Jump to content

Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next.

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs, also tell which security program you have installed..

 

Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014

Ran by Calvin (administrator) on CALVIN-PC on 08-01-2014 10:43:10

Running from C:\Users\Calvin\Downloads

Windows 7 Ultimate (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Spotify Ltd) C:\Users\Calvin\AppData\Roaming\Spotify\spotify.exe

(Spotify Ltd) C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Creative Technology Ltd.) C:\Windows\OEM05Mon.exe

() C:\Program Files (x86) (x86)\Dell V305\dldtmon.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

() C:\Program Files (x86) (x86)\Dell V305\dldtmsdmon.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe

(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4047\Battle.net.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

() C:\Program Files (x86)\Hearthstone\Hearthstone.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [iAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)

HKLM\...\Run: [unThreat] - "C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe" -silent

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [OEM05Mon.exe] - C:\Windows\OEM05Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [dldtmon.exe] - C:\Program Files (x86) (x86)\Dell V305\dldtmon.exe [672424 2010-02-10] ()

HKLM-x32\...\Run: [dldtamon] - C:\Program Files (x86) (x86)\Dell V305\dldtamon.exe [16040 2010-02-10] ()

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)

HKCU\...\Run: [spotify] - C:\Users\Calvin\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-06] (Spotify Ltd)

HKCU\...\Run: [spotify Web Helper] - C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-06] (Spotify Ltd)

HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)

MountPoints2: {80ff7b45-41c0-11e3-b5b1-806e6f6e6963} - D:\setup.exe

MountPoints2: {8ece9fad-41ca-11e3-9cb6-806e6f6e6963} - D:\autoRcd.exe

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0299091DC0D5CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {934920FF-79F8-4A34-899F-FB50E16F488F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}

SearchScopes: HKCU - {934920FF-79F8-4A34-899F-FB50E16F488F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

Chrome: 

=======

CHR DefaultSearchKeyword: yahoo.com

CHR DefaultSearchProvider: Yahoo!


CHR DefaultNewTabURL: 

CHR Extension: (Google Docs) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (AdBlock) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (Google Wallet) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

CHR Extension: (Gmail) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

 

==================== Services (Whitelisted) =================

 

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 OEM05Afx; C:\Windows\system32\Drivers\OEM05Afx.sys [212864 2007-06-08] (Creative Technology Ltd.)

R3 OEM05Vfx; C:\Windows\System32\DRIVERS\OEM05Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)

R3 OEM05Vid; C:\Windows\System32\DRIVERS\OEM05Vid.sys [266720 2007-07-20] (Creative Technology Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-08 10:43 - 2014-01-08 10:44 - 00008326 _____ C:\Users\Calvin\Downloads\FRST.txt

2014-01-08 10:43 - 2014-01-08 10:43 - 00000000 ____D C:\FRST

2014-01-08 10:42 - 2014-01-08 10:42 - 01932624 _____ (Farbar) C:\Users\Calvin\Downloads\FRST64.exe

2014-01-07 12:52 - 2014-01-07 12:52 - 00470576 _____ C:\Users\Calvin\Downloads\Java.exe

2014-01-06 00:18 - 2014-01-06 00:18 - 00000000 ____D C:\Users\Calvin\AppData\Local\Demiurge Studios

2014-01-05 22:59 - 2014-01-07 11:20 - 00000000 ____D C:\Users\Calvin\AppData\Local\CrashDumps

2014-01-05 11:50 - 2014-01-05 11:50 - 00057560 _____ C:\Users\Calvin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-05 11:48 - 2014-01-05 11:48 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-05 01:00 - 2014-01-08 10:35 - 00000840 _____ C:\Windows\setupact.log

2014-01-05 01:00 - 2014-01-05 01:00 - 00000000 _____ C:\Windows\setuperr.log

2014-01-03 19:04 - 2014-01-03 19:05 - 00013806 _____ C:\Users\Calvin\Desktop\dds.txt

2014-01-03 19:04 - 2014-01-03 19:05 - 00009058 _____ C:\Users\Calvin\Desktop\attach.txt

2014-01-03 19:03 - 2014-01-03 19:03 - 00688992 ____R (Swearware) C:\Users\Calvin\Downloads\dds.scr

2014-01-03 01:31 - 2014-01-03 01:32 - 96252688 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\msert.exe

