SirNoor Posted March 28, 2014 ID:809484 Share Posted March 28, 2014 Help please and with Mbam on i cant use the internet i have to exclude the website or disable malicous website protection to use it Link to post Share on other sites More sharing options...
SirNoor Posted March 28, 2014 Author ID:809488 Share Posted March 28, 2014 And thisMbam.txt Link to post Share on other sites More sharing options...
Maniac Posted March 28, 2014 ID:809791 Share Posted March 28, 2014 Hello SirNoor and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.Press Scan button.It will produce a log called FRST.txt in the same directory the tool is run from.Please copy and paste log back here.The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. Link to post Share on other sites More sharing options...
SirNoor Posted March 29, 2014 Author ID:810027 Share Posted March 29, 2014 FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Jack (administrator) on JACK-PC on 29-03-2014 03:26:29Running from C:\Users\Jack\DesktopWindows 7 Ultimate (X64) OS Language: English(US)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Mozilla Corporation) c:\program files (x86)\mozilla firefox\firefox.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe==================== Registry (Whitelisted) ==================HKU\S-1-5-21-1181749932-3669437145-200922816-1001\...\Run: [EagleGet] - C:\Program Files (x86)\EagleGet\Eagleget.exe [1239552 2014-01-30] (EagleGet.com)HKU\S-1-5-21-1181749932-3669437145-200922816-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB72D3812A30ACF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: EGet Class - {824F251E-D74A-4d56-B998-CA05CF369A13} - C:\Program Files (x86)\EagleGet\eagleSniffer.dll (EagleGet.com)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 5.45.75.36 5.45.75.11FireFox:========FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.defaultFF Homepage: about:homeFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: eagleget.com/EagleGet - C:\Program Files (x86)\EagleGet\npEagleget.dll (www.eagleget.com)FF Plugin HKCU: egtcps.com/captures - C:\Program Files (x86)\EagleGet\captures.dll (www.eagleget.com)FF SearchPlugin: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\searchplugins\safesearch.xmlFF Extension: FT DeepDark - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-26]FF Extension: EagleGet - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\eagleget_ffext@eagleget.com.xpi [2014-02-02]FF Extension: NASA Night Launch - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\nasanightlaunch@example.com.xpi [2014-02-26]FF Extension: Adblock Plus - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-05]FF Extension: Adblock Edge - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-30]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ []FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-23]Chrome:=======CHR DefaultSearchKeyword: google.com.egCHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-27]CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27]CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27]CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27]CHR Extension: (Norton Identity Protection) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-27]CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-27]CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-20]==================== Services (Whitelisted) =================R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)==================== Drivers (Whitelisted) ====================R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2014-01-30] (Zemana Ltd.)S3 BdApiUtil; No ImagePathS3 BdCameraProtect; No ImagePathR1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.)R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.)R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.)S3 BprotectEx; No ImagePathR1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-22] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-15] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-29] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.017\ENG64.SYS [126040 2014-02-22] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140328.017\EX64.SYS [2099288 2014-02-22] (Symantec Corporation)S3 PCFApiUtil; No