ () C:\Users\Family\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll

2013-07-17 21:07 - 2013-07-12 12:49 - 13599184 _____ () C:\Users\Family\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/10/2013 04:21:53 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

 

Error: (10/10/2013 04:21:28 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 04:05:42 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

 

Error: (10/10/2013 04:05:22 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 03:56:17 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 03:55:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

 

Error: (10/10/2013 03:46:24 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 03:46:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

 

Error: (10/10/2013 03:40:46 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 03:28:51 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (10/10/2013 04:22:31 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/10/2013 04:22:31 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/10/2013 04:22:31 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/10/2013 04:20:24 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/10/2013 04:20:24 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/10/2013 04:20:24 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/10/2013 04:15:25 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/10/2013 04:15:25 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/10/2013 04:15:25 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (10/10/2013 04:13:17 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

 

Microsoft Office Sessions:

=========================

Error: (10/10/2013 04:21:53 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (10/10/2013 04:21:28 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 04:05:42 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (10/10/2013 04:05:22 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 03:56:17 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 03:55:44 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (10/10/2013 03:46:24 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 03:46:21 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (10/10/2013 03:40:46 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/10/2013 03:28:51 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-10-10 15:39:36.416

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-10 15:05:25.900

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-10-10 14:50:14.461

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-26 20:28:46.984

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-26 20:24:03.748

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-07-26 19:57:41.406

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-07-26 19:47:32.074

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-07-26 19:44:24.051

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-07-21 12:47:55.000

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-07-18 22:44:10.217

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 68%

Total physical RAM: 2046.55 MB

Available physical RAM: 644.51 MB

Total Pagefile: 4093.11 MB

Available Pagefile: 2774.72 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:298.09 GB) (Free:111.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CDFBC5F7)

Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

See if it will now boot to normal mode...

 

Also zip up and attach the two most recent files from this folder...

 

C:\Windows\Minidump
 

 

Kevin

fixlist.txt

Link to post
Share on other sites

After Running FRST restarted in Normal Mode.  Still re-booted with blue screen.

 

Didn't attach Minidumps because I couldn't figure out how to attach a file.  Checked HELP on POSTING and it send press button but I couldn't figure out what button.

 

Thanks,

Mike

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013

Ran by Family at 2013-10-10 17:21:38 Run:1

Running from C:\Users\Family\Desktop

Boot Mode: Safe Mode (with Networking)

==============================================

 

Content of fixlist:

*****************

Start

HKCU\...\Run: [Deployment] - rundll32 "C:\Users\Family\AppData\Local\Apps\Deployment\ikgkjlcidd.dll",DllRegisterServer <===== ATTENTION

HKCU\...\Run: [engineCommsInterval] - rundll32.exe "C:\Users\Family\AppData\Roaming\engineCommsInterval\engineCommsInterval.dll",gdMapnt5 btutilpnp <===== ATTENTION

C:\Users\Family\AppData\Local\Apps\Deployment\ikgkjlcidd.dll

C:\Users\Family\AppData\Roaming\engineCommsInterval

HKU\UpdatusUser\...\Run: [Deployment] - rundll32 "C:\Users\Family\AppData\Local\Apps\Deployment\ikgkjlcidd.dll",DllRegisterServer <===== ATTENTION

AppInit_DLLs: C:\PROGRA~2\FANTAS~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\FANTAS~1\Datamngr\x64\IEBHO.dll  [1527920 2012-09-02] (Koyote-Lab, inc)

AppInit_DLLs-x32: C:\PROGRA~2\FANTAS~1\Datamngr\datamngr.dll C:\PROGRA~2\FANTAS~1\Datamngr\IEBHO.dll [1184368 2012-09-02] (Koyote-Lab, inc)

C:\Users\Family\AppData\Local\Temp\btsek9ld.dll

C:\Users\Family\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe

C:\Users\Family\AppData\Local\Temp\installhelper.dll

C:\Users\Family\AppData\Local\Temp\notepad.exe

C:\Users\Family\AppData\Local\Temp\SRAssetsHelper.dll

C:\Users\Family\AppData\Local\Temp\stub_455_softonic.exe

C:\Users\Family\AppData\Local\Temp\tkp-vsc7.dll

C:\Users\Family\AppData\Local\Temp\yontoo-c5.exe

C:\Users\Family\AppData\Local\Temp\YontooSetup-S.exe

End

 

*****************

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Deployment => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\engineCommsInterval => Value deleted successfully.

C:\Users\Family\AppData\Local\Apps\Deployment\ikgkjlcidd.dll => Moved successfully.

C:\Users\Family\AppData\Roaming\engineCommsInterval => Moved successfully.

HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\Deployment => Value deleted successfully.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

C:\Users\Family\AppData\Local\Temp\btsek9ld.dll => Moved successfully.

C:\Users\Family\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe => Moved successfully.

C:\Users\Family\AppData\Local\Temp\installhelper.dll => Moved successfully.

C:\Users\Family\AppData\Local\Temp\notepad.exe => Moved successfully.

C:\Users\Family\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.

C:\Users\Family\AppData\Local\Temp\stub_455_softonic.exe => Moved successfully.

C:\Users\Family\AppData\Local\Temp\tkp-vsc7.dll => Moved successfully.

C:\Users\Family\AppData\Local\Temp\yontoo-c5.exe => Moved successfully.

C:\Users\Family\AppData\Local\Temp\YontooSetup-S.exe => Moved successfully.

 

==== End of Fixlog ====
Link to post
Share on other sites

Navigate to this folder C:\Windows\Minidump look for the most recent dump files. Usually there will be a series of digits appending the file, that is the date.... 

 

Right click on the file > select > send to > compressed (zipped) folder. The zipped file will be saved next to original, do that for the two most recent.

 

Open a reply to this thread, Under the reply box you will see "More Reply Options" tab, select that. A new reply box opens, under that reply box you see "Attach Files" select the "Browse" tab, select that and browse to each zip file, Double click on that file, then use "Attach This File"

 

The zipped file is attached, repeat process to add more files.....

Link to post
Share on other sites

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
     
    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats
     
    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence
     
    drwebscan.JPG
     
  • Once the scan has finished click open report
     
    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

 

This log will be excessive, Attach it to your next reply…

Link to post
Share on other sites

Run Quick scan with Malwarebytes, post that log..

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs, let me know if any remaining issues or concerns..

Link to post
Share on other sites

Ran MBAM.  Will now run Screen317

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.10.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Family :: FAMILY-PC [administrator]

 

10/15/2013 4:17:12 PM

mbam-log-2013-10-15 (16-17-12).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 251886

Time elapsed: 8 minute(s), 54 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

As far as we can tell, there are no more issues.  We will be installing an Antivirus Suite.

 

 

 Results of screen317's Security Check version 0.99.74  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 22  

 Java version out of Date! 

 Adobe Reader 9 Adobe Reader out of Date! 

 Google Chrome 27.0.1453.116  

 Google Chrome 28.0.1500.72  

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

I`d recommend Microsoft Security Essentials, get it here http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

When the install is complete carry out a quick scan, let me know if anything is found...

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very important

 

Let me know if those steps complete, also if any remaining issues or concerns....

Link to post
Share on other sites

That is good news, Ok do the following:

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Delete FRST.exe from your Desktop, navigate to and delete its folder C:\FRST

 

Next,

 

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

 

Any tools/logs remaining on the Desktop or your Downloads folder can be deleted.

 

Next,

 

Download and install CCleaner from here:

 

http://www.piriform.com/ccleaner/builds   Ensure to select Slim version. (No Toolbar)

 

 Then select the items you wish to clean up.

 

In the Windows Tab:

 


    Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    Clean all the entries in the "Windows Explorer" section.
    Clean all entries in the "System" section.
    Clean all entries in the "Advanced" section.
    Clean any others that you choose.
    Make sure "Wipe free space" is unticked, this will dramatically increase scan time if selected.

 

 

In the Applications Tab


     Clean all except cookies in the Firefox/Mozilla section if you use it.
     Clean all in the Opera section if you use it.
     Clean Sun Java in the Internet Section.
     Clean any others that you choose.    

 

4. Click the "Run Cleaner" button.

5. A pop up box will appear advising this process will permanently delete files from your system.

6. Click "OK" and it will scan and clean your system.

7. Click "exit" when done.

 

CCleaner is an excellent Utility and well worth keeping, bottom left hand corner of main interface is link "Online Help" use that link to get the full instructions for this very handy application.

 

Finally,

 

Create a new restore point:

 

   1. Right-click on Computer and go to Properties.

   2. Next click on the System Protection link.

   3. The System Properties dialog screen opens up and you will want to click on Create.

   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

   5. You should see the message "The restore point was created successfully

 

To remove all but the most recent restore point do the following:

 

   1.      Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

   2.      If prompted, select the drive that you want to clean up, and then click OK.

   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

   4.      If prompted, select the drive that you want to clean up, and then click OK.

   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

   6.      In the Disk Cleanup dialog box, click Delete.

   7.      Click Delete Files, and then click OK. Re-Boot your PC.

 

Let me know if those steps complete, also if any remaining issues or concerns...

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.