Jump to content

Svchost


Recommended Posts

Hello SirNoor and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Link to post
Share on other sites

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Jack (administrator) on JACK-PC on 29-03-2014 03:26:29
Running from C:\Users\Jack\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Mozilla Corporation) c:\program files (x86)\mozilla firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-1181749932-3669437145-200922816-1001\...\Run: [EagleGet] - C:\Program Files (x86)\EagleGet\Eagleget.exe [1239552 2014-01-30] (EagleGet.com)
HKU\S-1-5-21-1181749932-3669437145-200922816-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB72D3812A30ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EGet Class - {824F251E-D74A-4d56-B998-CA05CF369A13} - C:\Program Files (x86)\EagleGet\eagleSniffer.dll (EagleGet.com)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 5.45.75.36 5.45.75.11

FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: eagleget.com/EagleGet - C:\Program Files (x86)\EagleGet\npEagleget.dll (www.eagleget.com)
FF Plugin HKCU: egtcps.com/captures - C:\Program Files (x86)\EagleGet\captures.dll (www.eagleget.com)
FF SearchPlugin: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\searchplugins\safesearch.xml
FF Extension: FT DeepDark - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-26]
FF Extension: EagleGet - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\eagleget_ffext@eagleget.com.xpi [2014-02-02]
FF Extension: NASA Night Launch - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\nasanightlaunch@example.com.xpi [2014-02-26]
FF Extension: Adblock Plus - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-05]
FF Extension: Adblock Edge - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-23]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.eg
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-27]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27]
CHR Extension: (Norton Identity Protection) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-27]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-20]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2014-01-30] (Zemana Ltd.)
S3 BdApiUtil; No ImagePath
S3 BdCameraProtect; No ImagePath
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.)
S3 BprotectEx; No ImagePath
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-15] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-29] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.017\ENG64.SYS [126040 2014-02-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.017\EX64.SYS [2099288 2014-02-22] (Symantec Corporation)
S3 PCFApiUtil; No ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-15] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)
S3 X6va016; No ImagePath
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
R3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 03:26 - 2014-03-29 03:26 - 00013114 _____ () C:\Users\Jack\Desktop\FRST.txt
2014-03-29 03:26 - 2014-03-29 03:26 - 00000000 ____D () C:\FRST
2014-03-29 03:25 - 2014-03-13 05:38 - 02157056 _____ (Farbar) C:\Users\Jack\Desktop\FRST64.exe
2014-03-28 00:55 - 2014-03-29 01:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 00:53 - 2014-03-28 00:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 00:53 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 01:10 - 2014-03-27 01:10 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-27 01:02 - 2014-03-29 03:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 01:02 - 2014-03-29 01:13 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 01:02 - 2014-03-28 01:08 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 01:02 - 2014-03-28 01:08 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 01:02 - 2014-03-27 01:10 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google
2014-03-27 01:02 - 2014-03-27 01:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-25 12:48 - 2014-03-25 12:48 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 01:31 - 2014-03-18 02:33 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Comodo
2014-03-18 01:31 - 2014-03-18 02:33 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-03-18 01:31 - 2014-03-18 01:31 - 00000000 ____D () C:\Users\Jack\AppData\Local\Comodo
2014-03-13 04:11 - 2014-03-13 04:11 - 00000000 ____D () C:\ProgramData\Fighters
2014-03-13 04:11 - 2014-03-13 04:11 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite
2014-03-10 12:38 - 2014-03-10 12:40 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-03-07 07:52 - 2014-03-07 07:52 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-03-07 07:35 - 2014-03-28 22:32 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-03-07 07:35 - 2014-03-28 22:32 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-03-07 07:35 - 2014-03-07 07:35 - 00002968 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-03-07 07:35 - 2014-03-07 07:35 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-03-07 07:35 - 2014-03-07 07:35 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\GlarySoft
2014-03-07 07:35 - 2014-02-26 07:39 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-03-05 20:15 - 2014-03-05 20:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-05 20:14 - 2014-03-05 20:14 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-03-04 09:29 - 2014-03-04 09:29 - 00003068 _____ () C:\Windows\System32\Tasks\{636B20D3-E567-4E2A-97DC-16A0B36504FD}
2014-03-04 09:28 - 2014-03-04 09:28 - 00003068 _____ () C:\Windows\System32\Tasks\{30E5F8E4-3C7B-44E8-9391-EA6B49FB2869}
2014-03-02 12:20 - 2014-03-02 12:20 - 00055479 _____ () C:\ProgramData\1393755592.bdinstall.bin
2014-03-02 10:00 - 2014-03-02 10:00 - 00001064 _____ () C:\Users\Jack\Documents\checkup.txt
2014-03-02 09:04 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-28 05:18 - 2014-02-28 05:18 - 00055172 _____ () C:\ProgramData\1393556556.bdinstall.bin
2014-02-28 01:15 - 2014-02-28 02:21 - 00000024 _____ () C:\Users\Jack\random.dat
2014-02-28 01:15 - 2014-02-28 01:15 - 00000043 _____ () C:\Users\Jack\jagex_cl_runescape_LIVE.dat
2014-02-27 23:45 - 2014-02-27 23:45 - 00000000 ____D () C:\Users\Jack\AppData\Local\Skype
2014-02-27 23:44 - 2014-02-27 23:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-27 23:44 - 2014-02-27 23:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-27 01:28 - 2014-02-27 01:28 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\ReviverSoft
2014-02-27 01:28 - 2014-02-27 01:28 - 00000000 ____D () C:\Program Files\ReviverSoft

==================== One Month Modified Files and Folders =======

2014-03-29 03:26 - 2014-03-29 03:26 - 00013114 _____ () C:\Users\Jack\Desktop\FRST.txt
2014-03-29 03:26 - 2014-03-29 03:26 - 00000000 ____D () C:\FRST
2014-03-29 03:19 - 2014-01-06 09:33 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Skype
2014-03-29 03:13 - 2014-03-27 01:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 01:14 - 2014-03-28 00:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 01:13 - 2014-03-27 01:02 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 22:36 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 22:36 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 22:32 - 2014-03-07 07:35 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-03-28 22:32 - 2014-03-07 07:35 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-03-28 22:31 - 2014-01-05 22:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 22:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 22:31 - 2009-07-14 06:51 - 00033657 _____ () C:\Windows\setupact.log
2014-03-28 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-28 14:09 - 2014-01-10 13:32 - 00000000 ____D () C:\Users\Jack\Documents\Cross Fire
2014-03-28 01:08 - 2014-03-27 01:02 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 01:08 - 2014-03-27 01:02 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 00:53 - 2014-03-28 00:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 00:53 - 2014-02-11 07:19 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 00:53 - 2014-01-05 23:28 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Malwarebytes
2014-03-28 00:53 - 2014-01-05 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 00:39 - 2014-01-05 22:29 - 00687352 _____ () C:\Windows\PFRO.log
2014-03-27 04:03 - 2014-01-06 11:38 - 00000000 ____D () C:\Users\Jack\AppData\Local\CrashDumps
2014-03-27 01:10 - 2014-03-27 01:10 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-27 01:10 - 2014-03-27 01:02 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google
2014-03-27 01:09 - 2014-03-27 01:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-25 12:48 - 2014-03-25 12:48 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-25 12:46 - 2014-01-05 22:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-25 12:46 - 2014-01-05 22:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-25 12:43 - 2014-02-15 03:24 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-03-25 12:43 - 2014-02-15 03:24 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-25 12:43 - 2014-02-15 03:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-03-25 12:42 - 2009-07-14 07:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-20 22:01 - 2014-01-05 21:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 02:33 - 2014-03-18 01:31 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Comodo
2014-03-18 02:33 - 2014-03-18 01:31 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-03-18 01:31 - 2014-03-18 01:31 - 00000000 ____D () C:\Users\Jack\AppData\Local\Comodo
2014-03-14 03:26 - 2014-01-10 13:32 - 00000000 ____D () C:\CFLog
2014-03-13 09:06 - 2014-01-06 07:45 - 00000000 ____D () C:\Users\Jack\AppData\Local\VirtualStore
2014-03-13 05:38 - 2014-03-29 03:25 - 02157056 _____ (Farbar) C:\Users\Jack\Desktop\FRST64.exe
2014-03-13 04:11 - 2014-03-13 04:11 - 00000000 ____D () C:\ProgramData\Fighters
2014-03-13 04:11 - 2014-03-13 04:11 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite
2014-03-11 01:22 - 2014-01-10 12:47 - 00000000 ____D () C:\Program Files (x86)\Z8Games
2014-03-10 12:40 - 2014-03-10 12:38 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-03-07 07:52 - 2014-03-07 07:52 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-03-07 07:35 - 2014-03-07 07:35 - 00002968 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-03-07 07:35 - 2014-03-07 07:35 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-03-07 07:35 - 2014-03-07 07:35 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\GlarySoft
2014-03-06 05:19 - 2014-02-14 10:05 - 00000000 ____D () C:\Program Files (x86)\JoWooD
2014-03-05 20:15 - 2014-03-05 20:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-05 20:14 - 2014-03-05 20:14 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-03-05 09:26 - 2014-03-28 00:53 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-02 09:04 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-02-11 07:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 09:29 - 2014-03-04 09:29 - 00003068 _____ () C:\Windows\System32\Tasks\{636B20D3-E567-4E2A-97DC-16A0B36504FD}
2014-03-04 09:28 - 2014-03-04 09:28 - 00003068 _____ () C:\Windows\System32\Tasks\{30E5F8E4-3C7B-44E8-9391-EA6B49FB2869}
2014-03-02 12:20 - 2014-03-02 12:20 - 00055479 _____ () C:\ProgramData\1393755592.bdinstall.bin
2014-03-02 11:19 - 2014-01-17 07:19 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-02 10:00 - 2014-03-02 10:00 - 00001064 _____ () C:\Users\Jack\Documents\checkup.txt
2014-03-02 09:15 - 2014-02-09 03:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-28 05:18 - 2014-02-28 05:18 - 00055172 _____ () C:\ProgramData\1393556556.bdinstall.bin
2014-02-28 02:21 - 2014-02-28 01:15 - 00000024 _____ () C:\Users\Jack\random.dat
2014-02-28 01:15 - 2014-02-28 01:15 - 00000043 _____ () C:\Users\Jack\jagex_cl_runescape_LIVE.dat
2014-02-28 01:15 - 2014-01-06 07:45 - 00000000 ____D () C:\Users\Jack
2014-02-27 23:45 - 2014-02-27 23:45 - 00000000 ____D () C:\Users\Jack\AppData\Local\Skype
2014-02-27 23:44 - 2014-02-27 23:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-27 23:44 - 2014-02-27 23:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-27 23:44 - 2014-01-06 09:33 - 00000000 ____D () C:\ProgramData\Skype
2014-02-27 01:28 - 2014-02-27 01:28 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\ReviverSoft
2014-02-27 01:28 - 2014-02-27 01:28 - 00000000 ____D () C:\Program Files\ReviverSoft

Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll
C:\ProgramData\SLSTPSMCN.DAT
C:\Users\Jack\jagex_cl_runescape_LIVE.dat
C:\Users\Jack\random.dat


Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\HitmanPro.exe
C:\Users\Jack\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_22919.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 05:18

==================== End Of Log ============================

Link to post
Share on other sites

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Jack at 2014-03-29 03:27:13
Running from C:\Users\Jack\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AntiLogger (HKLM-x32\...\AntiLogger) (Version:  - Zemana Ltd.)
AntiLogger (x32 Version: 1.9.3.514 - Zemana Ltd.) Hidden
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Blackguards (HKLM-x32\...\Blackguards_is1) (Version: 1.1 - Daedalic Entertainment GmbH)
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version:  - Z8Games.com)
Cross Fire ES (HKLM-x32\...\Cross Fire ES_is1) (Version:  - Z8Games.com)
EagleGet version 1.1.7.8 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 1.1.7.8 - EagleGet)
Glary Utilities 4.7 (HKLM-x32\...\Glary Utilities 4) (Version: 4.7.0.96 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Mega Codec Pack 10.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Lavasoft Registry Tuner (HKLM\...\{02A54189-0AE7-4752-8A90-8551D0AD1FE5}) (Version: 2.0.1 - Lavasoft)
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Neighbours From Hell 2 (HKLM-x32\...\{43A44FC2-FC81-444F-B847-D93F535B7208}) (Version: 1.0 - JoWooD Studio Vienna)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5936 - NVIDIA Corporation)
Pro Evolution Soccer 2013 (HKLM-x32\...\{B65907CB-A08B-416F-BBA8-1A98D27FE015}_is1) (Version:  - ComMiX)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D3F3BF4-FE93-4C3B-8511-0567D25CABF5} - System32\Tasks\Lavasoft Registry Tuner => C:\Program Files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2013-06-11] (Lavasoft)
Task: {0F96505E-A83F-475E-A98F-5C5CAB4E7192} - System32\Tasks\{636B20D3-E567-4E2A-97DC-16A0B36504FD} => C:\Users\Jack\Documents\EagleGet Downloads\Red.Alert.2.YuRi\Red.Alert.2.YuRi\Red.Alert.2.YuRi\setup.exe
Task: {7DD2BA0E-58A8-424E-AE06-60AD014D2F68} - System32\Tasks\{30E5F8E4-3C7B-44E8-9391-EA6B49FB2869} => C:\Users\Jack\Documents\EagleGet Downloads\Red.Alert.2.YuRi\Red.Alert.2.YuRi\Red.Alert.2.YuRi\setup.exe
Task: {8140B58D-61D1-4A81-9FFD-3B11D8771509} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {88E158A3-D067-4FE7-9559-FA3B21DCF330} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A206881C-7726-4BCD-B11B-F6DE0543C3B0} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-02-28] (Glarysoft Ltd)
Task: {C4C444D7-95DB-45E1-B61B-C906943A9F3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {E8BC1F33-8F62-455A-BB82-743532BEC8C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {F652F8B9-6FF2-4292-BCB1-D65DBA815335} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {F9FCD7D9-B1B0-4321-B04F-F40CB8AECAB1} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-02-27] (Glarysoft Ltd)
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Lavasoft Registry Tuner.job => C:\Program Files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe

==================== Loaded Modules (whitelisted) =============

2014-02-02 22:57 - 2014-01-30 02:24 - 00219648 _____ () C:\Program Files (x86)\EagleGet\CrashRpt.dll
2014-02-02 22:57 - 2014-01-30 02:24 - 00659456 _____ () C:\Program Files (x86)\EagleGet\util.dll
2014-02-02 22:57 - 2012-12-26 00:58 - 00053760 _____ () C:\Program Files (x86)\EagleGet\zlib.dll
2014-02-02 22:57 - 2014-01-30 02:24 - 00787968 _____ () C:\Program Files (x86)\EagleGet\ssl.dll
2014-03-20 14:40 - 2014-03-20 14:40 - 03642480 _____ () c:\program files (x86)\mozilla firefox\mozjs.dll
2014-03-25 12:46 - 2014-03-25 12:46 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2014 02:21:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (03/28/2014 02:21:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (03/28/2014 02:21:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (03/28/2014 00:53:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0xee0
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (03/27/2014 04:03:39 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e
Faulting module name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e
Exception code: 0x40000015
Fault offset: 0x00ab5b0e
Faulting process id: 0xc4
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (03/27/2014 04:03:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0fafafa
Fault offset: 0x00000000
Faulting process id: 0xc4
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (03/26/2014 03:07:04 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0fafafa
Fault offset: 0x00000000
Faulting process id: 0x660
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (03/25/2014 01:51:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0fafafa
Fault offset: 0x00000000
Faulting process id: 0xc34
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (03/23/2014 04:08:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0fafafa
Fault offset: 0x00000000
Faulting process id: 0x34c
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (03/22/2014 03:33:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0fafafa
Fault offset: 0x00000000
Faulting process id: 0x698
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3


System errors:
=============
Error: (03/29/2014 03:08:32 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/28/2014 10:31:25 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:28:37 PM on ‎3/‎28/‎2014 was unexpected.

Error: (03/28/2014 00:58:05 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/28/2014 00:54:27 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/27/2014 01:02:44 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/25/2014 11:15:48 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/25/2014 10:26:18 PM) (Source: DCOM) (User: )
Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/25/2014 02:21:37 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/24/2014 09:54:14 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/23/2014 02:03:44 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (03/28/2014 02:21:47 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\Users\Jack\documents\eagleget downloads\esetsmartinstaller_enu.exe

Error: (03/28/2014 02:21:43 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\Users\Jack\documents\eagleget downloads\esetsmartinstaller_enu.exe

Error: (03/28/2014 02:21:37 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\Users\Jack\documents\eagleget downloads\esetsmartinstaller_enu.exe

Error: (03/28/2014 00:53:55 AM) (Source: Application Error)(User: )
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28aee001cf4a0f692c5d07C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeac2156ce-b602-11e3-8c00-001d92eb7dd1

Error: (03/27/2014 04:03:39 AM) (Source: Application Error)(User: )
Description: Skype.exe6.14.0.10452f90e3eSkype.exe6.14.0.10452f90e3e4000001500ab5b0ec401cf4943d1c59340C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe02e29e13-b554-11e3-b339-001d92eb7dd1

Error: (03/27/2014 04:03:29 AM) (Source: Application Error)(User: )
Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa00000000c401cf4943d1c59340C:\Program Files (x86)\Skype\Phone\Skype.exeunknownfd66a14c-b553-11e3-b339-001d92eb7dd1

Error: (03/26/2014 03:07:04 AM) (Source: Application Error)(User: )
Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa0000000066001cf4881e33d9c14C:\Program Files (x86)\Skype\Phone\Skype.exeunknownf0ed0682-b482-11e3-925e-001d92eb7dd1

Error: (03/25/2014 01:51:54 AM) (Source: Application Error)(User: )
Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa00000000c3401cf47bbad611b34C:\Program Files (x86)\Skype\Phone\Skype.exeunknown46aae360-b3af-11e3-8e2e-001d92eb7dd1

Error: (03/23/2014 04:08:28 AM) (Source: Application Error)(User: )
Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa0000000034c01cf462532a03ec1C:\Program Files (x86)\Skype\Phone\Skype.exeunknown0584d0dc-b230-11e3-a341-001d92eb7dd1

Error: (03/22/2014 03:33:54 AM) (Source: Application Error)(User: )
Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa0000000069801cf456e9b674179C:\Program Files (x86)\Skype\Phone\Skype.exeunknown0741efb1-b162-11e3-80a1-001d92eb7dd1


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 2047.3 MB
Available physical RAM: 492.57 MB
Total Pagefile: 4094.61 MB
Available Pagefile: 2044.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:34.64 GB) (Free:3.5 GB) NTFS
Drive d: () (Fixed) (Total:198.14 GB) (Free:155.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: EF46989F)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Step 1

Please uninstall this program: Lavasoft Registry Tuner

Step 2

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites

Good!

Once again, please don't attach your log files. Every log file should be copy/pasted directly in your reply.

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

Adwcleaner

 

# AdwCleaner v3.022 - Report created 31/03/2014 at 01:35:19
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Jack - JACK-PC
# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Jack\AppData\Local\Temp\hotspot shield

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [934 octets] - [31/03/2014 01:25:37]
AdwCleaner[s0].txt - [864 octets] - [31/03/2014 01:35:19]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [923 octets] ##########

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by Jack on Mon 03/31/2014 at  1:09:12.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\fbapx5q4.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\fbapx5q4.default\searchplugins\safesearch.xml
Emptied folder: C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\fbapx5q4.default\minidumps [85 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/31/2014 at  1:25:02.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.