ImagePathR1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-15] (Symantec Corporation)R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)S3 X6va016; No ImagePathS0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]R3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-03-29 03:26 - 2014-03-29 03:26 - 00013114 _____ () C:\Users\Jack\Desktop\FRST.txt2014-03-29 03:26 - 2014-03-29 03:26 - 00000000 ____D () C:\FRST2014-03-29 03:25 - 2014-03-13 05:38 - 02157056 _____ (Farbar) C:\Users\Jack\Desktop\FRST64.exe2014-03-28 00:55 - 2014-03-29 01:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-03-28 00:53 - 2014-03-28 00:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-03-28 00:53 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-03-27 01:10 - 2014-03-27 01:10 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-27 01:02 - 2014-03-29 03:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-27 01:02 - 2014-03-29 01:13 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-27 01:02 - 2014-03-28 01:08 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-27 01:02 - 2014-03-28 01:08 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-27 01:02 - 2014-03-27 01:10 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google2014-03-27 01:02 - 2014-03-27 01:09 - 00000000 ____D () C:\Program Files (x86)\Google2014-03-25 12:48 - 2014-03-25 12:48 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-03-18 01:31 - 2014-03-18 02:33 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Comodo2014-03-18 01:31 - 2014-03-18 02:33 - 00000000 ____D () C:\Program Files (x86)\Comodo2014-03-18 01:31 - 2014-03-18 01:31 - 00000000 ____D () C:\Users\Jack\AppData\Local\Comodo2014-03-13 04:11 - 2014-03-13 04:11 - 00000000 ____D () C:\ProgramData\Fighters2014-03-13 04:11 - 2014-03-13 04:11 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite2014-03-10 12:38 - 2014-03-10 12:40 - 00000000 ____D () C:\ProgramData\PopCap Games2014-03-07 07:52 - 2014-03-07 07:52 - 00000000 ____D () C:\ProgramData\GlarySoft2014-03-07 07:35 - 2014-03-28 22:32 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 4.job2014-03-07 07:35 - 2014-03-28 22:32 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 42014-03-07 07:35 - 2014-03-07 07:35 - 00002968 _____ () C:\Windows\System32\Tasks\GU4SkipUAC2014-03-07 07:35 - 2014-03-07 07:35 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 42014-03-07 07:35 - 2014-03-07 07:35 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\GlarySoft2014-03-07 07:35 - 2014-02-26 07:39 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2014-03-05 20:15 - 2014-03-05 20:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office2014-03-05 20:14 - 2014-03-05 20:14 - 00000000 ____D () C:\Program Files (x86)\MSECache2014-03-04 09:29 - 2014-03-04 09:29 - 00003068 _____ () C:\Windows\System32\Tasks\{636B20D3-E567-4E2A-97DC-16A0B36504FD}2014-03-04 09:28 - 2014-03-04 09:28 - 00003068 _____ () C:\Windows\System32\Tasks\{30E5F8E4-3C7B-44E8-9391-EA6B49FB2869}2014-03-02 12:20 - 2014-03-02 12:20 - 00055479 _____ () C:\ProgramData\1393755592.bdinstall.bin2014-03-02 10:00 - 2014-03-02 10:00 - 00001064 _____ () C:\Users\Jack\Documents\checkup.txt2014-03-02 09:04 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-28 05:18 - 2014-02-28 05:18 - 00055172 _____ () C:\ProgramData\1393556556.bdinstall.bin2014-02-28 01:15 - 2014-02-28 02:21 - 00000024 _____ () C:\Users\Jack\random.dat2014-02-28 01:15 - 2014-02-28 01:15 - 00000043 _____ () C:\Users\Jack\jagex_cl_runescape_LIVE.dat2014-02-27 23:45 - 2014-02-27 23:45 - 00000000 ____D () C:\Users\Jack\AppData\Local\Skype2014-02-27 23:44 - 2014-02-27 23:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-02-27 23:44 - 2014-02-27 23:44 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-02-27 01:28 - 2014-02-27 01:28 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\ReviverSoft2014-02-27 01:28 - 2014-02-27 01:28 - 00000000 ____D () C:\Program Files\ReviverSoft==================== One Month Modified Files and Folders =======2014-03-29 03:26 - 2014-03-29 03:26 - 00013114 _____ () C:\Users\Jack\Desktop\FRST.txt2014-03-29 03:26 - 2014-03-29 03:26 - 00000000 ____D () C:\FRST2014-03-29 03:19 - 2014-01-06 09:33 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Skype2014-03-29 