Jump to content

Help! AFP Ransomware and other potential issues...


Jesta

Recommended Posts

So I was browsing earlier today when a message claiming my computer had been locked and  details would be sent to the AFP (Aus Federal Police).  I immediately closed that whole browsing window even though I didn't believe it, and googled "your computer has been locked .gov.au" and this led me to reading about this ransomware, Although I don't remember seeing the message about paying a ransom it may have appeared and closed aswell? I may have avoided this, but i'm not so sure...  I'm not keen to restart this p.c until I can be sure it won't lock me out!  I have since updated and ran malwarebytes, and also got lots of results for pup.optional.advancedsystemprotector   So, to cut a long story short, I've ended up here to sort out this box once and for all (hopefully!)  I have downloaded and ran dds and will post the two logs generated below.  Many, many thanks in advance to anyone who has the knowledge and time to help/advise me through this...

 

dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455  BrowserJavaVersion: 10.25.2
Run by ANTHONY at 19:19:33 on 2013-11-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.16367.12013 [GMT 11:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Workrave] C:\Program Files (x86)\Workrave\lib\workrave.exe
uRun: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
uRun: [AdobeBridge] <no file>
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\ANTHONY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll



TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A4907A48-81FB-4462-B77D-9BFECBED98CA} : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-20 00:07; eMuleSearch@Starko; C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\extensions\eMuleSearch@Starko.xpi
FF - ExtSQL: 2013-10-04 21:21; fox@replace.fx; C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\extensions\fox@replace.fx.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-3 52760]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-12 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-12 912504]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-5-24 1160824]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120602.001\IDSviA64.sys [2012-6-5 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-12 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-12 386168]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-25 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-26 92216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-4-25 625304]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-10-25 1127448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-30 378472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-25 2656280]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-9-29 33872]
R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2012-9-29 33888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-5 138912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-23 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-25 412776]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/24 11:42:23;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-26 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2012-9-29 33888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-25 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: vlc.exe: tralih="C:\Program Files (x86)\Trader's Little Helper\tralih.exe" /2 "%1"
.
=============== Created Last 30 ================
.
2013-11-02 07:49:41    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A63B5A1-E6EE-4149-9BC0-CE4E04EE0984}\offreg.dll
2013-11-02 07:49:14    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A63B5A1-E6EE-4149-9BC0-CE4E04EE0984}\mpengine.dll
2013-11-01 04:00:27    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-30 11:02:32    --------    d-----w-    C:\Live Music
2013-10-25 06:22:20    --------    d-----w-    C:\Users\ANTHONY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-10-20 10:27:03    --------    d-----w-    C:\Users\ANTHONY\AppData\Roaming\NVIDIA
2013-10-20 10:18:38    --------    d-----w-    C:\ProgramData\regid.1986-12.com.adobe
2013-10-17 23:30:53    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6945392-9A81-4950-86D3-FBE8935A1C8F}\gapaengine.dll
2013-10-13 11:14:00    --------    d-----w-    C:\Users\ANTHONY\AppData\Roaming\Tangent3D
2013-10-13 11:13:12    356352    ----a-w-    C:\Windows\eSellerateEngine.dll
2013-10-13 11:12:55    --------    d-----w-    C:\Program Files (x86)\Tangent3D
2013-10-13 09:48:40    --------    d-----w-    C:\Users\ANTHONY\AppData\Roaming\Photo! 3D Album
2013-10-13 05:40:10    --------    d-----w-    C:\Users\ANTHONY\AppData\Roaming\Photo! 3D ScreenSaver
2013-10-13 05:40:03    3939328    ----a-w-    C:\Windows\Photo! 3D ScreenSaver.scr
2013-10-13 05:40:02    --------    d-----w-    C:\Program Files (x86)\Photo!
2013-10-07 14:21:51    --------    d-----w-    C:\Program Files (x86)\FLAC
2013-10-07 14:16:36    --------    d-----w-    C:\Users\ANTHONY\AppData\Roaming\foobar2000
2013-10-07 14:16:28    --------    d-----w-    C:\Program Files (x86)\foobar2000
2013-10-05 00:16:59    --------    d-----w-    C:\Users\ANTHONY\AppData\Roaming\EAC
2013-10-05 00:16:57    --------    d-----w-    C:\Users\ANTHONY\AppData\Roaming\AccurateRip
2013-10-05 00:16:52    --------    d-----w-    C:\Program Files (x86)\Exact Audio Copy
.
==================== Find3M  ====================
.
2013-10-09 12:16:40    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 12:16:40    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-04 15:43:42    45880    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2012-11-20 12:02:36    13529576    ----a-w-    C:\Program Files\mseinstall.exe
2012-11-20 08:51:23    4011968    ----a-w-    C:\Program Files\ccsetup324.exe
2012-11-20 07:14:38    17969696    ----a-w-    C:\Program Files\Windows-KB890830-x64-V4.14.exe
2012-11-13 08:35:13    4424392    ----a-w-    C:\Program Files\avg_isct_stb_all_2013_2793.exe
2012-09-15 01:29:17    13541464    ----a-w-    C:\Program Files\FlvEditor_Lite.exe
2012-04-07 04:36:29    1805736    ----a-w-    C:\Program Files\FixZeroAccess.exe
2012-03-03 12:23:08    389158    ----a-w-    C:\Program Files\talkany.exe
2009-03-21 08:24:12    421376    ----a-w-    C:\Program Files\8270sim.msi
2008-11-03 01:37:34    12590683    ----a-w-    C:\Program Files (x86)\D-Fend-Reloaded-0.6.1-Setup.exe
2008-10-30 02:20:59    1258638    ----a-w-    C:\Program Files (x86)\DOSBox0.72-win32-installer.exe
2008-08-11 16:15:16    409703    ----a-w-    C:\Program Files (x86)\ChuckieEgg-1.1-setup.exe
2008-03-14 01:20:47    14173865    ----a-w-    C:\Program Files (x86)\klcodec380f.exe
2007-10-19 11:40:19    5070680    ----a-w-    C:\Program Files (x86)\karafun_117a.exe
.
============= FINISH: 19:23:54.01 ===============
 

 

 

attach.txt:

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/01/2012 12:21:04 AM
System Uptime: 30/10/2013 6:25:12 PM (73 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AB6
Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 1598/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1850 GiB total, 156.801 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.564 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 931 GiB total, 35.996 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP310: 2/11/2013 6:37:42 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Shockwave Player 11.6
Advanced System Protector
Agatha Christie - Peril at End House
Any Video Recorder version 1.0.0
Applian FLV and Media Player 3.1.1.12
µTorrent
Audacity 2.0.2
AVG 2013
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Build-a-lot 2
Cake Mania
CCleaner
Chuzzle Deluxe
CyberLink Media Suite Premium
CyberLink PowerDVD 10
D3DX10
Diner Dash 2 Restaurant Rescue
DisplayFusion 3.4.1
Dora's World Adventure
e-tax 2012
e-tax 2013
eMule
Exact Audio Copy 1.0beta3
Farm Frenzy
FATE - The Traitor Soul
Final Drive Nitro
FLAC 1.2.1b (remove only)
foobar2000 v1.2.9
Google Chrome
Google Earth
Google Update Helper
HiDownloadPlatinum
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Games
HP LinkUp
HP Odometer
HP Photo Creations
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPAsset component for HP Active Support Library
IDT Audio
Image Armada
ImgBurn
Intel® Management Engine Components
ISO to USB
Java 7 Update 25
Java Auto Updater
Java 6 Update 22
JDownloader 0.9
JDownloader 2
Junk Mail filter update
K-Lite Mega Codec Pack 8.2.0
Kobo
LabelPrint
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Media Browser
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Moovida 2.1.1.28
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Norton Internet Security
Norton Online Backup
NVIDIA 3D Vision Driver 267.95
NVIDIA Control Panel 267.95
NVIDIA Graphics Driver 267.95
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenOffice.org 3.3
Pandora Service
Pazera Free Audio Extractor 1.4
PDF Complete Special Edition
PDF Settings CS6
PeerBlock 1.1 (r518)
Penguins!
Photo Browser 2.31
Photo! 3D Album and Photo! 3D ScreenSaver 1.2
Photo! 3D ScreenSaver 1.0
PhotoNow!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
RadioMaximus 1.80
Recovery Manager
Recuva
Remote Graphics Receiver
Replay Media Catcher 4 (4.4.4)
Replay Video Capture 6
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Slingo Supreme
SonicStage 4.3
StreamTransport version: 1.0.2.2171
swMSM
Trader's Little Helper 2.7.0
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2010 x64 Redistributables
VLC media player 1.1.11
WildTangent Games App (HP Games)
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinHTTrack Website Copier 3.47-21 (x64)
WinPcap 4.1.2
WinRAR 4.11 (64-bit)
WM Recorder
Workrave 1.9.4
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
30/10/2013 12:25:07 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
29/10/2013 6:47:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.965.0).
29/10/2013 6:47:04 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.161.855.0      Update Source: Microsoft Update Server      Update Stage: Install      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10003.0      Error code: 0x80070643      Error description: Fatal error during installation.
26/10/2013 9:55:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.762.0).
26/10/2013 9:55:26 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.161.676.0      Update Source: Microsoft Update Server      Update Stage: Install      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10003.0      Error code: 0x80070643      Error description: Fatal error during installation.
2/11/2013 9:06:50 AM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
2/11/2013 6:38:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1273.0).
2/11/2013 6:38:29 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.161.1207.0      Update Source: Microsoft Update Server      Update Stage: Install      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10003.0      Error code: 0x80070643      Error description: Fatal error during installation.
2/11/2013 3:42:59 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

There are 3 security systems installed on your system, MSE, AVG and Norton. That is counterproductive, you must uninstall two of those at your earliest convenience..

 

If you see the ransomware screen select Alt and F4 keys together, you should get the option to close that service, do so then run your AV and then Malwarebytes.

 

If possible run the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Thanks for the prompt reply Kevin, I will do as you asked and post the logs generated in this reply.  I would also ask your advice on the Multiple security systems I have, I believe I have just uninstalled Norton, (although it asked for a restart, which I have postponed) but did not know I had MSE on here too, which one of the remaining two would you suggest I persist with? (or something else altogether?)  I downloaded farbar before removing? norton, but will run it now...

 

My other question involves the p2p warning, is this just a standard issue warning? I do run uT, and jD but believe both are totally disabled currently?, if not, please tell me and they shall be uninstalled in needed, Thanks.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by ANTHONY (administrator) on ANTHONY-HP on 02-11-2013 21:39:59
Running from C:\Users\ANTHONY\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [2788792 2012-01-03] (Binary Fortress Software)
HKCU\...\Run: [Workrave] - C:\Program Files (x86)\Workrave\lib\Workrave.exe [3871246 2011-03-24] (The Workrave development team)
HKCU\...\Run: [News.net] - C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
MountPoints2: {f1603848-e79e-11e2-b5f6-38607767e763} - K:\AutoRun.exe
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Startup: C:\Users\ANTHONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.net/index.php?referid=130
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/51
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/51
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/51
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/51
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/51
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011
FF user.js: detected! => C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\user.js
FF NetworkProxy: "http", "54.250.202.126"
FF NetworkProxy: "http_port", 80
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: DownloadHelper - C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: artur.dubovoy - C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: eMuleSearch - C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\Extensions\eMuleSearch@Starko.xpi
FF Extension: fox - C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\Extensions\fox@replace.fx.xpi
FF Extension: newtabtools - C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\Extensions\newtabtools@darktrojan.net.xpi
FF Extension: Adblock Plus - C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: dta - C:\Users\ANTHONY\AppData\Roaming\Mozilla\Firefox\Profiles\1t5wziu1.default-1365399314011\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKCU\...\Firefox\Extensions: [{993BD851-7FF4-11E1-826D-B8AC6F996F26}] - C:\Users\ANTHONY\AppData\Local\{993BD851-7FF4-11E1-826D-B8AC6F996F26}\
FF Extension: Translate This! - C:\Users\ANTHONY\AppData\Local\{993BD851-7FF4-11E1-826D-B8AC6F996F26}\

Chrome:
=======

CHR RestoreOnStartup:         "urls_to_restore_on_startup": [
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\ANTHONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ANTHONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ANTHONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\ANTHONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (in my words) - C:\Users\ANTHONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifallpipodahhpbnemkhiddofdkhlekg\0.0.4_0
CHR Extension: (Gmail) - C:\Users\ANTHONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-26] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-26] (CACE Technologies, Inc.)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 bnmvqsal; \??\C:\Windows\system32\drivers\bnmvqsal.sys [x]
S1 cbmmgfkf; \??\C:\Windows\system32\drivers\cbmmgfkf.sys [x]
S1 docoypau; \??\C:\Windows\system32\drivers\docoypau.sys [x]
S1 eatdazpk; \??\C:\Windows\system32\drivers\eatdazpk.sys [x]
S1 egyjgdvm; \??\C:\Windows\system32\drivers\egyjgdvm.sys [x]
S1 evwlkgzo; \??\C:\Windows\system32\drivers\evwlkgzo.sys [x]
S1 holaojum; \??\C:\Windows\system32\drivers\holaojum.sys [x]
R4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120602.001\IDSvia64.sys [x]
S1 ivxeredh; \??\C:\Windows\system32\drivers\ivxeredh.sys [x]
S1 jdcyewod; \??\C:\Windows\system32\drivers\jdcyewod.sys [x]
S1 jdxfnukc; \??\C:\Windows\system32\drivers\jdxfnukc.sys [x]
S1 kawlaoko; \??\C:\Windows\system32\drivers\kawlaoko.sys [x]
S1 lvrwgxam; \??\C:\Windows\system32\drivers\lvrwgxam.sys [x]
S1 ncyxfomy; \??\C:\Windows\system32\drivers\ncyxfomy.sys [x]
S1 nmhforhe; \??\C:\Windows\system32\drivers\nmhforhe.sys [x]
S1 nptswtvy; \??\C:\Windows\system32\drivers\nptswtvy.sys [x]
S1 nwqbecfo; \??\C:\Windows\system32\drivers\nwqbecfo.sys [x]
S1 paaymtnk; \??\C:\Windows\system32\drivers\paaymtnk.sys [x]
S1 pzwbdbmg; \??\C:\Windows\system32\drivers\pzwbdbmg.sys [x]
S1 qamveufs; \??\C:\Windows\system32\drivers\qamveufs.sys [x]
S1 qthejvmh; \??\C:\Windows\system32\drivers\qthejvmh.sys [x]
S1 rdsxzdma; \??\C:\Windows\system32\drivers\rdsxzdma.sys [x]
S1 shgkbbsy; \??\C:\Windows\system32\drivers\shgkbbsy.sys [x]
R4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [x]
R4 SymDS; system32\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
R4 SymEFA; system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
R4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [x]
S1 tpkxervk; \??\C:\Windows\system32\drivers\tpkxervk.sys [x]
S1 urzehckf; \??\C:\Windows\system32\drivers\urzehckf.sys [x]
S1 uupgrhck; \??\C:\Windows\system32\drivers\uupgrhck.sys [x]
S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [x]
S3 zgwhsmdm; system32\DRIVERS\zgwhsmdm.sys [x]
S3 zgwhsnmea; system32\DRIVERS\zgwhsnmea.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: NETw5x32 -> No ServiceDLL Path.

==================== One Month Created Files and Folders ========

2013-11-02 21:39 - 2013-11-02 21:39 - 00000000 ____D C:\FRST
2013-11-02 21:29 - 2013-11-02 21:29 - 00068784 _____ C:\Users\ANTHONY\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 21:25 - 2013-11-02 21:26 - 01957098 _____ (Farbar) C:\Users\ANTHONY\Desktop\FRST64.exe
2013-11-02 19:24 - 2013-11-02 19:38 - 00019597 _____ C:\Users\ANTHONY\Desktop\dds.txt
2013-11-02 19:24 - 2013-11-02 19:38 - 00009058 _____ C:\Users\ANTHONY\Desktop\attach.txt
2013-11-02 19:06 - 2013-11-02 19:06 - 00688992 ____R (Swearware) C:\Users\ANTHONY\Desktop\dds.com
2013-11-02 15:57 - 2013-11-02 15:57 - 00002230 _____ C:\Users\ANTHONY\Desktop\RKreport[0]_S_11022013_155732.txt
2013-11-02 15:55 - 2013-11-02 15:55 - 00003469 _____ C:\Users\ANTHONY\Desktop\RKreport[0]_D_11022013_155500.txt
2013-11-02 15:53 - 2013-11-02 15:53 - 00003532 _____ C:\Users\ANTHONY\Desktop\RKreport[0]_S_11022013_155351.txt
2013-11-02 15:50 - 2013-11-02 16:03 - 00000000 ____D C:\Users\ANTHONY\Desktop\RK_Quarantine
2013-11-02 15:48 - 2013-11-02 15:50 - 04012032 _____ C:\Users\ANTHONY\Downloads\RogueKillerX64.exe
2013-11-02 15:44 - 2013-11-02 15:44 - 00000000 ____D C:\Users\ANTHONY\Downloads\Bret Michaels - Las Vegas, NV - 11-28-08
2013-11-02 15:43 - 2013-11-02 15:43 - 00000000 ____D C:\Users\ANTHONY\Downloads\Concrete Blonde - Philadelphia, PA - 07-11-90
2013-11-02 15:43 - 2013-11-02 15:43 - 00000000 ____D C:\Users\ANTHONY\Downloads\Alice In Chains - Toronto, Ont - 11-29-92
2013-11-02 15:43 - 2013-11-02 15:43 - 00000000 ____D C:\Users\ANTHONY\Downloads\Alice In Chains - Boston, MA - 11-27-92
2013-11-02 15:42 - 2013-11-02 15:42 - 00000000 ____D C:\Users\ANTHONY\Downloads\Concrete Blonde - Melbourne, AU - 03-02-88
2013-11-02 15:41 - 2013-11-02 15:44 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\ANTHONY\Downloads\tdsskiller.exe
2013-11-02 13:18 - 2013-11-02 14:35 - 85234468 _____ C:\Users\ANTHONY\Downloads\NIN.PretHateMachDemos.FLAC.by.TUBE.zip.part
2013-11-01 21:58 - 2013-11-01 21:58 - 00015208 _____ C:\Users\ANTHONY\Downloads\[kickass.to]extreme.couponing.s03e04.all.stars.antoinette.vs.judy.hdtv.xvid.lmao.avi.torrent
2013-11-01 21:58 - 2013-11-01 21:58 - 00014951 _____ C:\Users\ANTHONY\Downloads\[kickass.to]extreme.couponing.s01e01.jaime.and.tiffany.hdtv.xvid.momentum.torrent
2013-11-01 18:23 - 2013-10-29 13:30 - 00000000 ____D C:\Users\ANTHONY\Downloads\Pearl Jam - First Niagara Centre, Buffalo, 12 October 2013
2013-10-31 23:45 - 2013-11-02 15:43 - 00000000 ____D C:\Users\ANTHONY\Downloads\Australian Pink Floyd - Croydon, GB - 07-29-09
2013-10-30 12:27 - 2013-10-30 13:00 - 222921640 _____ C:\Users\ANTHONY\Downloads\houseofbootlegs_AB20131021 HydroGlasgow.rar.part
2013-10-25 17:22 - 2013-10-25 17:22 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-10-25 17:17 - 2013-10-29 01:13 - 00001456 _____ C:\Users\ANTHONY\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-10-25 17:14 - 2013-10-25 17:14 - 00000000 ____D C:\Users\ANTHONY\Documents\Adobe
2013-10-25 16:51 - 2013-10-25 16:51 - 02440049 _____ C:\Users\ANTHONY\Documents\664969388001_2767123801001_8018555-20131025-094435-VIDEO-FULL.mp4
2013-10-21 19:49 - 2013-10-21 19:50 - 00000000 ____D C:\Users\ANTHONY\Downloads\Pshop psd
2013-10-20 21:27 - 2013-10-20 21:27 - 00003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ANTHONY-HP-ANTHONY
2013-10-20 21:27 - 2013-10-20 21:27 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\NVIDIA
2013-10-20 21:18 - 2013-10-20 21:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-20 21:17 - 2013-10-20 21:32 - 00000000 ____D C:\Program Files\Adobe
2013-10-20 21:15 - 2013-10-20 21:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-20 21:14 - 2013-10-20 21:18 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-13 22:14 - 2013-10-13 22:14 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\Tangent3D
2013-10-13 22:13 - 2013-10-13 22:14 - 00000000 ____D C:\Users\ANTHONY\Documents\Image Armada
2013-10-13 22:13 - 2013-10-13 22:13 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2013-10-13 22:13 - 2013-10-13 22:13 - 00001281 _____ C:\Users\Public\Desktop\Image Armada Builder.lnk
2013-10-13 22:13 - 2013-10-13 22:13 - 00001274 _____ C:\Users\Public\Desktop\Image Armada Viewer.lnk
2013-10-13 22:13 - 2013-10-13 22:13 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image Armada
2013-10-13 22:12 - 2013-10-13 22:12 - 00000000 ____D C:\Program Files (x86)\Tangent3D
2013-10-13 20:48 - 2013-10-13 20:49 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\Photo! 3D Album
2013-10-13 20:48 - 2013-10-13 20:48 - 00001202 _____ C:\Users\ANTHONY\Desktop\Photo! 3D Album.lnk
2013-10-13 16:40 - 2013-10-13 20:48 - 00000821 _____ C:\Users\ANTHONY\Desktop\Photo! 3D ScreenSaver.lnk
2013-10-13 16:40 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\Photo!
2013-10-13 16:40 - 2013-10-13 20:32 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\Photo! 3D ScreenSaver
2013-10-13 16:40 - 2008-09-15 16:49 - 03939328 _____ (VicMan Software) C:\Windows\Photo! 3D ScreenSaver.scr
2013-10-13 16:33 - 2013-10-13 16:37 - 34533165 _____ (                                                            ) C:\Users\ANTHONY\Desktop\p3dalbuminst.exe
2013-10-08 01:21 - 2013-10-08 01:21 - 00001868 _____ C:\Users\Public\Desktop\FLAC Frontend.lnk
2013-10-08 01:21 - 2013-10-08 01:21 - 00000000 ____D C:\Program Files (x86)\FLAC
2013-10-08 01:16 - 2013-10-08 01:26 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\foobar2000
2013-10-08 01:16 - 2013-10-08 01:16 - 00001037 _____ C:\Users\Public\Desktop\foobar2000.lnk
2013-10-08 01:16 - 2013-10-08 01:16 - 00000000 ____D C:\Program Files (x86)\foobar2000
2013-10-05 11:16 - 2013-10-05 11:18 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\AccurateRip
2013-10-05 11:16 - 2013-10-05 11:17 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\EAC
2013-10-05 11:16 - 2013-10-05 11:16 - 00001076 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk
2013-10-05 11:16 - 2013-10-05 11:16 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy

==================== One Month Modified Files and Folders =======

2013-11-02 21:39 - 2013-11-02 21:39 - 00000000 ____D C:\FRST
2013-11-02 21:37 - 2012-01-28 10:05 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\DisplayFusion
2013-11-02 21:29 - 2013-11-02 21:29 - 00068784 _____ C:\Users\ANTHONY\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 21:28 - 2011-10-25 05:44 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-11-02 21:26 - 2013-11-02 21:25 - 01957098 _____ (Farbar) C:\Users\ANTHONY\Desktop\FRST64.exe
2013-11-02 21:16 - 2013-08-13 00:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-02 21:12 - 2012-03-17 14:24 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-02 19:38 - 2013-11-02 19:24 - 00019597 _____ C:\Users\ANTHONY\Desktop\dds.txt
2013-11-02 19:38 - 2013-11-02 19:24 - 00009058 _____ C:\Users\ANTHONY\Desktop\attach.txt
2013-11-02 19:06 - 2013-11-02 19:06 - 00688992 ____R (Swearware) C:\Users\ANTHONY\Desktop\dds.com
2013-11-02 19:06 - 2012-01-11 20:52 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\uTorrent
2013-11-02 18:58 - 2013-07-18 01:25 - 00000000 ____D C:\Program Files (x86)\Google Earth Pro 7.1.1.1888 Final Multilingual + Portable
2013-11-02 18:49 - 2012-11-20 23:15 - 01824368 _____ C:\Windows\WindowsUpdate.log
2013-11-02 18:18 - 2012-04-04 21:52 - 00000000 ____D C:\ProgramData\MFAData
2013-11-02 16:03 - 2013-11-02 15:50 - 00000000 ____D C:\Users\ANTHONY\Desktop\RK_Quarantine
2013-11-02 15:57 - 2013-11-02 15:57 - 00002230 _____ C:\Users\ANTHONY\Desktop\RKreport[0]_S_11022013_155732.txt
2013-11-02 15:55 - 2013-11-02 15:55 - 00003469 _____ C:\Users\ANTHONY\Desktop\RKreport[0]_D_11022013_155500.txt
2013-11-02 15:55 - 2010-11-21 14:23 - 00000000 __SHD C:\Users\ANTHONY\AppData\Local\{b31a63f8-a484-1bcf-e69a-a8f3f39e15c9}
2013-11-02 15:53 - 2013-11-02 15:53 - 00003532 _____ C:\Users\ANTHONY\Desktop\RKreport[0]_S_11022013_155351.txt
2013-11-02 15:50 - 2013-11-02 15:48 - 04012032 _____ C:\Users\ANTHONY\Downloads\RogueKillerX64.exe
2013-11-02 15:44 - 2013-11-02 15:44 - 00000000 ____D C:\Users\ANTHONY\Downloads\Bret Michaels - Las Vegas, NV - 11-28-08
2013-11-02 15:44 - 2013-11-02 15:41 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\ANTHONY\Downloads\tdsskiller.exe
2013-11-02 15:43 - 2013-11-02 15:43 - 00000000 ____D C:\Users\ANTHONY\Downloads\Concrete Blonde - Philadelphia, PA - 07-11-90
2013-11-02 15:43 - 2013-11-02 15:43 - 00000000 ____D C:\Users\ANTHONY\Downloads\Alice In Chains - Toronto, Ont - 11-29-92
2013-11-02 15:43 - 2013-11-02 15:43 - 00000000 ____D C:\Users\ANTHONY\Downloads\Alice In Chains - Boston, MA - 11-27-92
2013-11-02 15:43 - 2013-10-31 23:45 - 00000000 ____D C:\Users\ANTHONY\Downloads\Australian Pink Floyd - Croydon, GB - 07-29-09
2013-11-02 15:42 - 2013-11-02 15:42 - 00000000 ____D C:\Users\ANTHONY\Downloads\Concrete Blonde - Melbourne, AU - 03-02-88
2013-11-02 14:35 - 2013-11-02 13:18 - 85234468 _____ C:\Users\ANTHONY\Downloads\NIN.PretHateMachDemos.FLAC.by.TUBE.zip.part
2013-11-02 02:00 - 2013-08-13 00:30 - 00000000 ____D C:\Users\ANTHONY\AppData\Local\Adobe
2013-11-01 23:12 - 2012-03-17 14:24 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-01 22:01 - 2012-12-17 22:07 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANTHONY
2013-11-01 22:01 - 2012-12-17 22:07 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForANTHONY.job
2013-11-01 21:58 - 2013-11-01 21:58 - 00015208 _____ C:\Users\ANTHONY\Downloads\[kickass.to]extreme.couponing.s03e04.all.stars.antoinette.vs.judy.hdtv.xvid.lmao.avi.torrent
2013-11-01 21:58 - 2013-11-01 21:58 - 00014951 _____ C:\Users\ANTHONY\Downloads\[kickass.to]extreme.couponing.s01e01.jaime.and.tiffany.hdtv.xvid.momentum.torrent
2013-11-01 13:45 - 2012-01-14 21:46 - 00000000 ___RD C:\Media
2013-11-01 11:21 - 2013-07-20 00:52 - 00000000 ____D C:\Users\ANTHONY\Downloads\A.A Guns To Sort
2013-10-31 23:01 - 2013-07-20 00:53 - 00000000 ____D C:\Users\ANTHONY\Downloads\A.A Music to sort
2013-10-30 13:00 - 2013-10-30 12:27 - 222921640 _____ C:\Users\ANTHONY\Downloads\houseofbootlegs_AB20131021 HydroGlasgow.rar.part
2013-10-30 10:37 - 2009-07-14 15:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 10:37 - 2009-07-14 15:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 10:32 - 2013-09-25 17:57 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-30 10:22 - 2011-10-25 05:42 - 00000000 ____D C:\ProgramData\PDFC
2013-10-30 10:21 - 2012-11-20 23:08 - 00024276 _____ C:\Windows\setupact.log
2013-10-30 10:21 - 2011-10-25 05:26 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-30 10:21 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 00:24 - 2013-07-20 00:53 - 00000000 ____D C:\Users\ANTHONY\Downloads\A.A Tassie Pics to place
2013-10-29 13:30 - 2013-11-01 18:23 - 00000000 ____D C:\Users\ANTHONY\Downloads\Pearl Jam - First Niagara Centre, Buffalo, 12 October 2013
2013-10-29 01:13 - 2013-10-25 17:17 - 00001456 _____ C:\Users\ANTHONY\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-10-28 22:00 - 2012-01-09 21:23 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-28 21:57 - 2012-01-09 21:21 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\HP Support Assistant
2013-10-28 21:57 - 2012-01-09 20:47 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\HpUpdate
2013-10-27 17:34 - 2013-08-27 23:38 - 00000000 ____D C:\Users\ANTHONY\Downloads\A.A Youtubes to Sort
2013-10-25 17:22 - 2013-10-25 17:22 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-10-25 17:22 - 2012-01-08 21:39 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\Adobe
2013-10-25 17:14 - 2013-10-25 17:14 - 00000000 ____D C:\Users\ANTHONY\Documents\Adobe
2013-10-25 16:51 - 2013-10-25 16:51 - 02440049 _____ C:\Users\ANTHONY\Documents\664969388001_2767123801001_8018555-20131025-094435-VIDEO-FULL.mp4
2013-10-24 00:43 - 2012-01-11 21:03 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-10-24 00:27 - 2013-09-25 17:55 - 00000000 ____D C:\Users\ANTHONY\AppData\Local\JDownloader v2.0
2013-10-24 00:20 - 2013-09-19 20:26 - 00000000 ____D C:\Users\ANTHONY\Downloads\eMule
2013-10-22 10:13 - 2012-01-18 22:30 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\dvdcss
2013-10-22 01:15 - 2012-01-21 17:23 - 00000000 ____D C:\Users\ANTHONY\AppData\Local\CrashDumps
2013-10-22 00:25 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-21 19:50 - 2013-10-21 19:49 - 00000000 ____D C:\Users\ANTHONY\Downloads\Pshop psd
2013-10-21 09:52 - 2012-10-21 12:46 - 00000000 ____D C:\ProgramData\Adobe
2013-10-21 09:44 - 2009-07-14 15:45 - 04927776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-20 21:32 - 2013-10-20 21:17 - 00000000 ____D C:\Program Files\Adobe
2013-10-20 21:32 - 2013-10-20 21:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-20 21:27 - 2013-10-20 21:27 - 00003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ANTHONY-HP-ANTHONY
2013-10-20 21:27 - 2013-10-20 21:27 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\NVIDIA
2013-10-20 21:18 - 2013-10-20 21:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-20 21:18 - 2013-10-20 21:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-19 22:05 - 2009-07-14 16:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-13 22:14 - 2013-10-13 22:14 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\Tangent3D
2013-10-13 22:14 - 2013-10-13 22:13 - 00000000 ____D C:\Users\ANTHONY\Documents\Image Armada
2013-10-13 22:13 - 2013-10-13 22:13 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2013-10-13 22:13 - 2013-10-13 22:13 - 00001281 _____ C:\Users\Public\Desktop\Image Armada Builder.lnk
2013-10-13 22:13 - 2013-10-13 22:13 - 00001274 _____ C:\Users\Public\Desktop\Image Armada Viewer.lnk
2013-10-13 22:13 - 2013-10-13 22:13 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image Armada
2013-10-13 22:12 - 2013-10-13 22:12 - 00000000 ____D C:\Program Files (x86)\Tangent3D
2013-10-13 20:49 - 2013-10-13 20:48 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\Photo! 3D Album
2013-10-13 20:48 - 2013-10-13 20:48 - 00001202 _____ C:\Users\ANTHONY\Desktop\Photo! 3D Album.lnk
2013-10-13 20:48 - 2013-10-13 16:40 - 00000821 _____ C:\Users\ANTHONY\Desktop\Photo! 3D ScreenSaver.lnk
2013-10-13 20:48 - 2013-10-13 16:40 - 00000000 ____D C:\Program Files (x86)\Photo!
2013-10-13 20:32 - 2013-10-13 16:40 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\Photo! 3D ScreenSaver
2013-10-13 16:37 - 2013-10-13 16:33 - 34533165 _____ (                                                            ) C:\Users\ANTHONY\Desktop\p3dalbuminst.exe
2013-10-10 23:07 - 2012-03-17 14:24 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 23:07 - 2012-03-17 14:24 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-09 23:16 - 2013-08-13 00:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 23:16 - 2012-07-02 18:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 23:16 - 2012-01-11 21:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 01:26 - 2013-10-08 01:16 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\foobar2000
2013-10-08 01:21 - 2013-10-08 01:21 - 00001868 _____ C:\Users\Public\Desktop\FLAC Frontend.lnk
2013-10-08 01:21 - 2013-10-08 01:21 - 00000000 ____D C:\Program Files (x86)\FLAC
2013-10-08 01:16 - 2013-10-08 01:16 - 00001037 _____ C:\Users\Public\Desktop\foobar2000.lnk
2013-10-08 01:16 - 2013-10-08 01:16 - 00000000 ____D C:\Program Files (x86)\foobar2000
2013-10-08 01:05 - 2012-03-27 07:39 - 00000000 ____D C:\Users\Public\CyberLink
2013-10-08 01:05 - 2012-03-27 07:39 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\CyberLink
2013-10-07 21:58 - 2012-01-21 16:45 - 00000000 ____D C:\Users\ANTHONY\Downloads\hjsplit
2013-10-05 11:18 - 2013-10-05 11:16 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\AccurateRip
2013-10-05 11:17 - 2013-10-05 11:16 - 00000000 ____D C:\Users\ANTHONY\AppData\Roaming\EAC
2013-10-05 11:16 - 2013-10-05 11:16 - 00001076 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk
2013-10-05 11:16 - 2013-10-05 11:16 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy

Files to move or delete:
====================
C:\Users\ANTHONY\BlueStacks-SplitInstaller_native.exe


Some content of TEMP:
====================
C:\Users\ANTHONY\AppData\Local\Temp\AskSLib.dll
C:\Users\ANTHONY\AppData\Local\Temp\BackupSetup.exe
C:\Users\ANTHONY\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\ANTHONY\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ANTHONY\AppData\Local\Temp\KMP_3.4.0.59.exe
C:\Users\ANTHONY\AppData\Local\Temp\KMP_3.5.0.77.exe
C:\Users\ANTHONY\AppData\Local\Temp\MusicStationUninstall.exe
C:\Users\ANTHONY\AppData\Local\Temp\ntdll_dump.dll
C:\Users\ANTHONY\AppData\Local\Temp\PIPInstaller_PTV_.exe
C:\Users\ANTHONY\AppData\Local\Temp\proxy_vole7830860924583496394.dll
C:\Users\ANTHONY\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\ANTHONY\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_3172.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2013-10-31 01:02

==================== End Of Log ============================

 

Addition.txt

Link to post
Share on other sites

Looks like MSE may have been exploited by malware, leave that for now.... Regarding uTorrent and and other P2P applications, yes remove them from your system, they are open flood gates for infections, also is forum protocol...

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Please download RogueKiller from here:

 

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

 

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

 

  •  

     

  • Make sure to get the correct version for your system.

     

     

  • Quit all running programs

     

     

  • Please disconnect any USB or external drives from the computer before you run this scan!

     

     

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe

     

     

  • Wait until Prescan has finished...

     

     

  • The following EULA will appear, please select accept

     

     

    RKLicence.png

     

     

  • Ensure MBR scan, Check faked and AntiRootkit are checked

     

     

  • Select Scan

     

     

    RK1A.png

     

     

  • When the scan completes select Report, copy and paste that to your reply.

     

     

    RK2A.png

     

     

  • The log should be found in RKreport[?].txt on your Desktop

     

     

  • Exit/Close RogueKiller

     

     

 

 

Post those logs, give update on current issues concerns...

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by ANTHONY at 2013-11-02 22:54:13 Run:1
Running from C:\Users\ANTHONY\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
c:\Program Files\Microsoft Security Client\mssecex.exe
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: Hosts file not detected in the default directory
S1 bnmvqsal; \??\C:\Windows\system32\drivers\bnmvqsal.sys [x]
S1 cbmmgfkf; \??\C:\Windows\system32\drivers\cbmmgfkf.sys [x]
S1 docoypau; \??\C:\Windows\system32\drivers\docoypau.sys [x]
S1 eatdazpk; \??\C:\Windows\system32\drivers\eatdazpk.sys [x]
S1 egyjgdvm; \??\C:\Windows\system32\drivers\egyjgdvm.sys [x]
S1 evwlkgzo; \??\C:\Windows\system32\drivers\evwlkgzo.sys [x]
S1 holaojum; \??\C:\Windows\system32\drivers\holaojum.sys [x]
R4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120602.001\IDSvia64.sys [x]
S1 ivxeredh; \??\C:\Windows\system32\drivers\ivxeredh.sys [x]
S1 jdcyewod; \??\C:\Windows\system32\drivers\jdcyewod.sys [x]
S1 jdxfnukc; \??\C:\Windows\system32\drivers\jdxfnukc.sys [x]
S1 kawlaoko; \??\C:\Windows\system32\drivers\kawlaoko.sys [x]
S1 lvrwgxam; \??\C:\Windows\system32\drivers\lvrwgxam.sys [x]
S1 ncyxfomy; \??\C:\Windows\system32\drivers\ncyxfomy.sys [x]
S1 nmhforhe; \??\C:\Windows\system32\drivers\nmhforhe.sys [x]
S1 nptswtvy; \??\C:\Windows\system32\drivers\nptswtvy.sys [x]
S1 nwqbecfo; \??\C:\Windows\system32\drivers\nwqbecfo.sys [x]
S1 paaymtnk; \??\C:\Windows\system32\drivers\paaymtnk.sys [x]
S1 pzwbdbmg; \??\C:\Windows\system32\drivers\pzwbdbmg.sys [x]
S1 qamveufs; \??\C:\Windows\system32\drivers\qamveufs.sys [x]
S1 qthejvmh; \??\C:\Windows\system32\drivers\qthejvmh.sys [x]
S1 rdsxzdma; \??\C:\Windows\system32\drivers\rdsxzdma.sys [x]
S1 shgkbbsy; \??\C:\Windows\system32\drivers\shgkbbsy.sys [x]
R4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [x]
R4 SymDS; system32\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
R4 SymEFA; system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
R4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [x]
S1 tpkxervk; \??\C:\Windows\system32\drivers\tpkxervk.sys [x]
S1 urzehckf; \??\C:\Windows\system32\drivers\urzehckf.sys [x]
S1 uupgrhck; \??\C:\Windows\system32\drivers\uupgrhck.sys [x]
S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [x]
S3 zgwhsmdm; system32\DRIVERS\zgwhsmdm.sys [x]
S3 zgwhsnmea; system32\DRIVERS\zgwhsnmea.sys [x]
NETSVC: NETw5x32 -> No ServiceDLL Path.
C:\Program Files (x86)\Norton Internet Security
C:\Users\ANTHONY\BlueStacks-SplitInstaller_native.exe
C:\Users\ANTHONY\AppData\Local\Temp\AskSLib.dll
C:\Users\ANTHONY\AppData\Local\Temp\BackupSetup.exe
C:\Users\ANTHONY\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\ANTHONY\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ANTHONY\AppData\Local\Temp\KMP_3.4.0.59.exe
C:\Users\ANTHONY\AppData\Local\Temp\KMP_3.5.0.77.exe
C:\Users\ANTHONY\AppData\Local\Temp\MusicStationUninstall.exe
C:\Users\ANTHONY\AppData\Local\Temp\ntdll_dump.dll
C:\Users\ANTHONY\AppData\Local\Temp\PIPInstaller_PTV_.exe
C:\Users\ANTHONY\AppData\Local\Temp\proxy_vole7830860924583496394.dll
C:\Users\ANTHONY\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\ANTHONY\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_3172.exe
DeleteJunctionsIndirectory: C:\Windows\system64
AlternateDataStreams: C:\ProgramData\Temp:84ADBF33
End



*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully.
"c:\Program Files\Microsoft Security Client\mssecex.exe" => File/Directory not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Hosts was reset successfully.
bnmvqsal => Service deleted successfully.
cbmmgfkf => Service deleted successfully.
docoypau => Service deleted successfully.
eatdazpk => Service deleted successfully.
egyjgdvm => Service deleted successfully.
evwlkgzo => Service deleted successfully.
holaojum => Service deleted successfully.
IDSVia64 => Service deleted successfully.
ivxeredh => Service deleted successfully.
jdcyewod => Service deleted successfully.
jdxfnukc => Service deleted successfully.
kawlaoko => Service deleted successfully.
lvrwgxam => Service deleted successfully.
ncyxfomy => Service deleted successfully.
nmhforhe => Service deleted successfully.
nptswtvy => Service deleted successfully.
nwqbecfo => Service deleted successfully.
paaymtnk => Service deleted successfully.
pzwbdbmg => Service deleted successfully.
qamveufs => Service deleted successfully.
qthejvmh => Service deleted successfully.
rdsxzdma => Service deleted successfully.
shgkbbsy => Service deleted successfully.
SRTSPX => Service deleted successfully.
SymDS => Service deleted successfully.
SymEFA => Service deleted successfully.
SymEvent => Service deleted successfully.
tpkxervk => Service deleted successfully.
urzehckf => Service deleted successfully.
uupgrhck => Service deleted successfully.
zgwhsdiag => Service deleted successfully.
zgwhsmdm => Service deleted successfully.
zgwhsnmea => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs NETw5x32 => Deleted successfully.
C:\Program Files (x86)\Norton Internet Security => Moved successfully.
C:\Users\ANTHONY\BlueStacks-SplitInstaller_native.exe => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\KMP_3.4.0.59.exe => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\KMP_3.5.0.77.exe => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\MusicStationUninstall.exe => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\PIPInstaller_PTV_.exe => Moved successfully.
"C:\Users\ANTHONY\AppData\Local\Temp\proxy_vole7830860924583496394.dll" => File/Directory not found.
C:\Users\ANTHONY\AppData\Local\Temp\SEVINST64x86.EXE => Moved successfully.
C:\Users\ANTHONY\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_3172.exe => Moved successfully.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.
C:\ProgramData\Temp => ":84ADBF33" ADS removed successfully.


The system needs a manual reboot.

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ANTHONY :: ANTHONY-HP [administrator]

2/11/2013 11:02:51 PM
mbam-log-2013-11-02 (23-02-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220187
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0X2O1C0R2R1R -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Program Files (x86)\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.10905 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10845 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10905 (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\Backup (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\Logs (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

Files Detected: 114
C:\Users\ANTHONY\AppData\Local\Temp\1hJyWeBD.exe.part (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Local\Temp\P8cA2tAV.exe.part (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Local\Temp\is1070216317\27066137_stp\WebConnect.exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Local\Temp\is961225091\rcpsetup_adppi_adppi.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\Local Settings\Temporary Internet Files\Content.IE5\1DAXL8XG\Setup[1].exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\loading_withWhiteBG.avi (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.config (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\AppResource.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\asp.ico (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\AspManager.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\aspsys.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\categories.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Chinese_asp_ZH-CN.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Communication.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\danish_asp_DA.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\dutch_asp_NL.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\eng_asp_en.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Finnish_asp_FI.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\french_asp_FR.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\german_asp_DE.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Interop.IWshRuntimeLibrary.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\italian_asp_IT.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\japanese_asp_JA.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\norwegian_asp_NO.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\portuguese_asp_PT-BR.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\russian_asp_ru.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\scandll.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\spanish_asp_ES.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\swedish_asp_SV.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\System.Core.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\unins000.dat (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\unins000.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\unins000.msg (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\unrar.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.Formats.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack\clamscan.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack\libclamav.dll (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack\readme.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.com (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\ASP-Troubleshooter.chm (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.lnk (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\AddonSafelist (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1517mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1518update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1519update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1520update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1521update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1522update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1523update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1524update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1525update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1526update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1527update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1528update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1529update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1530update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1531update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1532update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1533update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1534update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1535update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1536update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1537update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1538update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1539update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1540update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1541update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1542update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1543update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1544update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1545update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1546update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1547update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1548update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1549update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1550update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1551update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1552update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1553update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1554update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1555update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1556update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1557update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\914completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10845\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10905\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_25-09-13_05-15-42.xml (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\ANTHONY\AppData\Roaming\Systweak\Advanced System Protector\Logs\SMLog.xml (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

(end)

 

 

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ANTHONY [Admin rights]
Mode : Scan -- Date : 11/02/2013 23:14:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[FF][PROXY] 1t5wziu1.default-1365399314011 : user_pref("network.proxy.hxxp", "54.250.202.126"); -> FOUND
[FF][PROXY] 1t5wziu1.default-1365399314011 : user_pref("network.proxy.hxxp_port", 80); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD20EARS-60MVWB0 +++++
--- User ---
[MBR] b7abb56c454e026747c3cd096cb3cc75
[bSP] 910cf30411e377a4f351046d34aed714 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1894582 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3880310784 | Size: 13045 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] e7be88ef91f94942c54736fa79d0d9a7
[bSP] 6b2738502acbffab9b955fdd2dc52fdc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD10EAVS-32D7B1 +++++
--- User ---
[MBR] a65cf760d43b336347fb57bc883ace24
[bSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11022013_231451.txt >>




My only concerns at the moment are caused by my reading of the ransomware, and it's ability to lock my system upon restart? then finding all the instances of pup.optional.systemadvancedprotector got me concerned, and it would be great to know and verify that I have a clean and safe system before rebooting...

Link to post
Share on other sites

OK, I have successfully rebooted and made it back!, Although I do now have MSE  telling me it's detected a potential threat, and asking me to click Clean PC, I'm hesitant to do so, after you've said MSE may have been exploited? As for the proxy server being active, that may have been a major oversight on my part.  I had forgotten that was set, it now is not.  Thankyou so much for your help thus far, what should I do next to ensure a clean and secure system?

Link to post
Share on other sites

As you have AVG installed and running maybe is a good idea to remove MSE, I too am concerned that it may still be exploited...

 

A removal tool is available here:  http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/ use that and see if it works,

 

Next,

 

I`d still like another look at your system, run the following:

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites

The removal tool seems to have worked fine, nice and quick too.

 

system-log.txt:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 17161535488, free: 14236106752

Downloaded database version: v2013.11.02.04
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     11/03/2013 01:58:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\anvsnddrv.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\appliand.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8014f8c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xfffffa8014f91b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8014f8d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xfffffa8014f91060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8014f8f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa8014f92690
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8014f8e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xfffffa8014f89060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800f3c7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800e1c4050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800f3c1790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800e1c0050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800f3c1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800f3c12c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f3c1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e1c0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DCFDE49C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 3880103936

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3880310784  Numsec = 26716160

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800f3c7790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800f3c72c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f3c7790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e1c4050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E8900690

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953520002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8014f8e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014f8eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014f8e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f89060, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8014f8f060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014f8fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014f8f060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f92690, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8014f8d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014f8db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014f8d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f91060, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8014f8c060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014f8cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014f8c060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f91b60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected file C:\Users\ANTHONY\AppData\Local\Temp\is961225091\wajam_validate.exe could not be remediated because backup file is not available
Infected file C:\Users\ANTHONY\AppData\Local\Temp\is1070216317\27065949_stp\wajam_validate.exe could not be remediated because backup file is not available
Infected: C:\Windows\system64 --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe_k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe_u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 17161535488, free: 13777821696

Initializing...
======================
------------ Kernel report ------------
     11/03/2013 02:11:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\anvsnddrv.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\appliand.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8014f8c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xfffffa8014f91b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8014f8d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xfffffa8014f91060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8014f8f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa8014f92690
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8014f8e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xfffffa8014f89060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800f3c7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa800e1c4050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800f3c1790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800e1c0050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800f3c1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800f3c12c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f3c1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e1c0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DCFDE49C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 3880103936

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3880310784  Numsec = 26716160

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800f3c7790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800f3c72c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800f3c7790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e1c4050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E8900690

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953520002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8014f8e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014f8eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014f8e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f89060, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8014f8f060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014f8fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014f8f060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f92690, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8014f8d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014f8db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014f8d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f91060, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8014f8c060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8014f8cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8014f8c060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014f91b60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected file C:\Users\ANTHONY\AppData\Local\Temp\is961225091\wajam_validate.exe could not be remediated because backup file is not available
Infected file C:\Users\ANTHONY\AppData\Local\Temp\is1070216317\27065949_stp\wajam_validate.exe could not be remediated because backup file is not available
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe_k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe_u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 17161535488, free: 13630087168

=======================================

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ANTHONY :: ANTHONY-HP [administrator]

3/11/2013 2:11:22 AM
mbar-log-2013-11-03 (02-11-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 235566
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

All seems to be going well?...

Link to post
Share on other sites

Yes all looks good, run this please:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post that log, if you have no remaining issues or concerns we can clean up.. OK!

Link to post
Share on other sites

I'm Back! Although I did turn on this morning to this error message...  (because MSE gone?)

 

GW0UVaj.png

 

and have since done as asked re security check, and here is the contents of checkup.txt

 

Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Microsoft Security Essentials     
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 22  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Mozilla Firefox (24.0)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

No real concerns on my behalf anymore, although it did seem a bit slower to boot into windows than normal, I presume because it was doing things in the background?

Link to post
Share on other sites

MSE is still showing as installed in the Security Check log? See if it can be uninstalled with the following:

 

Please download and install Revo Uninstaller Free

 

 

  •  

     

  • Double click Revo Uninstaller to run it.

     

     

  • From the list of programs double click on The Program to remove

     

     

  • When prompted if you want to uninstall click Yes.

     

     

  • Be sure the Moderate option is selected then click Next.

     

     

  • The program will run, If prompted again click Yes

     

     

  • When the built-in uninstaller is finished click on Next.

     

     

  • Once the program has searched for leftovers click Next.

     

     

  • Check/tick the bolded items only on the list then click Delete

     

     

  • When prompted click on Yes and then on next.

     

     

  • Put a check on any folders that are found and select delete

     

     

  • When prompted select yes then on next

     

     

  • Once done click Finish.

     

     

 

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

 

  •  

     

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.

     

     

  • Double click OTC_Icon.jpg icon to start the program.

     

    If you are using Vista or Windows 7 accept UAC

     

  • Then Click the big CleanUp.jpg button.

     

     

  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.

     

     

  • Restart your computer when prompted.

     

     

  • This will remove tools we have used and itself.

     

     

 

 

Any tools/logs remaining on the Desktop or downloads folder can be deleted.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Make sure these are removed:

 

Java™ 6 Update 22  
Java 7 Update 25

 

Next,

 

Download and install CCleaner from here:

 

] Ensure to select Slim version. (No Toolbar)

 

 Then select the items you wish to clean up.

 

In the Windows Tab:

 

 

 

 

 

In the Applications Tab

 

 

 

4. Click the "Run Cleaner" button.

5. A pop up box will appear advising this process will permanently delete files from your system.

6. Click "OK" and it will scan and clean your system.

7. Click "exit" when done.

 

CCleaner is an excellent Utility and well worth keeping, bottom left hand corner of main interface is link "Online Help" use that link to get the full instructions for this very handy application.

 

Next,

 

Re-open CCleaner, select tools > start up > windows tab > the start up list will populate, select "save to text file" tab at bottom right hand corner, copy that file to next reply.

 

Also let me know how your system is responding, also if any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

No worries re attachment, but still having issues with MSE, When tried to install from link provided, I get:

 

Td1cKo9.jpg

 

and the help linked to was of no help!

But other than that, all went as planned..

 

Yes    HKCU:Run    AdobeBridge        
Yes    HKCU:Run    DisplayFusion    Binary Fortress Software    "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
Yes    HKCU:Run    News.net        C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
Yes    HKCU:Run    Sidebar    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
No    HKCU:Run    Workrave    The Workrave development team    C:\Program Files (x86)\Workrave\lib\workrave.exe
Yes    HKLM:Run    AdobeAAMUpdater-1.0    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes    HKLM:Run    AdobeCS6ServiceManager    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Yes    HKLM:Run    AVG_UI    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
No    HKLM:Run    BeatsOSDApp    Hewlett-Packard     C:\Program Files\IDT\WDM\beats64.exe
Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    hpsysdrv    Hewlett-Packard    c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Yes    HKLM:Run    PDF Complete    PDF Complete Inc    C:\Program Files (x86)\PDF Complete\pdfsty.exe
Yes    HKLM:Run    SwitchBoard    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes    HKLM:Run    SysTrayApp    IDT, Inc.    C:\Program Files\IDT\WDM\sttray64.exe
No    Startup User    OpenOffice.org 3.3.lnk        C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE

Link to post
Share on other sites

Open CCleaner, select > tools > start up, under the windows tab make changes as follows, only if you agree:

 

Select each entry then use the commands in the right hand pane to make changes.

 

Red = Delete

Blue = Disable

Green = leave as set.

 

Yes    HKCU:Run    AdobeBridge        
Yes    HKCU:Run    DisplayFusion    Binary Fortress Software    "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
Yes    HKCU:Run    News.net        C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
Yes    HKCU:Run    Sidebar    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
No    HKCU:Run    Workrave    The Workrave development team    C:\Program Files (x86)\Workrave\lib\workrave.exe
Yes    HKLM:Run    AdobeAAMUpdater-1.0    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes    HKLM:Run    AdobeCS6ServiceManager    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Yes    HKLM:Run    AVG_UI    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
No    HKLM:Run    BeatsOSDApp    Hewlett-Packard     C:\Program Files\IDT\WDM\beats64.exe
Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    hpsysdrv    Hewlett-Packard    c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
Yes    HKLM:Run    PDF Complete    PDF Complete Inc    C:\Program Files (x86)\PDF Complete\pdfsty.exe
Yes    HKLM:Run    SwitchBoard    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes    HKLM:Run    SysTrayApp    IDT, Inc.    C:\Program Files\IDT\WDM\sttray64.exe
No    Startup User    OpenOffice.org 3.3.lnk        C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE

 

I`m unsure what you refer to about MSE, has that completed after the recommended restart/retry. If not run the following and try again:

 

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Kevin

Link to post
Share on other sites

OK, So I've followed the fixes at that link, although I didn't find the entry in regedit that they wanted me too?  I did run the MSEinstall.exe file last night from Command Prompt, with a /u switch, which made it run as an uninstaller, So I am thinking now that it is totally gone?   I will grab and run Security Check by screen317 again, and see what it tells me...

 

Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Mozilla Firefox 24.0 Firefox out of Date!  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

So I believe it appears gone?

 

Thankyou again for your help and guidance through this adventure! Is there anything else I can/should do to now verify if I have a clean and secure system?

Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Kevin....

Link to post
Share on other sites

C:\Program Files\ZZ Uninstalled\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0\Toolbar.exe    Win32/Toolbar.AskSBar application
C:\Program Files\ZZ Uninstalled\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe    Win32/Toolbar.AskSBar application
C:\ProgramData\Ask\APN-Stub\PTV\Local\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\All Users\Ask\APN-Stub\PTV\Local\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\ANTHONY\Desktop\    \KMPlayer_3-5-0-77-1-.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
 

Link to post
Share on other sites

Nothing of great importance, you can delete those entries if you want. Other than that you should be good to go...

 

If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

Link to post
Share on other sites

All sorted then! Your help has been prompt and useful, easy to follow and much appreciated. I've bookmarked a couple of things from your last post for a better look soon and enabling this thread to be closed. I'm usually pretty careful with what I grab from where, and will endeavor to be more vigilant from here on in... The work yourself, and all the other assistants do here is unbelievable, just reading other posts while this was underway showed me how much effort and time you guys all put in... Thankyou again, and recommendations and donation shall be forthcoming as possible...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.