Jump to content

I am infected with Torjan.exe 32*


Recommended Posts

Dear Gentlemen

 

Sorry but it's my first time to write here. This is my brother PC and he's young

and use to install programs that he doesn't know the source if it's safe or not

so there'r many tool-bars and other stuff that I don't have an idea about and I  

tried to uninstall some of it, my current problem is that I installed a free-trail for 

avast Anit-Virus and it finished before some days and I forgot to re-install the

free version so I got infected by a virus called Torjan.exe 32* as I saw it in the 

Task Manager and here is the picture to see it:

post-147003-0-75198400-1382142491_thumb.

 

and here some strange messages when the windows starts:

post-147003-0-31145000-1382142944_thumb.

 

 

I tried some solutions from Youtube but didn't used to work plus that I have no 

experience in viruses so please help me out to get rid of it, Thanks for everything.

 

Notice: I am from a country that doesn't speak English so please kindly use

common phrases when you try to write for me and I will be so thankful.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This is FRST File:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by EMACHINES (administrator) on EMACHINES-PC on 25-10-2013 14:21:42
Running from C:\Users\EMACHINES\Desktop\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [5cd8f17f4086744065eb0992a09e05a2] - C:\Users\EMACHINES\AppData\Local\Temp\Trojan.exe [179712 2013-09-17] () <===== ATTENTION
HKCU\...\Run: [Advanced SystemCare Ultimate] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [512384 2012-11-07] (IObit)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-10-19] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [iObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [4474832 2012-12-25] (IObit)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [searchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1365824 2013-10-10] (Spigot, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [227872 2009-07-22] ()
HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [227872 2009-07-22] ()
IMEO\bitguard.exe: [Debugger] tasklist.exe
IMEO\bprotect.exe: [Debugger] tasklist.exe
IMEO\browsemngr.exe: [Debugger] tasklist.exe
IMEO\browserdefender.exe: [Debugger] tasklist.exe
IMEO\browsermngr.exe: [Debugger] tasklist.exe
IMEO\browserprotect.exe: [Debugger] tasklist.exe
IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IMEO\cltmngsvc.exe: [Debugger] tasklist.exe
IMEO\delta babylon.exe: [Debugger] tasklist.exe
IMEO\delta tb.exe: [Debugger] tasklist.exe
IMEO\delta2.exe: [Debugger] tasklist.exe
IMEO\deltainstaller.exe: [Debugger] tasklist.exe
IMEO\deltasetup.exe: [Debugger] tasklist.exe
IMEO\deltatb.exe: [Debugger] tasklist.exe
IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IMEO\iminentsetup.exe: [Debugger] tasklist.exe
IMEO\rjatydimofu.exe: [Debugger] tasklist.exe
IMEO\sweetimsetup.exe: [Debugger] tasklist.exe
IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\EMACHINES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe ()
AlternateShell: 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10649A&gct=hp&d=410-0&v=n9397-133&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1850&r=17360613q106pe475x1l5r4652s482
URLSearchHook: (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File
SearchScopes: HKCU - DefaultScope {4B42FDF1-00DB-4140-B4ED-B06CE5FC7E64} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=803D001EE5EA669D&affID=122140&tsp=4991
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {4B42FDF1-00DB-4140-B4ED-B06CE5FC7E64} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {7C1A18EC-D8ED-4686-BD2A-1D7E31A70E38} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN20598383929060244&UM=1
SearchScopes: HKCU - {AD995016-DD47-4438-802C-AB533D4C9748} URL = http://searchou.com/?q={searchTerms}&id=803d30f3000000000000001ee5ea669c&affilt=5&r=946
BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.0\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.0\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\EMACHINES\AppData\Roaming\Mozilla\Firefox\Profiles\1krxph9i.default
FF user.js: detected! => C:\Users\EMACHINES\AppData\Roaming\Mozilla\Firefox\Profiles\1krxph9i.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_160.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\EMACHINES\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\EMACHINES\AppData\Roaming\Mozilla\Firefox\Profiles\1krxph9i.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\EMACHINES\AppData\Roaming\Mozilla\Firefox\Profiles\1krxph9i.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\EMACHINES\AppData\Roaming\Mozilla\Firefox\Profiles\1krxph9i.default\searchplugins\privitize.xml
FF SearchPlugin: C:\Users\EMACHINES\AppData\Roaming\Mozilla\Firefox\Profiles\1krxph9i.default\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\EMACHINES\AppData\Roaming\Mozilla\Firefox\Profiles\1krxph9i.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: No Name - C:\Users\EMACHINES\AppData\Roaming\Mozilla\Firefox\Profiles\1krxph9i.default\Extensions\staged
FF Extension: fhdp - C:\Users\EMACHINES\AppData\Roaming\Mozilla\Firefox\Profiles\1krxph9i.default\Extensions\fhdp@fhdp.tv.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files (x86)\Real\RealPlayer\browserrecord
 