03:13 - 2014-03-27 01:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-29 01:14 - 2014-03-28 00:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-03-29 01:13 - 2014-03-27 01:02 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-28 22:36 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-03-28 22:36 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-03-28 22:32 - 2014-03-07 07:35 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 4.job2014-03-28 22:32 - 2014-03-07 07:35 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 42014-03-28 22:31 - 2014-01-05 22:12 - 00000000 ____D () C:\ProgramData\NVIDIA2014-03-28 22:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-28 22:31 - 2009-07-14 06:51 - 00033657 _____ () C:\Windows\setupact.log2014-03-28 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF2014-03-28 14:09 - 2014-01-10 13:32 - 00000000 ____D () C:\Users\Jack\Documents\Cross Fire2014-03-28 01:08 - 2014-03-27 01:02 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-28 01:08 - 2014-03-27 01:02 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-28 00:53 - 2014-03-28 00:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-03-28 00:53 - 2014-02-11 07:19 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-28 00:53 - 2014-01-05 23:28 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Malwarebytes2014-03-28 00:53 - 2014-01-05 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-28 00:39 - 2014-01-05 22:29 - 00687352 _____ () C:\Windows\PFRO.log2014-03-27 04:03 - 2014-01-06 11:38 - 00000000 ____D () C:\Users\Jack\AppData\Local\CrashDumps2014-03-27 01:10 - 2014-03-27 01:10 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-27 01:10 - 2014-03-27 01:02 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google2014-03-27 01:09 - 2014-03-27 01:02 - 00000000 ____D () C:\Program Files (x86)\Google2014-03-25 12:48 - 2014-03-25 12:48 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security2014-03-25 12:46 - 2014-01-05 22:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-25 12:46 - 2014-01-05 22:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-25 12:43 - 2014-02-15 03:24 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2014-03-25 12:43 - 2014-02-15 03:24 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk2014-03-25 12:43 - 2014-02-15 03:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx642014-03-25 12:42 - 2009-07-14 07:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-03-20 22:01 - 2014-01-05 21:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-03-18 02:33 - 2014-03-18 01:31 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Comodo2014-03-18 02:33 - 2014-03-18 01:31 - 00000000 ____D () C:\Program Files (x86)\Comodo2014-03-18 01:31 - 2014-03-18 01:31 - 00000000 ____D () C:\Users\Jack\AppData\Local\Comodo2014-03-14 03:26 - 2014-01-10 13:32 - 00000000 ____D () C:\CFLog2014-03-13 09:06 - 2014-01-06 07:45 - 00000000 ____D () C:\Users\Jack\AppData\Local\VirtualStore2014-03-13 05:38 - 2014-03-29 03:25 - 02157056 _____ (Farbar) C:\Users\Jack\Desktop\FRST64.exe2014-03-13 04:11 - 2014-03-13 04:11 - 00000000 ____D () C:\ProgramData\Fighters2014-03-13 04:11 - 2014-03-13 04:11 - 00000000 ____D () C:\ProgramData\Common Toolkit Suite2014-03-11 01:22 - 2014-01-10 12:47 - 00000000 ____D () C:\Program Files (x86)\Z8Games2014-03-10 12:40 - 2014-03-10 12:38 - 00000000 ____D () C:\ProgramData\PopCap Games2014-03-07 07:52 - 2014-03-07 07:52 - 00000000 ____D () C:\ProgramData\GlarySoft2014-03-07 07:35 - 2014-03-07 07:35 - 00002968 _____ () C:\Windows\System32\Tasks\GU4SkipUAC2014-03-07 07:35 - 2014-03-07 07:35 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 42014-03-07 07:35 - 2014-03-07 07:35 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\GlarySoft2014-03-06 05:19 - 2014-02-14 10:05 - 00000000 ____D () C:\Program Files (x86)\JoWooD2014-03-05 20:15 - 2014-03-05 20:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office2014-03-05 20:14 - 2014-03-05 20:14 - 00000000 ____D () C:\Program Files (x86)\MSECache2014-03-05 09:26 - 2014-03-28 00:53 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-03-05 09:26 - 2014-03-02 09:04 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-03-05 09:26 - 2014-02-11 07:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-04 