2014-01-03 00:19 - 2014-01-03 00:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calvin\Downloads\mbam-setup-1.75.0.1300 (1).exe

2014-01-02 20:17 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys

2014-01-02 20:12 - 2012-11-06 04:20 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe

2014-01-02 20:11 - 2014-01-02 20:11 - 01000512 _____ (Scandium Security Inc.) C:\Users\Calvin\Downloads\UnThreatFreeSetup.exe

2014-01-02 10:33 - 2014-01-03 00:10 - 00000000 ____D C:\ProgramData\Norton

2014-01-02 02:16 - 2014-01-02 02:19 - 211811872 ____N (Symantec Corporation) C:\Users\Calvin\Downloads\N360-TW-21.1.0-EN-US.exe

2014-01-02 02:10 - 2014-01-02 02:10 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-01-02 02:10 - 2014-01-02 02:10 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

2014-01-02 02:10 - 2014-01-02 02:10 - 00000000 ____D C:\Program Files\CCleaner

2014-01-01 23:23 - 2014-01-03 00:19 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-01 23:23 - 2014-01-03 00:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-01 23:23 - 2014-01-01 23:23 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Malwarebytes

2014-01-01 23:23 - 2014-01-01 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-01 23:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-01 23:22 - 2014-01-01 23:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calvin\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-01 18:27 - 2014-01-01 18:27 - 04645232 _____ (Piriform Ltd) C:\Users\Calvin\Downloads\ccsetup409.exe

2014-01-01 18:26 - 2014-01-01 18:27 - 04436944 _____ (AVG Technologies) C:\Users\Calvin\Downloads\avg_free_stb_all_2014_4259_cnet.exe

2014-01-01 18:17 - 2013-11-26 12:25 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-01-01 18:05 - 2014-01-01 18:05 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1388617550

2014-01-01 18:04 - 2014-01-01 18:04 - 00000000 ____D C:\ProgramData\AVAST Software

2014-01-01 18:02 - 2014-01-01 18:04 - 91412976 _____ (AVAST Software) C:\Users\Calvin\Downloads\avast_free_antivirus_setup.exe

2014-01-01 00:58 - 2014-01-01 00:58 - 00037376 _____ C:\Windows\system32\pfqlej.rfw

2014-01-01 00:48 - 2014-01-08 10:37 - 00000084 _____ C:\Windows\system32\kdmgco.tor

2014-01-01 00:47 - 2014-01-01 00:58 - 00000100 _____ C:\Windows\system32\naqtnxr.mfv

2014-01-01 00:47 - 2014-01-01 00:47 - 00000064 _____ C:\Windows\system32\wqcteqc.iax

2014-01-01 00:32 - 2014-01-01 00:32 - 00219314 ____S C:\Windows\system32\bfdaacd.gwg

2013-12-09 19:27 - 2013-12-09 19:27 - 01455528 _____ C:\Users\Calvin\Downloads\SystemCheck_enUS (1).exe

 

==================== One Month Modified Files and Folders =======

 

2014-01-08 10:44 - 2014-01-08 10:43 - 00008326 _____ C:\Users\Calvin\Downloads\FRST.txt

2014-01-08 10:43 - 2014-01-08 10:43 - 00000000 ____D C:\FRST

2014-01-08 10:43 - 2013-11-20 19:09 - 00000000 ____D C:\Users\Calvin\AppData\Local\Battle.net

2014-01-08 10:42 - 2014-01-08 10:42 - 01932624 _____ (Farbar) C:\Users\Calvin\Downloads\FRST64.exe

2014-01-08 10:42 - 2013-10-30 17:38 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Skype

2014-01-08 10:42 - 2009-07-14 00:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-08 10:41 - 2009-07-13 23:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-08 10:41 - 2009-07-13 23:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-08 10:39 - 2013-10-30 20:24 - 01379334 _____ C:\Windows\WindowsUpdate.log

2014-01-08 10:37 - 2014-01-01 00:48 - 00000084 _____ C:\Windows\system32\kdmgco.tor

2014-01-08 10:36 - 2013-10-30 19:19 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Spotify

2014-01-08 10:36 - 2013-10-30 17:35 - 00000000 ____D C:\Program Files (x86)\Steam

2014-01-08 10:36 - 2013-10-30 17:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-08 10:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-08 10:35 - 2014-01-05 01:00 - 00000840 _____ C:\Windows\setupact.log