Chrome: 
=======
CHR DefaultSuggestURL: (Yahoo) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\EMACHINES\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_160.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (GeniusXX Safe ads) - C:\Users\EMACHI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fckenojfmfijmbkigoajddgondmfhefd\1.0_0
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\EMACHI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0
CHR Extension: (Domain Error Assistant) - C:\Users\EMACHI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: (Slick Savings) - C:\Users\EMACHI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\EMACHI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\EMACHI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\EMACHI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\EMACHINES\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [1051088 2012-12-13] (IObit)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [623936 2013-07-08] (IOBit)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-19] (AVAST Software)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [303864 2009-10-10] (WildTangent, Inc.)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" [x]
S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-19] (AVAST Software)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33224 2012-07-05] (IObit.com)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21904 2012-07-05] (IObit.com)
U5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [84328 2013-10-19] (AVAST Software)
U5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1032416 2013-10-19] (AVAST Software)
U5 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [65264 2013-10-19] (AVAST Software)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
S2 vcs; \??\C:\Users\EMACHINES\Downloads\avch3\vcs.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-25 14:21 - 2013-10-25 14:21 - 00000000 ____D C:\FRST
2013-10-25 13:28 - 2013-10-25 13:29 - 00000000 ____D C:\Users\EMACHINES\Desktop\مشكلة تورجان
2013-10-25 12:59 - 2013-10-25 12:59 - 00000000 ____D C:\Users\EMACHINES\Downloads\EnchantView Mod Installer 1.6.4
2013-10-25 12:58 - 2013-10-25 12:58 - 00588654 _____ C:\Users\EMACHINES\Downloads\EnchantView Mod Installer 1.6.4.zip
2013-10-23 21:45 - 2013-10-23 21:45 - 00002129 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
2013-10-22 14:27 - 2013-10-22 14:27 - 00000000 ____D C:\Users\EMACHINES\Desktop\d7OOOMY999
2013-10-21 23:15 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-21 23:15 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-21 23:15 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-21 23:15 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-21 23:14 - 2013-10-21 23:15 - 00004674 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGTDIA.SYS
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGRKX64.SYS
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGLOGA.SYS
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGIDSHA.SYS
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGIDSDRIVERA.SYS
2013-10-21 22:30 - 2013-10-22 00:16 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-21 21:48 - 2013-10-21 21:49 - 00003116 _____ C:\Windows\System32\Tasks\ASC6_PerformanceMonitor
2013-10-21 21:48 - 2013-10-21 21:48 - 00001279 _____ C:\Users\Public\Desktop\Advanced SystemCare Ultimate.lnk
2013-10-21 21:48 - 2013-10-21 21:48 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\Apple Computer
2013-10-21 21:48 - 2013-10-21 21:48 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-10-21 21:48 - 2013-10-21 21:48 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-10-21 21:48 - 2013-10-21 21:48 - 00000000 ____D C:\IObit
2013-10-21 21:43 - 2013-10-21 21:43 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-10-21 21:43 - 2013-10-21 21:43 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-10-21 21:42 - 2013-10-21 21:48 - 00001318 _____ C:\Users\EMACHINES\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-10-21 21:42 - 2013-10-21 21:48 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\IObit
2013-10-21 21:42 - 2013-10-21 21:42 - 00001182 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-10-21 21:40 - 2013-10-21 21:40 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-21 21:38 - 2013-10-21 21:39 - 05849088 _____ C:\Users\EMACHINES\Desktop\hamachi.msi
2013-10-19 04:16 - 2013-10-19 04:16 - 00276888 _____ C:\Windows\Minidump\101913-17924-01.dmp
2013-10-19 04:01 - 2013-10-19 04:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\60104185.sys
2013-10-19 04:00 - 2013-10-19 04:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-19 04:00 - 2013-10-19 04:14 - 00000000 ____D C:\Users\EMACHINES\Desktop\mbar
2013-10-19 03:52 - 2013-10-19 03:52 - 00276888 _____ C:\Windows\Minidump\101913-17784-01.dmp
2013-10-19 03:46 - 2013-10-19 03:46 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 03:40 - 2013-10-19 03:40 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\AVAST Software
2013-10-19 03:38 - 2013-10-19 03:38 - 00276888 _____ C:\Windows\Minidump\101913-30498-01.dmp
2013-10-19 03:34 - 2013-10-19 03:34 - 00001975 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-19 03:32 - 2013-10-19 03:32 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-19 03:32 - 2013-10-19 03:32 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-19 03:30 - 2013-10-22 14:00 - 00000000 ____D C:\ProgramData\MFAData
2013-10-19 03:30 - 2013-10-19 03:30 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\MFAData
2013-10-19 03:24 - 2013-10-19 03:24 - 00000206 _____ C:\Users\Public\Documents\Setup.log.lnk
2013-10-19 03:21 - 2013-10-19 03:21 - 00000206 _____ C:\ProgramData\htsykd
2013-10-19 03:19 - 2013-10-19 03:19 - 00123392 ____H C:\Users\vjgumr.tmp
2013-10-19 03:13 - 2013-10-19 03:13 - 00276888 _____ C:\Windows\Minidump\101913-29874-01.dmp
2013-10-19 01:37 - 2013-10-19 01:37 - 00000206 _____ C:\Users\Public\Documents\xyfq
2013-10-19 01:34 - 2013-10-19 01:34 - 00000206 _____ C:\ProgramData\ngjeht.lnk
2013-10-19 01:33 - 2013-10-19 01:33 - 00123392 ____H C:\Users\siapxq.tmp
2013-10-19 01:33 - 2013-10-19 01:33 - 00003258 _____ C:\Windows\System32\Tasks\{E8C806C8-317A-4E6B-B541-80E57DCB08A3}
2013-10-19 01:31 - 2013-10-19 01:31 - 00000088 _____ C:\Windows\SysWOW64\13033971088564274865.log
2013-10-19 01:21 - 2013-10-19 01:21 - 00000206 _____ C:\Users\Public\Documents\0000001C.lnk
2013-10-19 01:20 - 2013-10-19 01:20 - 00003106 _____ C:\Windows\System32\Tasks\{CB492C11-91A6-44F9-AC2F-E311A3522615}
2013-10-19 01:17 - 2013-10-19 01:17 - 00000206 _____ C:\ProgramData\Updater6.lnk
2013-10-19 01:16 - 2013-10-19 01:16 - 00123392 ____H C:\Users\qtystp.tmp
2013-10-19 01:13 - 2013-10-19 01:14 - 00276888 _____ C:\Windows\Minidump\101913-20467-01.dmp
2013-10-18 23:52 - 2013-10-18 23:52 - 00000000 ____D C:\Windows\system32\MRT
2013-10-18 23:52 - 2013-09-26 01:46 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-18 23:49 - 2013-10-18 23:49 - 00000202 _____ C:\Users\Public\Documents\AIR.lnk
2013-10-18 23:45 - 2013-10-18 23:45 - 00000202 _____ C:\ProgramData\Data1.cab.lnk
2013-10-18 23:43 - 2013-10-18 23:43 - 00123392 ____H C:\Users\jflk.tmp
2013-10-18 23:41 - 2013-10-18 23:41 - 00276888 _____ C:\Windows\Minidump\101813-29390-01.dmp
2013-10-18 23:33 - 2013-10-18 23:33 - 00000206 _____ C:\Users\Public\Documents\OptimizerPro.exe.lnk
2013-10-18 22:04 - 2013-10-18 22:04 - 00000206 _____ C:\ProgramData\mfdl.lnk
2013-10-18 22:03 - 2013-10-18 22:03 - 00123392 ____H C:\Users\vulhvu.tmp
2013-10-18 22:00 - 2013-10-19 04:16 - 352016883 _____ C:\Windows\MEMORY.DMP
2013-10-18 22:00 - 2013-10-19 04:16 - 00000000 ____D C:\Windows\Minidump
2013-10-18 22:00 - 2013-10-18 22:00 - 00276888 _____ C:\Windows\Minidump\101813-19531-01.dmp
2013-10-18 21:55 - 2013-10-18 21:55 - 00000204 _____ C:\Users\Public\Documents\directories.acrodata.lnk
2013-10-18 21:52 - 2013-10-18 21:52 - 00000204 _____ C:\ProgramData\APN-Stub.lnk
2013-10-18 21:50 - 2013-10-18 21:50 - 00123392 ____H C:\Users\ocndv.tmp
2013-10-18 21:49 - 2013-10-18 21:49 - 00099328 __RSH C:\qlpd.exe
2013-10-18 21:48 - 2013-10-18 21:48 - 00000000 ____D C:\Extracted
2013-10-17 23:54 - 2013-10-19 02:24 - 00000000 ____D C:\ProgramData\Mirillis
2013-10-17 23:54 - 2013-10-18 15:14 - 00002936 _____ C:\Windows\windefendam.log
2013-10-17 23:54 - 2013-10-18 15:14 - 00000020 _____ C:\Windows\capsys184523.log
2013-10-17 23:54 - 2013-10-17 23:54 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\Mirillis
2013-10-16 15:06 - 2013-10-17 23:54 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\Mirillis