09:29 - 2014-03-04 09:29 - 00003068 _____ () C:\Windows\System32\Tasks\{636B20D3-E567-4E2A-97DC-16A0B36504FD}2014-03-04 09:28 - 2014-03-04 09:28 - 00003068 _____ () C:\Windows\System32\Tasks\{30E5F8E4-3C7B-44E8-9391-EA6B49FB2869}2014-03-02 12:20 - 2014-03-02 12:20 - 00055479 _____ () C:\ProgramData\1393755592.bdinstall.bin2014-03-02 11:19 - 2014-01-17 07:19 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-03-02 10:00 - 2014-03-02 10:00 - 00001064 _____ () C:\Users\Jack\Documents\checkup.txt2014-03-02 09:15 - 2014-02-09 03:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-28 05:18 - 2014-02-28 05:18 - 00055172 _____ () C:\ProgramData\1393556556.bdinstall.bin2014-02-28 02:21 - 2014-02-28 01:15 - 00000024 _____ () C:\Users\Jack\random.dat2014-02-28 01:15 - 2014-02-28 01:15 - 00000043 _____ () C:\Users\Jack\jagex_cl_runescape_LIVE.dat2014-02-28 01:15 - 2014-01-06 07:45 - 00000000 ____D () C:\Users\Jack2014-02-27 23:45 - 2014-02-27 23:45 - 00000000 ____D () C:\Users\Jack\AppData\Local\Skype2014-02-27 23:44 - 2014-02-27 23:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-02-27 23:44 - 2014-02-27 23:44 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-02-27 23:44 - 2014-01-06 09:33 - 00000000 ____D () C:\ProgramData\Skype2014-02-27 01:28 - 2014-02-27 01:28 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\ReviverSoft2014-02-27 01:28 - 2014-02-27 01:28 - 00000000 ____D () C:\Program Files\ReviverSoftFiles to move or delete:====================C:\ProgramData\FileSplitUpLoad.dllC:\ProgramData\SLSTPSMCN.DATC:\Users\Jack\jagex_cl_runescape_LIVE.datC:\Users\Jack\random.datSome content of TEMP:====================C:\Users\Jack\AppData\Local\Temp\HitmanPro.exeC:\Users\Jack\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_22919.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-03-20 05:18==================== End Of Log ============================ Link to post Share on other sites More sharing options...
SirNoor Posted March 29, 2014 Author ID:810028 Share Posted March 29, 2014 Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by Jack at 2014-03-29 03:27:13Running from C:\Users\Jack\DesktopBoot Mode: Normal============================================================================== Security Center ========================AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}==================== Installed Programs ======================Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)AntiLogger (HKLM-x32\...\AntiLogger) (Version: - Zemana Ltd.)AntiLogger (x32 Version: 1.9.3.514 - Zemana Ltd.) HiddenBitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)Blackguards (HKLM-x32\...\Blackguards_is1) (Version: 1.1 - Daedalic Entertainment GmbH)Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com)Cross Fire ES (HKLM-x32\...\Cross Fire ES_is1) (Version: - Z8Games.com)EagleGet version 1.1.7.8 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 1.1.7.8 - EagleGet)Glary Utilities 4.7 (HKLM-x32\...\Glary Utilities 4) (Version: 4.7.0.96 - Glarysoft Ltd)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenJava 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenK-Lite Mega Codec Pack 10.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )Lavasoft Registry Tuner (HKLM\...\{02A54189-0AE7-4752-8A90-8551D0AD1FE5}) (Version: 2.0.1 - Lavasoft)Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)Neighbours From Hell 2 (HKLM-x32\...\{43A44FC2-FC81-444F-B847-D93F535B7208}) (Version: 1.0 - JoWooD Studio Vienna)Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5936 - NVIDIA Corporation)Pro Evolution Soccer 2013 (HKLM-x32\...\{B65907CB-A08B-416F-BBA8-1A98D27FE015}_is1) (Version: - ComMiX)Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)==================== Restore Points ============================================= Hosts content: ==========================2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============Task: {0D3F3BF4-FE93-4C3B-8511-0567D25CABF5} - System32\Tasks\Lavasoft Registry Tuner => C:\Program Files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2013-06-11] (Lavasoft)Task: {0F96505E-A83F-475E-A98F-5C5CAB4E7192} - System32\Tasks\{636B20D3-E567-4E2A-97DC-16A0B36504FD} => C:\Users\Jack\Documents\EagleGet Downloads\Red.Alert.2.YuRi\Red.Alert.2.YuRi\Red.Alert.2.YuRi\setup.exeTask: {7DD2BA0E-58A8-424E-AE06-60AD014D2F68} - System32\Tasks\{30E5F8E4-3C7B-44E8-9391-EA6B49FB2869} => C:\Users\Jack\Documents\EagleGet Downloads\Red.Alert.2.YuRi\Red.Alert.2.YuRi\Red.Alert.2.YuRi\setup.exeTask: {8140B58D-61D1-4A81-9FFD-3B11D8771509} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {88E158A3-D067-4FE7-9559-FA3B21DCF330} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {A206881C-7726-4BCD-B11B-F6DE0543C3B0} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-02-28] (Glarysoft Ltd)Task: {C4C444D7-95DB-45E1-B61B-C906943A9F3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)Task: {E8BC1F33-8F62-455A-BB82-743532BEC8C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)Task: {F652F8B9-6FF2-4292-BCB1-D65DBA815335} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)Task: {F9FCD7D9-B1B0-4321-B04F-F40CB8AECAB1} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-02-27] (Glarysoft Ltd)Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\Lavasoft Registry Tuner.job => C:\Program Files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe==================== Loaded Modules (whitelisted) =============2014-02-02 22:57 - 2014-01-30 02:24 - 00219648 _____ () C:\Program Files (x86)\EagleGet\CrashRpt.dll2014-02-02 22:57 - 2014-01-30 02:24 - 00659456 _____ () C:\Program Files (x86)\EagleGet\util.dll2014-02-02 22:57 - 2012-12-26 00:58 - 00053760 _____ () C:\Program Files (x86)\EagleGet\zlib.dll2014-02-02 22:57 - 2014-01-30 02:24 - 00787968 _____ () C:\Program Files (x86)\EagleGet\ssl.dll2014-03-20 14:40 - 2014-03-20 14:40 - 03642480 _____ () c:\program files (x86)\mozilla firefox\mozjs.dll2014-03-25 12:46 - 2014-03-25 12:46 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:\ProgramData\TEMP:5C321E34==================== Safe Mode (whitelisted) ======================================= Disabled items from MSCONFIG ================================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (03/28/2014 02:21:47 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.Error: (03/28/2014 02:21:43 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.Error: (03/28/2014 02:21:37 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.Error: (03/28/2014 00:53:55 AM) (Source: Application Error) (User: )Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Exception code: 0x40000015Fault offset: 0x0007d28aFaulting process id: 0xee0Faulting application start time: 0xmbamservice.exe0Faulting application path: mbamservice.exe1Faulting module path: mbamservice.exe2Report Id: mbamservice.exe3Error: (03/27/2014 04:03:39 AM) (Source: Application Error) (User: )Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3eFaulting module name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3eException code: 0x40000015Fault offset: 0x00ab5b0eFaulting process id: 0xc4Faulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3Error: (03/27/2014 04:03:29 AM) (Source: Application Error) (User: )Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xe0fafafaFault offset: 0x00000000Faulting process id: 0xc4Faulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3Error: (03/26/2014 03:07:04 AM) (Source: Application Error) (User: )Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xe0fafafaFault offset: 0x00000000Faulting process id: 0x660Faulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3Error: (03/25/2014 01:51:54 AM) (Source: Application Error) (User: )Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xe0fafafaFault offset: 0x00000000Faulting process id: 0xc34Faulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3Error: (03/23/2014 04:08:28 AM) (Source: Application Error) (User: )Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xe0fafafaFault offset: 0x00000000Faulting process id: 0x34cFaulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3Error: (03/22/2014 03:33:54 AM) (Source: Application Error) (User: )Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xe0fafafaFault offset: 0x00000000Faulting process id: 0x698Faulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3System errors:=============Error: (03/29/2014 03:08:32 AM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Error: (03/28/2014 10:31:25 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 