2014-01-08 02:52 - 2013-10-30 17:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-08 00:17 - 2013-11-15 15:03 - 00008455 _____ C:\ProgramData\dldt.log

2014-01-07 12:52 - 2014-01-07 12:52 - 00470576 _____ C:\Users\Calvin\Downloads\Java.exe

2014-01-07 11:20 - 2014-01-05 22:59 - 00000000 ____D C:\Users\Calvin\AppData\Local\CrashDumps

2014-01-07 01:19 - 2013-11-20 19:11 - 00000000 ____D C:\Program Files (x86)\Hearthstone

2014-01-06 00:27 - 2013-11-02 10:06 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-01-06 00:18 - 2014-01-06 00:18 - 00000000 ____D C:\Users\Calvin\AppData\Local\Demiurge Studios

2014-01-05 11:50 - 2014-01-05 11:50 - 00057560 _____ C:\Users\Calvin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-05 11:48 - 2014-01-05 11:48 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-05 01:00 - 2014-01-05 01:00 - 00000000 _____ C:\Windows\setuperr.log

2014-01-04 02:00 - 2009-07-14 00:08 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-03 22:17 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\restore

2014-01-03 19:05 - 2014-01-03 19:04 - 00013806 _____ C:\Users\Calvin\Desktop\dds.txt

2014-01-03 19:05 - 2014-01-03 19:04 - 00009058 _____ C:\Users\Calvin\Desktop\attach.txt

2014-01-03 19:03 - 2014-01-03 19:03 - 00688992 ____R (Swearware) C:\Users\Calvin\Downloads\dds.scr

2014-01-03 13:53 - 2013-10-30 17:31 - 00000000 ____D C:\Users\Calvin

2014-01-03 01:32 - 2014-01-03 01:31 - 96252688 _____ (Microsoft Corporation) C:\Users\Calvin\Downloads\msert.exe

2014-01-03 01:22 - 2013-12-01 23:29 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\uTorrent

2014-01-03 00:19 - 2014-01-03 00:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calvin\Downloads\mbam-setup-1.75.0.1300 (1).exe

2014-01-03 00:19 - 2014-01-01 23:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-03 00:19 - 2014-01-01 23:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-03 00:10 - 2014-01-02 10:33 - 00000000 ____D C:\ProgramData\Norton

2014-01-02 20:11 - 2014-01-02 20:11 - 01000512 _____ (Scandium Security Inc.) C:\Users\Calvin\Downloads\UnThreatFreeSetup.exe

2014-01-02 16:53 - 2013-10-30 19:22 - 00000000 ____D C:\Users\Calvin\AppData\Local\Spotify

2014-01-02 04:25 - 2013-10-30 18:36 - 00000000 ____D C:\ProgramData\MFAData

2014-01-02 02:19 - 2014-01-02 02:16 - 211811872 ____N (Symantec Corporation) C:\Users\Calvin\Downloads\N360-TW-21.1.0-EN-US.exe

2014-01-02 02:11 - 2013-10-30 21:19 - 00000000 ____D C:\Windows\Panther

2014-01-02 02:10 - 2014-01-02 02:10 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-01-02 02:10 - 2014-01-02 02:10 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

2014-01-02 02:10 - 2014-01-02 02:10 - 00000000 ____D C:\Program Files\CCleaner

2014-01-02 00:09 - 2013-12-01 23:33 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Search Protection

2014-01-01 23:23 - 2014-01-01 23:23 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Malwarebytes

2014-01-01 23:23 - 2014-01-01 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-01 23:22 - 2014-01-01 23:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calvin\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-01 19:06 - 2013-10-30 18:39 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2014-01-01 18:27 - 2014-01-01 18:27 - 04645232 _____ (Piriform Ltd) C:\Users\Calvin\Downloads\ccsetup409.exe

2014-01-01 18:27 - 2014-01-01 18:26 - 04436944 _____ (AVG Technologies) C:\Users\Calvin\Downloads\avg_free_stb_all_2014_4259_cnet.exe

2014-01-01 18:05 - 2014-01-01 18:05 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1388617550

2014-01-01 18:04 - 2014-01-01 18:04 - 00000000 ____D C:\ProgramData\AVAST Software

2014-01-01 18:04 - 2014-01-01 18:02 - 91412976 _____ (AVAST Software) C:\Users\Calvin\Downloads\avast_free_antivirus_setup.exe

2014-01-01 00:58 - 2014-01-01 00:58 - 00037376 _____ C:\Windows\system32\pfqlej.rfw

2014-01-01 00:58 - 2014-01-01 00:47 - 00000100 _____ C:\Windows\system32\naqtnxr.mfv

2014-01-01 00:47 - 2014-01-01 00:47 - 00000064 _____ C:\Windows\system32\wqcteqc.iax

2014-01-01 00:32 - 2014-01-01 00:32 - 00219314 ____S C:\Windows\system32\bfdaacd.gwg

2014-01-01 00:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep

2013-12-19 22:01 - 2013-11-20 19:09 - 00000000 ____D C:\Program Files (x86)\Battle.net

2013-12-18 22:00 - 2013-11-20 19:09 - 00000000 ____D C:\Users\Calvin\AppData\Roaming\Battle.net

2013-12-16 10:32 - 2013-10-30 17:31 - 00000000 ____D C:\Users\Calvin\AppData\Local\VirtualStore

2013-12-09 19:27 - 2013-12-09 19:27 - 01455528 _____ C:\Users\Calvin\Downloads\SystemCheck_enUS (1).exe

2013-12-09 11:45 - 2013-10-30 17:34 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-09 11:45 - 2013-10-30 17:34 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 284D618A0A612E3645BA4883AC2188BF

 

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-12-30 21:43

 

==================== End Of Log ============================

Link to post
Share on other sites

http://screen317.spy...curityCheck.exe

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader XI  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

Addition.txt

Link to post
Share on other sites

Farbar Recovery Scan Tool (x64) Version: 08-01-2014

Ran by Calvin at 2014-01-08 12:05:49

Running from C:\Users\Calvin\Downloads

Boot Mode: Normal

 

================== Search: "rpcss.dll" ===================

 

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

 

C:\Windows\System32\rpcss.dll

[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 284D618A0A612E3645BA4883AC2188BF

 

====== End Of Search ======

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, let me know if any improvement...

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.08.01

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Calvin :: CALVIN-PC [administrator]

 

Protection: Enabled

 

1/8/2014 12:34:42 PM

mbam-log-2014-01-08 (12-34-42).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 313092

Time elapsed: 30 minute(s), 19 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\FRST\Quarantine\Java.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014 01

Ran by Calvin at 2014-01-08 13:46:18 Run:2

Running from C:\Users\Calvin\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

MountPoints2: {80ff7b45-41c0-11e3-b5b1-806e6f6e6963} - D:\setup.exe

MountPoints2: {8ece9fad-41ca-11e3-9cb6-806e6f6e6963} - D:\autoRcd.exe

2014-01-01 00:58 - 2014-01-01 00:58 - 00037376 _____ C:\Windows\system32\pfqlej.rfw

2014-01-01 00:48 - 2014-01-08 10:37 - 00000084 _____ C:\Windows\system32\kdmgco.tor

2014-01-01 00:47 - 2014-01-01 00:58 - 00000100 _____ C:\Windows\system32\naqtnxr.mfv

2014-01-01 00:47 - 2014-01-01 00:47 - 00000064 _____ C:\Windows\system32\wqcteqc.iax

2014-01-01 00:32 - 2014-01-01 00:32 - 00219314 ____S C:\Windows\system32\bfdaacd.gwg

Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll

End

 

 

 

*****************

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80ff7b45-41c0-11e3-b5b1-806e6f6e6963} => Key not found.

HKCR\CLSID\{80ff7b45-41c0-11e3-b5b1-806e6f6e6963} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ece9fad-41ca-11e3-9cb6-806e6f6e6963} => Key not found.

HKCR\CLSID\{8ece9fad-41ca-11e3-9cb6-806e6f6e6963} => Key not found.

"C:\Windows\system32\pfqlej.rfw" => File/Directory not found.

"C:\Windows\system32\kdmgco.tor" => File/Directory not found.

"C:\Windows\system32\naqtnxr.mfv" => File/Directory not found.

"C:\Windows\system32\wqcteqc.iax" => File/Directory not found.

"C:\Windows\system32\bfdaacd.gwg" => File/Directory not found.

C:\Windows\System32\rpcss.dll => Moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.