2013-10-16 15:06 - 2013-10-16 15:06 - 00000000 ____D C:\Users\EMACHINES\Documents\Action!
2013-10-16 15:00 - 2013-10-18 15:18 - 00000000 ____D C:\Program Files (x86)\Mirillis
2013-10-15 00:32 - 2013-10-15 00:32 - 00000000 ____D C:\Users\EMACHINES\Documents\FlashIntegro
2013-10-15 00:32 - 2013-10-15 00:32 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\VideoEditor
2013-10-15 00:30 - 2013-10-01 16:15 - 00082488 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax
2013-10-15 00:30 - 2005-08-01 19:43 - 00245760 _____ () C:\Windows\SysWOW64\lame.ax
2013-10-15 00:30 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2013-10-15 00:30 - 2004-09-06 16:06 - 00053248 _____ C:\Windows\SysWOW64\xvid.ax
2013-10-15 00:30 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2013-10-15 00:30 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2013-10-15 00:30 - 2003-05-21 23:50 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-10-15 00:30 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2013-10-15 00:30 - 2003-05-21 23:50 - 00156910 _____ C:\Windows\WMSysPr8.prx
2013-10-15 00:30 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2013-10-15 00:30 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2013-10-15 00:30 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2013-10-15 00:30 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2013-10-15 00:30 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2013-10-14 20:27 - 2013-10-14 20:27 - 00000359 _____ C:\Users\EMACHINES\Recycle Bin - Shortcut.lnk
2013-10-14 20:27 - 2013-10-14 20:27 - 00000355 _____ C:\Users\EMACHINES\Computer - Shortcut.lnk
2013-10-14 20:27 - 2013-10-14 20:27 - 00000351 _____ C:\Users\EMACHINES\Network - Shortcut.lnk
2013-10-14 20:19 - 2013-10-19 01:30 - 00000000 ____D C:\Program Files (x86)\RocketDock
2013-10-13 01:23 - 2013-10-13 01:23 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-10-13 01:23 - 2013-10-13 01:23 - 00000000 ____D C:\ProgramData\Browser Manager
2013-10-13 00:41 - 2013-10-13 00:52 - 00000000 ____D C:\Users\EMACHINES\Documents\FormatFactory
2013-10-13 00:38 - 2013-10-18 21:52 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-13 00:38 - 2013-10-13 00:42 - 00000000 ____D C:\FFOutput
2013-10-13 00:37 - 2013-09-23 22:35 - 00509872 _____ (Ask Partner Network) C:\Users\EMACHINES\Documents\APNSetup.exe
2013-10-13 00:26 - 2013-10-13 00:26 - 00000000 ____D C:\Program Files (x86)\Free mp3 Wma Converter
2013-10-12 17:26 - 2013-10-12 17:27 - 00000000 ____D C:\Users\EMACHINES\Fraps v3.4.0 (Full Registered Version) [RH]
2013-10-11 03:21 - 2013-10-11 02:44 - 00112008 _____ C:\Users\EMACHINES\Documents\taxonomy.php
2013-10-11 02:41 - 2013-06-06 09:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 02:41 - 2013-06-06 09:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 02:41 - 2013-06-06 09:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 02:41 - 2013-06-06 09:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 02:41 - 2013-06-06 08:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 02:41 - 2013-06-06 08:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 02:41 - 2013-06-06 08:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 02:41 - 2013-06-06 07:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 02:41 - 2013-06-06 07:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 02:41 - 2013-06-06 07:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 01:39 - 2013-10-11 01:39 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\SmartFTP
2013-10-11 01:38 - 2013-08-19 04:52 - 00072160 _____ C:\Users\EMACHINES\Documents\template.php
2013-10-11 01:26 - 2013-10-11 01:26 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\SmartFTP
2013-10-11 01:24 - 2013-10-11 01:24 - 00000000 ____D C:\Program Files\SmartFTP Client
2013-10-11 01:23 - 2013-10-11 01:23 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\SmartFTP Client 5.0 Setup
2013-10-10 00:18 - 2013-09-23 03:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 00:18 - 2013-09-21 07:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 00:18 - 2013-09-21 07:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 00:17 - 2013-09-23 03:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 00:17 - 2013-09-23 03:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 00:17 - 2013-09-23 03:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 00:17 - 2013-09-23 02:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 00:17 - 2013-09-23 02:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 00:17 - 2013-09-23 02:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 00:17 - 2013-09-23 02:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 00:17 - 2013-09-23 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 00:17 - 2013-09-21 06:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 00:17 - 2013-09-21 06:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 22:35 - 2013-07-04 16:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 22:35 - 2013-07-04 15:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 22:34 - 2013-09-14 05:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 22:34 - 2013-09-08 06:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 22:34 - 2013-09-08 06:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 22:34 - 2013-09-08 06:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 22:34 - 2013-08-28 05:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 22:34 - 2013-07-12 14:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 22:34 - 2013-07-12 14:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 22:34 - 2013-07-04 16:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 22:34 - 2013-07-04 16:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 22:34 - 2013-07-04 15:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 22:34 - 2013-07-04 15:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 22:34 - 2013-07-04 14:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 22:34 - 2013-07-03 08:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 22:34 - 2013-07-03 08:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 22:34 - 2013-06-26 02:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 22:33 - 2013-09-04 16:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 22:33 - 2013-09-04 16:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 22:33 - 2013-09-04 16:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 22:33 - 2013-09-04 16:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 22:33 - 2013-09-04 16:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 22:33 - 2013-09-04 16:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 22:33 - 2013-09-04 16:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 22:33 - 2013-08-29 06:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 22:33 - 2013-08-29 06:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 22:33 - 2013-08-29 06:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 22:33 - 2013-08-29 06:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 22:33 - 2013-08-29 06:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 22:33 - 2013-08-29 05:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 22:33 - 2013-08-29 05:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 22:33 - 2013-08-29 05:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 22:33 - 2013-08-29 05:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 22:33 - 2013-08-29 05:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 22:33 - 2013-08-29 05:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 22:33 - 2013-08-29 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 22:33 - 2013-08-29 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 22:33 - 2013-08-29 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 22:33 - 2013-08-29 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 22:33 - 2013-08-28 05:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 22:33 - 2013-08-01 16:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 22:33 - 2013-07-20 14:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:33 - 2013-07-20 14:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-04 16:41 - 2013-10-18 23:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-04 16:41 - 2013-10-04 16:41 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\LogMeIn
2013-09-28 23:29 - 2013-09-28 23:43 - 00000000 ____D C:\DotNet
2013-09-28 17:47 - 2013-10-19 02:29 - 00000000 ____D C:\ProgramData\SummerSoft
2013-09-28 17:46 - 2013-10-19 03:24 - 00000000 ____D C:\ProgramData\DowNloeaud keepeR
 
==================== One Month Modified Files and Folders =======
 
2013-10-25 14:21 - 2013-10-25 14:21 - 00000000 ____D C:\FRST
2013-10-25 14:14 - 2013-06-06 03:29 - 01826424 _____ C:\Windows\WindowsUpdate.log
2013-10-25 14:00 - 2013-06-05 19:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-25 13:42 - 2013-08-14 13:23 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\.minecraft
2013-10-25 13:29 - 2013-10-25 13:28 - 00000000 ____D C:\Users\EMACHINES\Desktop\مشكلة تورجان
2013-10-25 12:59 - 2013-10-25 12:59 - 00000000 ____D C:\Users\EMACHINES\Downloads\EnchantView Mod Installer 1.6.4
2013-10-25 12:58 - 2013-10-25 12:58 - 00588654 _____ C:\Users\EMACHINES\Downloads\EnchantView Mod Installer 1.6.4.zip
2013-10-25 12:53 - 2009-07-14 08:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 12:53 - 2009-07-14 08:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-25 12:46 - 2013-06-08 16:55 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\LogMeIn Hamachi
2013-10-25 12:46 - 2013-06-05 19:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-25 12:46 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 12:46 - 2009-07-14 08:51 - 00131588 _____ C:\Windows\setupact.log
2013-10-23 21:45 - 2013-10-23 21:45 - 00002129 _____ C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
2013-10-23 21:37 - 2013-08-20 20:29 - 00000000 ____D C:\GTA San Andreas
2013-10-23 21:37 - 2013-08-20 19:43 - 00000000 ____D C:\Users\EMACHINES\Documents\GTA San Andreas User Files
2013-10-22 14:27 - 2013-10-22 14:27 - 00000000 ____D C:\Users\EMACHINES\Desktop\d7OOOMY999
2013-10-22 14:00 - 2013-10-19 03:30 - 00000000 ____D C:\ProgramData\MFAData
2013-10-22 14:00 - 2010-03-19 00:27 - 00459074 _____ C:\Windows\PFRO.log
2013-10-22 00:16 - 2013-10-21 22:30 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-21 23:15 - 2013-10-21 23:14 - 00004674 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-21 23:15 - 2013-06-06 00:23 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGTDIA.SYS
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGRKX64.SYS
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGLOGA.SYS
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGIDSHA.SYS
2013-10-21 22:36 - 2013-10-21 22:36 - 00000000 _____ C:\Windows\SysWOW64\Drivers\AVGIDSDRIVERA.SYS
2013-10-21 22:32 - 2013-07-15 22:03 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\TuneUp Software
2013-10-21 21:49 - 2013-10-21 21:48 - 00003116 _____ C:\Windows\System32\Tasks\ASC6_PerformanceMonitor
2013-10-21 21:48 - 2013-10-21 21:48 - 00001279 _____ C:\Users\Public\Desktop\Advanced SystemCare Ultimate.lnk
2013-10-21 21:48 - 2013-10-21 21:48 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\Apple Computer
2013-10-21 21:48 - 2013-10-21 21:48 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-10-21 21:48 - 2013-10-21 21:48 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-10-21 21:48 - 2013-10-21 21:48 - 00000000 ____D C:\IObit
2013-10-21 21:48 - 2013-10-21 21:42 - 00001318 _____ C:\Users\EMACHINES\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-10-21 21:48 - 2013-10-21 21:42 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\IObit
2013-10-21 21:48 - 2013-08-05 22:00 - 00000000 ____D C:\ProgramData\IObit
2013-10-21 21:48 - 2013-08-05 22:00 - 00000000 ____D C:\Program Files (x86)\IObit
2013-10-21 21:43 - 2013-10-21 21:43 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-10-21 21:43 - 2013-10-21 21:43 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-10-21 21:42 - 2013-10-21 21:42 - 00001182 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-10-21 21:40 - 2013-10-21 21:40 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-21 21:39 - 2013-10-21 21:38 - 05849088 _____ C:\Users\EMACHINES\Desktop\hamachi.msi
2013-10-19 22:19 - 2009-07-14 09:13 - 00783270 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 21:41 - 2013-08-04 04:15 - 00000000 ____D C:\Windows\pss
2013-10-19 21:41 - 2013-06-05 16:47 - 00000000 ___RD C:\Users\EMACHINES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-19 04:16 - 2013-10-19 04:16 - 00276888 _____ C:\Windows\Minidump\101913-17924-01.dmp
2013-10-19 04:16 - 2013-10-18 22:00 - 352016883 _____ C:\Windows\MEMORY.DMP
2013-10-19 04:16 - 2013-10-18 22:00 - 00000000 ____D C:\Windows\Minidump
2013-10-19 04:14 - 2013-10-19 04:00 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-19 04:14 - 2013-10-19 04:00 - 00000000 ____D C:\Users\EMACHINES\Desktop\mbar
2013-10-19 04:01 - 2013-10-19 04:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\60104185.sys
2013-10-19 03:53 - 2013-06-05 16:40 - 00000000 ____D C:\Users\EMACHINES
2013-10-19 03:52 - 2013-10-19 03:52 - 00276888 _____ C:\Windows\Minidump\101913-17784-01.dmp
2013-10-19 03:46 - 2013-10-19 03:46 - 00000000 ____D C:\Windows\ERUNT
2013-10-19 03:40 - 2013-10-19 03:40 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\AVAST Software
2013-10-19 03:38 - 2013-10-19 03:38 - 00276888 _____ C:\Windows\Minidump\101913-30498-01.dmp
2013-10-19 03:34 - 2013-10-19 03:34 - 00001975 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-19 03:32 - 2013-10-19 03:32 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-19 03:32 - 2013-10-19 03:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-19 03:32 - 2013-10-19 03:32 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-19 03:32 - 2013-06-05 20:41 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-19 03:30 - 2013-10-19 03:30 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\MFAData
2013-10-19 03:24 - 2013-10-19 03:24 - 00000206 _____ C:\Users\Public\Documents\Setup.log.lnk
2013-10-19 03:24 - 2013-09-28 17:46 - 00000000 ____D C:\ProgramData\DowNloeaud keepeR
2013-10-19 03:21 - 2013-10-19 03:21 - 00000206 _____ C:\ProgramData\htsykd
2013-10-19 03:19 - 2013-10-19 03:19 - 00123392 ____H C:\Users\vjgumr.tmp
2013-10-19 03:13 - 2013-10-19 03:13 - 00276888 _____ C:\Windows\Minidump\101913-29874-01.dmp
2013-10-19 03:13 - 2013-09-15 16:58 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-19 03:13 - 2010-03-19 00:19 - 00000000 ____D C:\Program Files\Google
2013-10-19 03:13 - 2010-03-19 00:19 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-19 03:05 - 2009-07-14 09:08 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-19 02:30 - 2013-08-13 15:25 - 00000000 ____D C:\ProgramData\WarThunder
2013-10-19 02:30 - 2013-07-15 22:03 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-19 02:29 - 2013-09-28 17:47 - 00000000 ____D C:\ProgramData\SummerSoft
2013-10-19 02:29 - 2013-07-02 23:53 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-10-19 02:29 - 2013-06-06 00:23 - 00000000 ____D C:\ProgramData\Sun
2013-10-19 02:28 - 2013-07-29 07:39 - 00000000 ____D C:\ProgramData\Skype
2013-10-19 02:28 - 2013-07-27 05:39 - 00000000 ____D C:\ProgramData\Roblox
2013-10-19 02:28 - 2010-03-19 00:28 - 00000000 ____D C:\ProgramData\OEM
2013-10-19 02:26 - 2010-03-19 00:25 - 00000000 ____D C:\ProgramData\Norton
2013-10-19 02:26 - 2010-03-19 00:20 - 00000000 ____D C:\ProgramData\Nero
2013-10-19 02:25 - 2013-08-20 22:52 - 00000000 ____D C:\ProgramData\MTA San Andreas All
2013-10-19 02:24 - 2013-10-17 23:54 - 00000000 ____D C:\ProgramData\Mirillis
2013-10-19 02:24 - 2013-06-15 16:44 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-19 02:24 - 2010-03-19 00:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-19 01:42 - 2013-06-05 20:41 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-19 01:37 - 2013-10-19 01:37 - 00000206 _____ C:\Users\Public\Documents\xyfq
2013-10-19 01:34 - 2013-10-19 01:34 - 00000206 _____ C:\ProgramData\ngjeht.lnk
2013-10-19 01:33 - 2013-10-19 01:33 - 00123392 ____H C:\Users\siapxq.tmp
2013-10-19 01:33 - 2013-10-19 01:33 - 00003258 _____ C:\Windows\System32\Tasks\{E8C806C8-317A-4E6B-B541-80E57DCB08A3}
2013-10-19 01:31 - 2013-10-19 01:31 - 00000088 _____ C:\Windows\SysWOW64\13033971088564274865.log
2013-10-19 01:31 - 2013-08-10 11:56 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-19 01:30 - 2013-10-14 20:19 - 00000000 ____D C:\Program Files (x86)\RocketDock
2013-10-19 01:30 - 2013-06-05 18:49 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\Google
2013-10-19 01:29 - 2013-08-16 23:23 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\Akamai
2013-10-19 01:24 - 2013-06-15 18:40 - 00000000 ____D C:\ProgramData\McAfee
2013-10-19 01:21 - 2013-10-19 01:21 - 00000206 _____ C:\Users\Public\Documents\0000001C.lnk
2013-10-19 01:20 - 2013-10-19 01:20 - 00003106 _____ C:\Windows\System32\Tasks\{CB492C11-91A6-44F9-AC2F-E311A3522615}
2013-10-19 01:17 - 2013-10-19 01:17 - 00000206 _____ C:\ProgramData\Updater6.lnk
2013-10-19 01:16 - 2013-10-19 01:16 - 00123392 ____H C:\Users\qtystp.tmp
2013-10-19 01:14 - 2013-10-19 01:13 - 00276888 _____ C:\Windows\Minidump\101913-20467-01.dmp
2013-10-18 23:52 - 2013-10-18 23:52 - 00000000 ____D C:\Windows\system32\MRT
2013-10-18 23:52 - 2013-06-15 18:40 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-18 23:51 - 2013-10-04 16:41 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-18 23:49 - 2013-10-18 23:49 - 00000202 _____ C:\Users\Public\Documents\AIR.lnk
2013-10-18 23:45 - 2013-10-18 23:45 - 00000202 _____ C:\ProgramData\Data1.cab.lnk
2013-10-18 23:43 - 2013-10-18 23:43 - 00123392 ____H C:\Users\jflk.tmp
2013-10-18 23:41 - 2013-10-18 23:41 - 00276888 _____ C:\Windows\Minidump\101813-29390-01.dmp
2013-10-18 23:34 - 2013-09-01 01:10 - 00000000 ____D C:\ProgramData\IDM
2013-10-18 23:34 - 2010-03-19 00:19 - 00000000 ____D C:\ProgramData\Google
2013-10-18 23:33 - 2013-10-18 23:33 - 00000206 _____ C:\Users\Public\Documents\OptimizerPro.exe.lnk
2013-10-18 22:04 - 2013-10-18 22:04 - 00000206 _____ C:\ProgramData\mfdl.lnk
2013-10-18 22:03 - 2013-10-18 22:03 - 00123392 ____H C:\Users\vulhvu.tmp
2013-10-18 22:00 - 2013-10-18 22:00 - 00276888 _____ C:\Windows\Minidump\101813-19531-01.dmp
2013-10-18 21:56 - 2010-03-19 00:18 - 00000000 ____D C:\ProgramData\eMachines
2013-10-18 21:55 - 2013-10-18 21:55 - 00000204 _____ C:\Users\Public\Documents\directories.acrodata.lnk
2013-10-18 21:55 - 2013-06-05 18:47 - 00000000 ____D C:\ProgramData\CyberLink
2013-10-18 21:54 - 2013-06-25 00:29 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-10-18 21:52 - 2013-10-18 21:52 - 00000204 _____ C:\ProgramData\APN-Stub.lnk
2013-10-18 21:52 - 2013-10-13 00:38 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-18 21:51 - 2010-03-19 00:24 - 00000000 ____D C:\ProgramData\Adobe
2013-10-18 21:50 - 2013-10-18 21:50 - 00123392 ____H C:\Users\ocndv.tmp
2013-10-18 21:50 - 2010-03-19 00:09 - 00000000 ____D C:\ProgramData\Acer
2013-10-18 21:49 - 2013-10-18 21:49 - 00099328 __RSH C:\qlpd.exe
2013-10-18 21:48 - 2013-10-18 21:48 - 00000000 ____D C:\Extracted
2013-10-18 16:37 - 2013-08-16 20:46 - 00000000 ____D C:\Users\EMACHINES\minecraft
2013-10-18 15:18 - 2013-10-16 15:00 - 00000000 ____D C:\Program Files (x86)\Mirillis
2013-10-18 15:14 - 2013-10-17 23:54 - 00002936 _____ C:\Windows\windefendam.log
2013-10-18 15:14 - 2013-10-17 23:54 - 00000020 _____ C:\Windows\capsys184523.log
2013-10-17 23:54 - 2013-10-17 23:54 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\Mirillis
2013-10-17 23:54 - 2013-10-16 15:06 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\Mirillis
2013-10-16 15:06 - 2013-10-16 15:06 - 00000000 ____D C:\Users\EMACHINES\Documents\Action!
2013-10-15 00:32 - 2013-10-15 00:32 - 00000000 ____D C:\Users\EMACHINES\Documents\FlashIntegro
2013-10-15 00:32 - 2013-10-15 00:32 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\VideoEditor
2013-10-14 20:27 - 2013-10-14 20:27 - 00000359 _____ C:\Users\EMACHINES\Recycle Bin - Shortcut.lnk
2013-10-14 20:27 - 2013-10-14 20:27 - 00000355 _____ C:\Users\EMACHINES\Computer - Shortcut.lnk
2013-10-14 20:27 - 2013-10-14 20:27 - 00000351 _____ C:\Users\EMACHINES\Network - Shortcut.lnk
2013-10-14 20:27 - 2013-09-05 14:48 - 00000000 ___RD C:\Users\EMACHINES\Emachines
2013-10-13 23:55 - 2013-06-05 19:02 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 23:54 - 2013-06-05 19:02 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-13 01:23 - 2013-10-13 01:23 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-10-13 01:23 - 2013-10-13 01:23 - 00000000 ____D C:\ProgramData\Browser Manager
2013-10-13 01:23 - 2013-06-05 20:40 - 00000000 ____D C:\Program Files (x86)\FreeTime
2013-10-13 00:52 - 2013-10-13 00:41 - 00000000 ____D C:\Users\EMACHINES\Documents\FormatFactory
2013-10-13 00:52 - 2009-07-14 11:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-13 00:42 - 2013-10-13 00:38 - 00000000 ____D C:\FFOutput
2013-10-13 00:26 - 2013-10-13 00:26 - 00000000 ____D C:\Program Files (x86)\Free mp3 Wma Converter
2013-10-12 17:27 - 2013-10-12 17:26 - 00000000 ____D C:\Users\EMACHINES\Fraps v3.4.0 (Full Registered Version) [RH]
2013-10-11 13:05 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 10:03 - 2013-08-20 15:41 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-10-11 10:03 - 2009-07-14 08:45 - 00426840 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 02:44 - 2013-10-11 03:21 - 00112008 _____ C:\Users\EMACHINES\Documents\taxonomy.php
2013-10-11 01:39 - 2013-10-11 01:39 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\SmartFTP
2013-10-11 01:26 - 2013-10-11 01:26 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\SmartFTP
2013-10-11 01:24 - 2013-10-11 01:24 - 00000000 ____D C:\Program Files\SmartFTP Client
2013-10-11 01:23 - 2013-10-11 01:23 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\SmartFTP Client 5.0 Setup
2013-10-11 00:26 - 2013-08-20 15:42 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\IDM
2013-10-11 00:26 - 2013-08-20 15:41 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-10-10 23:38 - 2013-06-05 20:41 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-10 15:22 - 2013-06-07 01:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 15:22 - 2013-06-07 01:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 00:11 - 2013-07-18 05:11 - 00776994 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-08 07:50 - 2013-10-21 23:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-21 23:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-21 23:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-21 23:15 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-05 20:19 - 2010-03-19 00:05 - 00000000 ____D C:\ProgramData\WildTangent
2013-10-04 16:41 - 2013-10-04 16:41 - 00000000 ____D C:\Users\EMACHINES\AppData\Local\LogMeIn
2013-10-01 16:15 - 2013-10-15 00:30 - 00082488 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax
2013-09-28 23:52 - 2013-08-20 15:42 - 00000000 ____D C:\Users\EMACHINES\AppData\Roaming\DMCache
2013-09-28 23:43 - 2013-09-28 23:29 - 00000000 ____D C:\DotNet
2013-09-26 01:46 - 2013-10-18 23:52 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Files to move or delete:
====================
C:\Users\EMACHINES\AppData\Local\Temp\Trojan.exe
 
 
Some content of TEMP:
====================
C:\Users\EMACHINES\AppData\Local\Temp\bdcam_0.dll
C:\Users\EMACHINES\AppData\Local\Temp\bdfilters.dll
C:\Users\EMACHINES\AppData\Local\Temp\htmlayout.dll
C:\Users\EMACHINES\AppData\Local\Temp\i4jdel0.exe
C:\Users\EMACHINES\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\EMACHINES\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-18-ga8c0dc1-b2808jnks.dll
C:\Users\EMACHINES\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\EMACHINES\AppData\Local\Temp\propsys.dll
C:\Users\EMACHINES\AppData\Local\Temp\qfgsr.exe
C:\Users\EMACHINES\AppData\Local\Temp\SRLDetectionLibrary8239631617369324257.dll
C:\Users\EMACHINES\AppData\Local\Temp\tbuTor.dll
C:\Users\EMACHINES\AppData\Local\Temp\Trojan.exe
C:\Users\EMACHINES\AppData\Local\Temp\winljlr.exe
C:\Users\EMACHINES\AppData\Local\Temp\WizeSupp.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-22 15:10
 
==================== End Of Log ============================
 
 
 
This is Addition File:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2013
Ran by EMACHINES at 2013-10-25 14:22:50
Running from C:\Users\EMACHINES\Desktop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Advanced SystemCare Ultimate (Enabled - Up to date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (x32 Version: 11.2.202.160)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Advanced SystemCare Ultimate 6 (x32 Version: 6.1.0)
Advertising Center (x32 Version: 0.0.0.2)
avast! Free Antivirus (x32 Version: 9.0.2006)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
Blasterball 3 (x32 Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82)
Build-a-lot 2 (x32 Version: 2.2.0.82)
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.82)
CyberLink PowerDVD 9 (x32 Version: 9.0.2610.50)
Dolby Axon - 1.5.1.1 (x32 Version: 1.5.1.1)
eMachines Game Console (x32)
eMachines Games (x32 Version: 1.0.0.80)
eMachines Recovery Management (x32 Version: 4.05.3007)
eMachines Registration (x32 Version: 1.02.3006)
eMachines ScreenSaver (x32 Version: 1.1.0812)
eMachines Updater (x32 Version: 1.02.3001)
Escape Rosecliff Island (x32 Version: 2.2.0.82)
Faerie Solitaire (x32 Version: 2.2.0.82)
FATE - The Traitor Soul (x32 Version: 2.2.0.82)
Golden Al-Wafi Translator (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Hotkey Utility (x32 Version: 2.05.3005)
Identity Card (x32 Version: 1.00.3003)
ImagXpress (x32 Version: 7.0.74.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.82)
Intel® Control Center (x32 Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.1968)
IObit Apps Toolbar v8.0 (x32 Version: 8.0)
IObit Malware Fighter (x32 Version: 1.0)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Quest (x32 Version: 2.2.0.82)
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 14.0.8089.726)
K-Lite Codec Pack 6.8.0 (Full) (x32 Version: 6.8.0)
Linksys Dual-Band Wireless-N USB Network Adapter (x32 Version: 1.0.0.1)
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter (x32 Version: 1.0.0.1)
LogMeIn Hamachi (x32 Version: 2.2.0.58)
LSI PCI-SV92EX Soft Modem (Version: 2.2.95)
Mahjongg Artifacts (x32 Version: 2.2.0.82)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Text-to-Speech Engine 4.0 (English) (x32)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (x32 Version: 9.7.0621)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MTA:SA v1.3.4 (x32 Version: v1.3.4)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.6.2.101)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.37.100)
Nero StartSmart Help (x32 Version: 9.4.27.100)
Nero StartSmart OEM (x32 Version: 9.15.0.100)
NeroExpress (x32 Version: 9.4.33.100)
neroxml (x32 Version: 1.0.0)
Notepad++ (x32 Version: 6.2.3)
Penguins! (x32 Version: 2.2.0.82)
Polar Bowler (x32 Version: 2.2.0.82)
Polar Golfer (x32 Version: 2.2.0.82)
Polar Pool (x32 Version: 2.2.0.82)
RealPlayer (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5972)
SmartFTP Client (Version: 5.0.1343.0)
System Requirements Lab CYRI (x32 Version: 6.0.7.0)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Virtual Families (x32 Version: 2.2.0.82)
Virtual Villagers - A New Home (x32 Version: 2.2.0.82)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
Welcome Center (x32 Version: 1.00.3013)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Yahtzee (x32 Version: 2.2.0.82)
Zuma Deluxe (x32 Version: 2.2.0.82)
 
==================== Restore Points  =========================
 
17-10-2013 18:57:27 Removed Action!
17-10-2013 19:29:14 Installed Action!
17-10-2013 19:31:44 Removed TuneUp Utilities 2013
17-10-2013 19:48:21 Removed Action!
17-10-2013 19:51:28 Installed Action!
18-10-2013 11:15:54 Removed Action!
18-10-2013 11:18:30 Installed Action!
18-10-2013 16:08:10 Windows Update
18-10-2013 19:49:24 Windows Update
18-10-2013 21:17:11 Removed Action!
18-10-2013 21:25:47 Removed TuneUp Utilities 2013
18-10-2013 21:26:36 Removed TuneUp Utilities Language Pack (en-US)
18-10-2013 21:34:49 avast! Free Antivirus Setup
18-10-2013 23:25:08 avast! Free Antivirus Setup
18-10-2013 23:31:47 avast! antivirus system restore point
18-10-2013 23:50:57 Restore Operation
19-10-2013 17:42:01 Removed LogMeIn Hamachi
21-10-2013 17:39:41 Installed LogMeIn Hamachi
21-10-2013 18:29:41 Installed AVG 2014
21-10-2013 18:30:21 Installed AVG 2014
21-10-2013 18:36:22 Removed AVG 2014
21-10-2013 19:13:50 Installed Java 7 Update 45
22-10-2013 18:30:44 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2E54FD77-82B6-4FF3-81C1-00376F950A58} - System32\Tasks\{06E56815-B581-4BEE-B5BD-023472B62E73} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.369&LastError=12007
Task: {50140DBD-FBD6-45A1-87F7-D4A2F8251062} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {A2C47BB0-D8DE-4288-8537-4A0A3EE7CAA9} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [2013-07-06] (IObit)
Task: {B57E0C1A-B11E-407F-A693-85126C416996} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
Task: {D272AF0C-4276-4D0A-8384-21D46DC0CAB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {DD775BD3-84B7-4456-99EB-AE4AC81E3040} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\eMachines\eMachines Recovery Management\NotificationCenter\Notification.exe [2009-11-03] (Acer)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-21 21:48 - 2012-04-14 15:41 - 00217944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\bdfltlib.dll
2013-10-21 21:48 - 2012-11-01 10:21 - 00350592 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
2013-10-21 21:48 - 2012-11-01 10:21 - 00182656 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
2013-10-21 21:48 - 2012-11-01 10:21 - 00050048 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
2013-10-21 21:48 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll
2013-10-19 03:32 - 2013-10-19 03:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-21 21:42 - 2012-07-05 13:54 - 01218432 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\Scan.dll
2013-10-21 21:42 - 2010-11-26 12:18 - 00175616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2013-10-21 21:42 - 2011-06-23 13:41 - 00138752 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2013-10-19 15:04 - 2013-10-09 04:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-19 15:04 - 2013-10-09 04:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-19 15:04 - 2013-10-09 04:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-19 15:04 - 2013-10-09 04:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-19 15:04 - 2013-10-09 04:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-19 15:04 - 2013-10-09 04:02 - 13584336 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\EMACHINES\Application Data:NT
AlternateDataStreams: C:\Users\EMACHINES\AppData\Roaming:NT
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/25/2013 00:58:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/24/2013 05:07:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/24/2013 04:24:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/24/2013 04:23:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (10/23/2013 08:59:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/23/2013 08:58:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/23/2013 08:58:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (10/23/2013 08:39:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/22/2013 03:12:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/22/2013 03:11:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (10/25/2013 00:46:27 PM) (Source: Service Control Manager) (User: )
Description: The vcs service failed to start due to the following error: 
%%3
 
Error: (10/25/2013 00:46:27 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
 
Error: (10/25/2013 00:46:24 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service depends the following service: aswMonFlt. This service might not be installed.
 
Error: (10/24/2013 03:46:03 PM) (Source: Service Control Manager) (User: )
Description: The vcs service failed to start due to the following error: 
%%3
 
Error: (10/24/2013 03:46:03 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
 
Error: (10/24/2013 03:46:00 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service depends the following service: aswMonFlt. This service might not be installed.
 
Error: (10/23/2013 11:56:24 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer USER-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA365178-5CC6-4ED0-9058-088991B41343}.
The master browser is stopping or an election is being forced.
 
Error: (10/23/2013 08:04:16 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer USER-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CA365178-5CC6-4ED0-9058-088991B41343}.
The master browser is stopping or an election is being forced.
 
Error: (10/23/2013 08:02:13 PM) (Source: Service Control Manager) (User: )
Description: The vcs service failed to start due to the following error: 
%%3
 
Error: (10/23/2013 08:02:13 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 67%
Total physical RAM: 2013.24 MB
Available physical RAM: 655.14 MB
Total Pagefile: 4026.48 MB
Available Pagefile: 2165.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (eMachines) (Fixed) (Total:277.99 GB) (Free:187.17 GB) NTFS
Drive g: (OSAMA) (Removable) (Total:3.73 GB) (Free:1.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 72B6EEAA)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=278 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

I recommend that you UNinstall/remove anything to do with IOBit or Advanced System Care:

 

http://forums.malwarebytes.org/index.php?showtopic=30989

 

http://shanegowland.com/opinions/2012/iobit-is-a-sucky-company/

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from the following link and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Kevin...

 

fixlist.txt

Link to post
Share on other sites

This is Fixlog file and I have deleted IOBit

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2013 01
Ran by EMACHINES at 2013-10-27 02:09:15 Run:1
Running from C:\Users\EMACHINES\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKCU\...\Run: [5cd8f17f4086744065eb0992a09e05a2] - C:\Users\EMACHINES\AppData\Local\Temp\Trojan.exe [179712 2013-09-17] () <===== ATTENTION
C:\Users\EMACHINES\AppData\Local\Temp\Trojan.exe 
HKLM-x32\...\Run: [searchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1365824 2013-10-10] (Spigot, Inc.)
C:\Program Files (x86)\Common Files\Spigot
IMEO\bitguard.exe: [Debugger] tasklist.exe
IMEO\bprotect.exe: [Debugger] tasklist.exe
IMEO\browsemngr.exe: [Debugger] tasklist.exe
IMEO\browserdefender.exe: [Debugger] tasklist.exe
IMEO\browsermngr.exe: [Debugger] tasklist.exe
IMEO\browserprotect.exe: [Debugger] tasklist.exe
IMEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IMEO\cltmngsvc.exe: [Debugger] tasklist.exe
IMEO\delta babylon.exe: [Debugger] tasklist.exe
IMEO\delta tb.exe: [Debugger] tasklist.exe
IMEO\delta2.exe: [Debugger] tasklist.exe
IMEO\deltainstaller.exe: [Debugger] tasklist.exe
IMEO\deltasetup.exe: [Debugger] tasklist.exe
IMEO\deltatb.exe: [Debugger] tasklist.exe
IMEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IMEO\iminentsetup.exe: [Debugger] tasklist.exe
IMEO\rjatydimofu.exe: [Debugger] tasklist.exe
IMEO\sweetimsetup.exe: [Debugger] tasklist.exe
IMEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
S2 vcs; \??\C:\Users\EMACHINES\Downloads\avch3\vcs.sys [x]
2013-10-19 03:21 - 2013-10-19 03:21 - 00000206 _____ C:\ProgramData\htsykd
2013-10-19 03:19 - 2013-10-19 03:19 - 00123392 ____H C:\Users\vjgumr.tmp
2013-10-19 01:37 - 2013-10-19 01:37 - 00000206 _____ C:\Users\Public\Documents\xyfq
2013-10-19 01:34 - 2013-10-19 01:34 - 00000206 _____ C:\ProgramData\ngjeht.lnk
2013-10-19 01:33 - 2013-10-19 01:33 - 00123392 ____H C:\Users\siapxq.tmp
2013-10-19 01:21 - 2013-10-19 01:21 - 00000206 _____ C:\Users\Public\Documents\0000001C.lnk
2013-10-19 01:17 - 2013-10-19 01:17 - 00000206 _____ C:\ProgramData\Updater6.lnk
2013-10-19 01:16 - 2013-10-19 01:16 - 00123392 ____H C:\Users\qtystp.tmp
2013-10-18 23:45 - 2013-10-18 23:45 - 00000202 _____ C:\ProgramData\Data1.cab.lnk
2013-10-18 23:43 - 2013-10-18 23:43 - 00123392 ____H C:\Users\jflk.tmp
2013-10-18 22:04 - 2013-10-18 22:04 - 00000206 _____ C:\ProgramData\mfdl.lnk
2013-10-18 22:03 - 2013-10-18 22:03 - 00123392 ____H C:\Users\vulhvu.tmp
2013-10-18 21:50 - 2013-10-18 21:50 - 00123392 ____H C:\Users\ocndv.tmp
2013-10-18 21:49 - 2013-10-18 21:49 - 00099328 __RSH C:\qlpd.exe
C:\Users\EMACHINES\AppData\Local\Temp\bdcam_0.dll
C:\Users\EMACHINES\AppData\Local\Temp\bdfilters.dll
C:\Users\EMACHINES\AppData\Local\Temp\htmlayout.dll
C:\Users\EMACHINES\AppData\Local\Temp\i4jdel0.exe
C:\Users\EMACHINES\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\EMACHINES\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-18-ga8c0dc1-b2808jnks.dll
C:\Users\EMACHINES\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\EMACHINES\AppData\Local\Temp\propsys.dll
C:\Users\EMACHINES\AppData\Local\Temp\qfgsr.exe
C:\Users\EMACHINES\AppData\Local\Temp\SRLDetectionLibrary8239631617369324257.dll
C:\Users\EMACHINES\AppData\Local\Temp\tbuTor.dll
C:\Users\EMACHINES\AppData\Local\Temp\Trojan.exe
C:\Users\EMACHINES\AppData\Local\Temp\winljlr.exe
C:\Users\EMACHINES\AppData\Local\Temp\WizeSupp.dll
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\EMACHINES\Application Data:NT
AlternateDataStreams: C:\Users\EMACHINES\AppData\Roaming:NT
End
 
 
 
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\5cd8f17f4086744065eb0992a09e05a2 => Value deleted successfully.
C:\Users\EMACHINES\AppData\Local\Temp\Trojan.exe  => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchSettings => Value deleted successfully.
C:\Program Files (x86)\Common Files\Spigot => Moved successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key deleted successfully.
FairplayKD => Service deleted successfully.
vcs => Service deleted successfully.
C:\ProgramData\htsykd => Moved successfully.
C:\Users\vjgumr.tmp => Moved successfully.
C:\Users\Public\Documents\xyfq => Moved successfully.
C:\ProgramData\ngjeht.lnk => Moved successfully.
C:\Users\siapxq.tmp => Moved successfully.
C:\Users\Public\Documents\0000001C.lnk => Moved successfully.
C:\ProgramData\Updater6.lnk => Moved successfully.
C:\Users\qtystp.tmp => Moved successfully.
C:\ProgramData\Data1.cab.lnk => Moved successfully.
C:\Users\jflk.tmp => Moved successfully.
C:\ProgramData\mfdl.lnk => Moved successfully.
C:\Users\vulhvu.tmp => Moved successfully.
C:\Users\ocndv.tmp => Moved successfully.
C:\qlpd.exe => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\bdcam_0.dll => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\bdfilters.dll => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R0.1-b2771jnks.dll => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-18-ga8c0dc1-b2808jnks.dll => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\propsys.dll => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\qfgsr.exe => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\SRLDetectionLibrary8239631617369324257.dll => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\tbuTor.dll => Moved successfully.
"C:\Users\EMACHINES\AppData\Local\Temp\Trojan.exe" => File/Directory not found.
C:\Users\EMACHINES\AppData\Local\Temp\winljlr.exe => Moved successfully.
C:\Users\EMACHINES\AppData\Local\Temp\WizeSupp.dll => Moved successfully.
C:\ProgramData => ":NT" ADS removed successfully.
"C:\Users\All Users" => ":NT" ADS not found.
"C:\ProgramData\Application Data" => ":NT" ADS not found.
C:\ProgramData\MTA San Andreas All => ":NT" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
"C:\Users\EMACHINES\Application Data" => ":NT" ADS not found.
C:\Users\EMACHINES\AppData\Roaming => ":NT" ADS removed successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Hello

 

Sorry the PC got restarted and forgot to attach the report!

 

Can you tell me my situation? I am in safe or what?

because I am not opening my email and other websites

accounts because I fear the virus may steal it or something

 

 

This is Malwarebytes Log:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.26.09

 

Windows 7 x64 NTFS

Internet Explorer 10.0.9200.16721

EMACHINES :: EMACHINES-PC [administrator]

 

10/27/2013 2:13:40 AM

mbam-log-2013-10-27 (02-13-40).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218864

Time elapsed: 6 minute(s), 34 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F30E526F-2366-23C2-B029-59EE2F8663A4} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9229D105-791B-6967-6B36-3E53C39B3F14} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

 

Folders Detected: 2

C:\ProgramData\InstallMate\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\CT3289075 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

Files Detected: 73

C:\ProgramData\InstallMate\{2DFECF8B-7131-44D9-A632-3913F61DED7D}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\InstallMate\{2DFECF8B-7131-44D9-A632-3913F61DED7D}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\InstallMate\{D2FBA62A-38FF-42E1-A00A-70DD091884DC}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\InstallMate\{D2FBA62A-38FF-42E1-A00A-70DD091884DC}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe (Trojan.Facebook) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\7B60.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\DA19.tmp (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\EEE1.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\00294823\ZfjiS6gS2uA.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\8C692489-BAB0-7891-B85E-39B5F45AA452\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\8C692489-BAB0-7891-B85E-39B5F45AA452\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\8C692489-BAB0-7891-B85E-39B5F45AA452\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\8C692489-BAB0-7891-B85E-39B5F45AA452\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\8C692489-BAB0-7891-B85E-39B5F45AA452\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus117D\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus1257\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus14E7\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus1737\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus1BC9\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus2210\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus279C\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus28F\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus2FF5\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus318B\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus3A03\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus63D1\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus6E3\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus702\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus7A8C\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\bus991\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busA488\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busAA23\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busAFAF\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busB38B\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busB73D\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busC35E\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busC8F9\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busCEB\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busD648\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busD8B2\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busD99C\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busDFA4\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busE13A\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busEB76\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busEC51\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busF23A\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busF517\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busF71A\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\busF842\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\EEC8CD52-BAB0-7891-BC61-44679A9A1F72\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\EEC8CD52-BAB0-7891-BC61-44679A9A1F72\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\EEC8CD52-BAB0-7891-BC61-44679A9A1F72\Latest\ccp.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\EEC8CD52-BAB0-7891-BC61-44679A9A1F72\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\EEC8CD52-BAB0-7891-BC61-44679A9A1F72\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\EEC8CD52-BAB0-7891-BC61-44679A9A1F72\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\nsoF10B.tmp\nsu19B4.tmp\SetupDataMngr_Koyote.exe (PUP.Optional.MoviesToolbar.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\updDE46\BabMaint.x (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\Local Settings\Temporary Internet Files\Content.IE5\7A6IPBNG\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\Local Settings\Temporary Internet Files\Content.IE5\EVIGFNUS\iobitappsToolbar[1].msi (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\Local Settings\Temporary Internet Files\Content.IE5\GB9WJ4T7\DKJaxbgkzu[1].exe (PUP.Optional.PreLoader.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\Local Settings\Temporary Internet Files\Content.IE5\GVQA2WW9\search_defender_166[1].exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\Local Settings\Temporary Internet Files\Content.IE5\IOMNRZX7\agent_setup[1].exe (PUP.Optional.BetterSoft.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\Local Settings\Temporary Internet Files\Content.IE5\IOMNRZX7\pack[2].7z (PUP.Optional.BrowserProtect.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\Local Settings\Temporary Internet Files\Content.IE5\S7S8X4W3\alnaddyToolbar[1].exe (Adware.Toolbar) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\Local Settings\Temporary Internet Files\Content.IE5\S7S8X4W3\alnaddy_arab_new[1].exe (PUP.Optional.AlNaddy) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\Local Settings\Temporary Internet Files\Content.IE5\S7S8X4W3\search_defender_166[1].exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.

C:\Windows\Installer\157789.msi (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\Trojan.exe.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\ProgramData\InstallMate\OptimizerPro\Log.db.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\CT3289075\CT3289075.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\CT3289075\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\CT3289075\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\EMACHINES\AppData\Local\Temp\CT3289075\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

(end)

Link to post
Share on other sites

By the way.. see what I have got from Windows

 

Remove the Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm virus from your PC

This problem was caused by Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm, a known computer virus.

To prevent this problem from occurring again, install and run an up-to-date antivirus and antispyware program on your computer...

 

2diq52g.jpg

Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Also run this:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs...

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.