6:28:37 PM on 3/28/2014 was unexpected.Error: (03/28/2014 00:58:05 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Error: (03/28/2014 00:54:27 AM) (Source: Service Control Manager) (User: )Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).Error: (03/27/2014 01:02:44 AM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Error: (03/25/2014 11:15:48 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Error: (03/25/2014 10:26:18 PM) (Source: DCOM) (User: )Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}Error: (03/25/2014 02:21:37 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Error: (03/24/2014 09:54:14 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Error: (03/23/2014 02:03:44 AM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Microsoft Office Sessions:=========================Error: (03/28/2014 02:21:47 AM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\Users\Jack\documents\eagleget downloads\esetsmartinstaller_enu.exeError: (03/28/2014 02:21:43 AM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\Users\Jack\documents\eagleget downloads\esetsmartinstaller_enu.exeError: (03/28/2014 02:21:37 AM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\Users\Jack\documents\eagleget downloads\esetsmartinstaller_enu.exeError: (03/28/2014 00:53:55 AM) (Source: Application Error)(User: )Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28aee001cf4a0f692c5d07C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeac2156ce-b602-11e3-8c00-001d92eb7dd1Error: (03/27/2014 04:03:39 AM) (Source: Application Error)(User: )Description: Skype.exe6.14.0.10452f90e3eSkype.exe6.14.0.10452f90e3e4000001500ab5b0ec401cf4943d1c59340C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe02e29e13-b554-11e3-b339-001d92eb7dd1Error: (03/27/2014 04:03:29 AM) (Source: Application Error)(User: )Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa00000000c401cf4943d1c59340C:\Program Files (x86)\Skype\Phone\Skype.exeunknownfd66a14c-b553-11e3-b339-001d92eb7dd1Error: (03/26/2014 03:07:04 AM) (Source: Application Error)(User: )Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa0000000066001cf4881e33d9c14C:\Program Files (x86)\Skype\Phone\Skype.exeunknownf0ed0682-b482-11e3-925e-001d92eb7dd1Error: (03/25/2014 01:51:54 AM) (Source: Application Error)(User: )Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa00000000c3401cf47bbad611b34C:\Program Files (x86)\Skype\Phone\Skype.exeunknown46aae360-b3af-11e3-8e2e-001d92eb7dd1Error: (03/23/2014 04:08:28 AM) (Source: Application Error)(User: )Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa0000000034c01cf462532a03ec1C:\Program Files (x86)\Skype\Phone\Skype.exeunknown0584d0dc-b230-11e3-a341-001d92eb7dd1Error: (03/22/2014 03:33:54 AM) (Source: Application Error)(User: )Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000e0fafafa0000000069801cf456e9b674179C:\Program Files (x86)\Skype\Phone\Skype.exeunknown0741efb1-b162-11e3-80a1-001d92eb7dd1==================== Memory info ===========================Percentage of memory in use: 75%Total physical RAM: 2047.3 MBAvailable physical RAM: 492.57 MBTotal Pagefile: 4094.61 MBAvailable Pagefile: 2044.04 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB==================== Drives ================================Drive c: () (Fixed) (Total:34.64 GB) (Free:3.5 GB) NTFSDrive d: () (Fixed) (Total:198.14 GB) (Free:155.13 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: EF46989F)Partition: GPT Partition Type.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted March 29, 2014 ID:810226 Share Posted March 29, 2014 Step 1 Please uninstall this program: Lavasoft Registry Tuner Step 2 Please run a Quick Scan with Malwarebytes and post the log: Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Link to post Share on other sites More sharing options...
SirNoor Posted March 29, 2014 Author ID:810400 Share Posted March 29, 2014 I hope that what did u meanMBAM1.txt Link to post Share on other sites More sharing options...
Maniac Posted March 30, 2014 ID:810551 Share Posted March 30, 2014 Good! Once again, please don't attach your log files. Every log file should be copy/pasted directly in your reply. Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner log Link to post Share on other sites More sharing options...
SirNoor Posted March 30, 2014 Author ID:810832 Share Posted March 30, 2014 Adwcleaner # AdwCleaner v3.022 - Report created 31/03/2014 at 01:35:19# Updated 13/03/2014 by Xplode# Operating System : Windows 7 Ultimate (64 bits)# Username : Jack - JACK-PC# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****[!] Folder Deleted : C:\Users\Jack\AppData\Local\Temp\hotspot shield***** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v8.0.7600.16385-\\ Mozilla Firefox v26.0 (en-US)[ File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\fbapx5q4.default\prefs.js ]-\\ Google Chrome v33.0.1750.154[ File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [934 octets] - [31/03/2014 01:25:37]AdwCleaner[s0].txt - [864 octets] - [31/03/2014 01:35:19]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [923 octets] ########## Link to post Share on other sites More sharing options...
SirNoor Posted March 30, 2014 Author ID:810833 Share Posted March 30, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.3 (03.23.2014:1)OS: Windows 7 Ultimate x64Ran by Jack on Mon 03/31/2014 at 1:09:12.70~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry Keys~~~ Files~~~ Folders~~~ FireFoxSuccessfully deleted: [File] C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\fbapx5q4.default\invalidprefs.jsSuccessfully deleted: [File] C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\fbapx5q4.default\searchplugins\safesearch.xmlEmptied folder: C:\Users\Jack\AppData\Roaming\mozilla\firefox\profiles\fbapx5q4.default\minidumps [85 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 03/31/2014 at 1:25:02.98End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Maniac Posted March 31, 2014 ID:811178 Share Posted March 31, 2014 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
SirNoor Posted April 1, 2014 Author ID:811460 Share Posted April 1, 2014 Hello There is no threats it didnt give any report or a file that i can save Link to post Share on other sites More sharing options...
Maniac Posted April 1, 2014 ID:811916 Share Posted April 1, 2014 How are things there now? Link to post Share on other sites More sharing options...
SirNoor Posted April 2, 2014 Author ID:812201 Share Posted April 2, 2014 Still the same Link to post Share on other sites More sharing options...
Maniac Posted April 5, 2014 ID:813816 Share Posted April 5, 2014 Please download the Kaspersky Virus Removal Tool from here to your Desktop. Double-click the Removal Tool. Click the cog in the upper right corner: Select down to and including your main drive. Once done please select the Automatic Scan tab and press Start Scan. Allow AVP to delete all infections found. Once it has finished select the Report tab. Select the Detected threats report from the left and press the Save button. Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
SirNoor Posted April 7, 2014 Author ID:814864 Share Posted April 7, 2014 No infections found couldnt get a report my comp shutdown after it finished scanning Link to post Share on other sites More sharing options...
SirNoor Posted April 9, 2014 Author ID:815815 Share Posted April 9, 2014 and another thing i keep getting Kaspersky Virus Removal Tool install thing every time i open the pc how to stop that i even uninstalled it Link to post Share on other sites More sharing options...
Maniac Posted April 9, 2014 ID:815943 Share Posted April 9, 2014 You are free to manually delete it. Please make sure your Norton is up-to-date and perform a full system scan. Link to post Share on other sites More sharing options...
SirNoor Posted April 9, 2014 Author ID:816165 Share Posted April 9, 2014 How to manually delete it? Link to post Share on other sites More sharing options...
SirNoor Posted April 10, 2014 Author ID:816213 Share Posted April 10, 2014 and did the full system scan No threat found do i need to reinstall a new windows? Link to post Share on other sites More sharing options...
SirNoor Posted April 13, 2014 Author ID:817760 Share Posted April 13, 2014 Any body here? Link to post Share on other sites More sharing options...
Maniac Posted April 14, 2014 ID:818178 Share Posted April 14, 2014 Mark Kaspersky and click on keyboard delete button. http://windows.microsoft.com/en-us/windows/delete-file-folder#1TC=windows-7 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 9, 2014 Root Admin ID:828298 Share Posted May 9, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts