Jump to content

Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt




Please attach this file to your next reply.

Link to post
Share on other sites

hi psychotic ,

thankyou very much for the assistance. at times when im online my monitor screen blinks and sudddenly resolution changes i see all changes or goes blurred like appearance. And again blinks and comes back to normal . before once ive been affect with malwares. ive taken the logs . tdss found nothing.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)

Ran by archer (administrator) on ARCHER-PC on 08-04-2014 21:18:54

Running from C:\Users\archer\Desktop

Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Farbar) C:\Users\archer\Desktop\FRST (1).exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\downloader.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8419872 2010-01-05] (Realtek Semiconductor)

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM\...\Run: [bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1845064 2014-03-25] (Bitdefender)

HKU\.DEFAULT\...\Run: [bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-03-19] (Bitdefender)

HKU\.DEFAULT\...\Run: [bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901096 2014-03-15] (Bitdefender)

HKU\.DEFAULT\...\Run: [bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [614232 2014-03-19] (Bitdefender)

HKU\S-1-5-21-791766065-433915511-1414143919-1000\...\Run: [bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-03-19] (Bitdefender)

HKU\S-1-5-21-791766065-433915511-1414143919-1000\...\Run: [bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901096 2014-03-15] (Bitdefender)

HKU\S-1-5-21-791766065-433915511-1414143919-1000\...\Run: [bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [614232 2014-03-19] (Bitdefender)

Startup: C:\Users\archer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42ABA7D44318CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-in

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?ocid=iehp

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:

=======

CHR HomePage: https://www.google.co.in/

CHR DefaultSearchKeyword: yahoo.com

CHR DefaultSearchProvider: yahoo

CHR Extension: (Google Docs) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-04]

CHR Extension: (Google Drive) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-04]

CHR Extension: (YouTube) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-04]

CHR Extension: (Bitdefender Wallet) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-04-06]

CHR Extension: (Google Search) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-04]

CHR Extension: (Gmail) - C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-04]

CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2014-04-06]

CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-04-06]

========================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-03-15] (Bitdefender)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-03-15] (Bitdefender)

R2 vsserv; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1248712 2014-03-24] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [778032 2013-12-02] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [516936 2013-12-02] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-02-22] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)

R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)

R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-08-07] (BitDefender S.R.L.)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-08 21:18 - 2014-04-08 21:19 - 00009522 _____ () C:\Users\archer\Desktop\FRST.txt

2014-04-08 21:18 - 2014-04-08 21:18 - 00000000 ____D () C:\FRST

2014-04-08 21:10 - 2014-04-08 21:11 - 04118841 _____ () C:\Users\archer\Desktop\tdsskiller.zip

2014-04-08 21:10 - 2014-04-08 21:10 - 01145856 _____ (Farbar) C:\Users\archer\Desktop\FRST (1).exe

2014-04-08 08:11 - 2014-04-08 20:17 - 00000112 _____ () C:\Windows\setupact.log

2014-04-08 08:11 - 2014-04-08 08:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-06 20:56 - 2014-04-06 20:56 - 00971700 _____ () C:\Users\archer\Downloads\Kaspersky Daily Activation Keys 02 April 2014.rar

2014-04-06 20:09 - 2014-04-06 20:09 - 00000406 __RSH () C:\ProgramData\ntuser.pol

2014-04-06 18:14 - 2014-04-06 18:14 - 00000045 _____ () C:\Windows\system32\initdebug.nfo

2014-04-06 16:53 - 2014-04-06 16:53 - 00000385 _____ () C:\Windows\system32\user_gensett.xml

2014-04-06 16:53 - 2014-04-06 16:53 - 00000385 _____ () C:\Users\archer\AppData\Roaminguser_gensett.xml

2014-04-06 16:25 - 2014-04-06 16:25 - 03031488 _____ () C:\ProgramData\1396764607.bdinstall.bin

2014-04-06 14:02 - 2014-04-06 14:02 - 00002067 _____ () C:\Users\Public\Desktop\Bitdefender Total Security.lnk

2014-04-06 14:02 - 2014-04-06 14:02 - 00002019 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk

2014-04-06 14:02 - 2014-04-06 14:02 - 00000308 ____H () C:\bdr-cf01

2014-04-06 14:02 - 2014-04-06 14:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf

2014-04-06 14:02 - 2009-07-14 22:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll

2014-04-06 13:47 - 2012-04-17 13:40 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys

2014-04-06 13:35 - 2014-04-06 13:56 - 04319020 _____ () C:\Users\archer\Downloads\bitdefender_ts_17_32b.exe

2014-04-06 13:34 - 2013-12-02 11:57 - 00516936 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2014-04-06 13:34 - 2013-12-02 11:55 - 00778032 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-04-06 13:34 - 2013-11-04 15:47 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys

2014-04-06 13:34 - 2012-11-02 13:17 - 00242504 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys

2014-04-06 11:55 - 2014-04-06 14:03 - 00000000 ____D () C:\Users\archer\AppData\Roaming\Bitdefender

2014-04-06 11:55 - 2014-04-06 14:02 - 00253404 ____H () C:\bdr-ld01

2014-04-06 11:55 - 2014-04-06 14:02 - 00009216 ____H () C:\bdr-ld01.mbr

2014-04-06 11:55 - 2013-09-24 15:38 - 36728084 ____H () C:\bdr-im01.gz

2014-04-06 11:55 - 2012-08-15 14:28 - 02294848 ____H () C:\bdr-bz01

2014-04-06 11:40 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\Bitdefender

2014-04-06 11:40 - 2013-08-23 12:48 - 00165744 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys

2014-04-06 11:40 - 2013-08-07 12:46 - 00360376 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2014-04-03 21:10 - 2014-04-03 21:10 - 00000000 ____D () C:\Users\archer\AppData\Roaming\PDAppFlex

2014-03-28 18:42 - 2014-03-28 18:42 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk

2014-03-28 18:34 - 2014-04-08 20:39 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-28 18:34 - 2014-04-08 20:17 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-28 18:33 - 2014-03-28 18:33 - 00847824 _____ (Google Inc.) C:\Users\archer\Downloads\GoogleEarthSetup.exe

2014-03-28 17:48 - 2014-04-08 20:20 - 00062796 _____ () C:\Windows\WindowsUpdate.log

2014-03-25 16:33 - 2014-03-25 16:33 - 02347384 _____ (ESET) C:\Users\archer\Downloads\esetsmartinstaller_enu.exe

2014-03-18 10:29 - 2014-03-18 10:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software

2014-03-18 10:29 - 2014-03-18 10:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software

2014-03-12 21:14 - 2014-03-12 21:14 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

==================== One Month Modified Files and Folders =======

2014-04-08 21:19 - 2014-04-08 21:18 - 00009522 _____ () C:\Users\archer\Desktop\FRST.txt

2014-04-08 21:18 - 2014-04-08 21:18 - 00000000 ____D () C:\FRST

2014-04-08 21:11 - 2014-04-08 21:10 - 04118841 _____ () C:\Users\archer\Desktop\tdsskiller.zip

2014-04-08 21:10 - 2014-04-08 21:10 - 01145856 _____ (Farbar) C:\Users\archer\Desktop\FRST (1).exe

2014-04-08 20:39 - 2014-03-28 18:34 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-08 20:28 - 2013-11-04 14:08 - 00000000 ____D () C:\Users\archer\AppData\Local\Adobe

2014-04-08 20:25 - 2009-07-14 10:04 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-08 20:25 - 2009-07-14 10:04 - 00023088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-08 20:21 - 2013-11-04 11:42 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-08 20:20 - 2014-03-28 17:48 - 00062796 _____ () C:\Windows\WindowsUpdate.log

2014-04-08 20:17 - 2014-04-08 08:11 - 00000112 _____ () C:\Windows\setupact.log

2014-04-08 20:17 - 2014-03-28 18:34 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-08 20:17 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-08 08:11 - 2014-04-08 08:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-07 21:53 - 2009-07-14 10:23 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-04-06 21:16 - 2013-11-04 13:54 - 00000000 ____D () C:\Users\archer\AppData\Roaming\DMCache

2014-04-06 20:56 - 2014-04-06 20:56 - 00971700 _____ () C:\Users\archer\Downloads\Kaspersky Daily Activation Keys 02 April 2014.rar

2014-04-06 20:24 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF

2014-04-06 20:09 - 2014-04-06 20:09 - 00000406 __RSH () C:\ProgramData\ntuser.pol

2014-04-06 20:05 - 2009-07-14 08:07 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-06 20:00 - 2013-11-04 13:54 - 00000000 ____D () C:\Users\archer\AppData\Roaming\IDM

2014-04-06 20:00 - 2013-11-04 12:36 - 00000000 ____D () C:\Users\archer\AppData\Roaming\Media Player Classic

2014-04-06 18:14 - 2014-04-06 18:14 - 00000045 _____ () C:\Windows\system32\initdebug.nfo

2014-04-06 18:14 - 2013-11-04 12:40 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-04-06 18:14 - 2013-11-04 12:40 - 00000000 ____D () C:\Program Files\CCleaner

2014-04-06 18:10 - 2013-11-04 13:54 - 00000000 ____D () C:\Users\archer\Downloads\Video

2014-04-06 16:53 - 2014-04-06 16:53 - 00000385 _____ () C:\Windows\system32\user_gensett.xml

2014-04-06 16:53 - 2014-04-06 16:53 - 00000385 _____ () C:\Users\archer\AppData\Roaminguser_gensett.xml

2014-04-06 16:25 - 2014-04-06 16:25 - 03031488 _____ () C:\ProgramData\1396764607.bdinstall.bin

2014-04-06 14:03 - 2014-04-06 11:55 - 00000000 ____D () C:\Users\archer\AppData\Roaming\Bitdefender

2014-04-06 14:03 - 2014-02-14 15:33 - 00000000 ____D () C:\ProgramData\Bitdefender

2014-04-06 14:02 - 2014-04-06 14:02 - 00002067 _____ () C:\Users\Public\Desktop\Bitdefender Total Security.lnk

2014-04-06 14:02 - 2014-04-06 14:02 - 00002019 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk

2014-04-06 14:02 - 2014-04-06 14:02 - 00000308 ____H () C:\bdr-cf01

2014-04-06 14:02 - 2014-04-06 14:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf

2014-04-06 14:02 - 2014-04-06 11:55 - 00253404 ____H () C:\bdr-ld01

2014-04-06 14:02 - 2014-04-06 11:55 - 00009216 ____H () C:\bdr-ld01.mbr

2014-04-06 14:02 - 2014-02-14 21:36 - 00000000 ____D () C:\ProgramData\BDLogging

2014-04-06 13:56 - 2014-04-06 13:35 - 04319020 _____ () C:\Users\archer\Downloads\bitdefender_ts_17_32b.exe

2014-04-06 11:55 - 2014-04-06 11:40 - 00000000 ____D () C:\Program Files\Bitdefender

2014-04-06 11:40 - 2014-02-14 15:15 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender

2014-04-06 11:30 - 2014-02-12 11:30 - 00000000 ____D () C:\ProgramData\MFAData

2014-04-04 23:38 - 2014-02-13 12:44 - 00000000 ____D () C:\Users\archer\AppData\Local\CrashDumps

2014-04-03 21:10 - 2014-04-03 21:10 - 00000000 ____D () C:\Users\archer\AppData\Roaming\PDAppFlex

2014-03-28 18:42 - 2014-03-28 18:42 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk

2014-03-28 18:42 - 2013-11-04 12:33 - 00000000 ____D () C:\Users\archer\AppData\Local\Google

2014-03-28 18:42 - 2013-11-04 12:33 - 00000000 ____D () C:\Program Files\Google

2014-03-28 18:33 - 2014-03-28 18:33 - 00847824 _____ (Google Inc.) C:\Users\archer\Downloads\GoogleEarthSetup.exe

2014-03-28 13:56 - 2014-01-24 20:38 - 00000045 _____ () C:\Users\archer\Desktop\New Text Document (3).txt

2014-03-26 14:05 - 2013-11-04 12:38 - 00000000 ____D () C:\Users\archer\AppData\Roaming\vlc

2014-03-25 16:33 - 2014-03-25 16:33 - 02347384 _____ (ESET) C:\Users\archer\Downloads\esetsmartinstaller_enu.exe

2014-03-18 10:29 - 2014-03-18 10:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software

2014-03-18 10:29 - 2014-03-18 10:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software

2014-03-12 21:19 - 2014-01-21 13:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-03-12 21:14 - 2014-03-12 21:14 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-10 19:21 - 2014-02-21 20:10 - 00000000 ____D () C:\Users\archer\Downloads\Operation Cleanup - Complete Malware Removal Guide - Mantesh

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-06 13:53

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01

Ran by archer at 2014-04-08 21:19:34

Running from C:\Users\archer\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}

AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.149 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.27.0.1146 - Bitdefender)

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1687.2 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)

Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)

Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

K-Lite Mega Codec Pack 10.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.0 - )

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden

PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6019 - Realtek Semiconductor Corp.)

Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.1.1 - Tweaking.com)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)

WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points =========================

25-02-2014 07:39:18 Installed AVG PC TuneUp 2014

25-02-2014 07:47:06 Removed AVG PC TuneUp 2014

25-02-2014 07:47:34 Removed AVG PC TuneUp 2014 (en-US)

08-03-2014 09:17:42 Scheduled Checkpoint

28-03-2014 08:51:13 Scheduled Checkpoint

06-04-2014 05:57:06 Removed AVG 2014

06-04-2014 05:58:38 Removed AVG 2014

==================== Hosts content: ==========================

2009-07-14 07:34 - 2014-01-10 19:58 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04C1FE8A-5074-49CB-8FB8-408E9F97589B} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)

Task: {0E3665A0-7085-45EE-B4B7-7DA9C823DDAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)

Task: {37DCDC0C-5DA6-41ED-BEAE-79A7E699B125} - System32\Tasks\AdobeAAMUpdater-1.0-archer-PC-archer => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {D4AFE67F-E8D1-45C1-895C-F15C21A82B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-19] (Piriform Ltd)

Task: {DAA17121-343E-462F-B850-66E7B8F44840} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-06 13:34 - 2014-03-15 00:05 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll

2014-04-06 13:51 - 2014-03-27 11:11 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui

2014-04-06 13:43 - 2011-11-14 19:17 - 00132176 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll

2014-04-06 13:51 - 2014-03-27 11:11 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui

2014-04-06 13:34 - 2014-03-24 17:35 - 00668840 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpbr.mdl

2014-04-06 13:34 - 2014-03-24 17:35 - 00489120 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpdsp.mdl

2014-04-06 13:34 - 2014-03-24 17:35 - 02137584 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpph.mdl

2014-04-06 13:34 - 2014-03-24 17:35 - 01124088 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttprbl.mdl

2014-04-06 13:51 - 2013-03-25 15:16 - 00919136 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll

2014-04-06 13:34 - 2013-09-03 13:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (04/08/2014 08:11:51 AM) (Source: Windows Search Service) (User: )

Description: The index cannot be initialized.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/08/2014 08:11:51 AM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

Context: Windows Application

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/08/2014 08:11:51 AM) (Source: Windows Search Service) (User: )

Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/08/2014 08:11:51 AM) (Source: Windows Search Service) (User: )

Description: The plug-in in cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:

Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The plug-in in cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:

The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot open the Jet property store.

Details:

0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (04/08/2014 08:11:50 AM) (Source: ESENT) (User: )

Description: Windows (2852) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00007.log.

System errors:

=============

Error: (04/08/2014 08:17:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)

Description: Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/08/2014 08:17:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)

Description: Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/08/2014 08:12:23 AM) (Source: Service Control Manager) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

%%1056

Error: (04/08/2014 08:11:53 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/08/2014 08:11:51 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/08/2014 08:11:20 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)

Description: Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/08/2014 08:11:20 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)

Description: Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (04/07/2014 09:54:17 PM) (Source: Service Control Manager) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

%%1056

Error: (04/07/2014 09:53:47 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/07/2014 09:53:47 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2014-02-12 11:12:12.876

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 11:12:12.871

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 11:12:12.868

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 11:08:56.771

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 11:08:56.769

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 11:08:56.766

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-11 19:52:36.008

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-11 19:52:36.008

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-11 19:52:36.008

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-11 19:52:35.977

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 44%

Total physical RAM: 2035.84 MB

Available physical RAM: 1131.48 MB

Total Pagefile: 4071.69 MB

Available Pagefile: 2922.9 MB

Total Virtual: 2047.88 MB

Available Virtual: 1881.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:93.01 GB) (Free:69.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Fixed) (Total:63.48 GB) (Free:1.05 GB) NTFS

Drive e: () (Fixed) (Total:63.48 GB) (Free:23.05 GB) NTFS

Drive f: () (Fixed) (Total:78.12 GB) (Free:55.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D5A8D5A8)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01

Ran by archer at 2014-04-08 21:19:34

Running from C:\Users\archer\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}

AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

 

==================== Installed Programs ======================

 

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.149 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.27.0.1146 - Bitdefender)

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1687.2 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)

Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)

Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

K-Lite Mega Codec Pack 10.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.0 - )

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden

PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6019 - Realtek Semiconductor Corp.)

Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.1.1 - Tweaking.com)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)

WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

 

==================== Restore Points  =========================

 

25-02-2014 07:39:18 Installed AVG PC TuneUp 2014

25-02-2014 07:47:06 Removed AVG PC TuneUp 2014

25-02-2014 07:47:34 Removed AVG PC TuneUp 2014 (en-US)

08-03-2014 09:17:42 Scheduled Checkpoint

28-03-2014 08:51:13 Scheduled Checkpoint

06-04-2014 05:57:06 Removed AVG 2014

06-04-2014 05:58:38 Removed AVG 2014

 

==================== Hosts content: ==========================

 

2009-07-14 07:34 - 2014-01-10 19:58 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {04C1FE8A-5074-49CB-8FB8-408E9F97589B} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)

Task: {0E3665A0-7085-45EE-B4B7-7DA9C823DDAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)

Task: {37DCDC0C-5DA6-41ED-BEAE-79A7E699B125} - System32\Tasks\AdobeAAMUpdater-1.0-archer-PC-archer => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {D4AFE67F-E8D1-45C1-895C-F15C21A82B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-19] (Piriform Ltd)

Task: {DAA17121-343E-462F-B850-66E7B8F44840} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-04-06 13:34 - 2014-03-15 00:05 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll

2014-04-06 13:51 - 2014-03-27 11:11 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui

2014-04-06 13:43 - 2011-11-14 19:17 - 00132176 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll

2014-04-06 13:51 - 2014-03-27 11:11 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui

2014-04-06 13:34 - 2014-03-24 17:35 - 00668840 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpbr.mdl

2014-04-06 13:34 - 2014-03-24 17:35 - 00489120 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpdsp.mdl

2014-04-06 13:34 - 2014-03-24 17:35 - 02137584 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttpph.mdl

2014-04-06 13:34 - 2014-03-24 17:35 - 01124088 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_001_001\ashttprbl.mdl

2014-04-06 13:51 - 2013-03-25 15:16 - 00919136 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll

2014-04-06 13:34 - 2013-09-03 13:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/08/2014 08:11:51 AM) (Source: Windows Search Service) (User: )

Description: The index cannot be initialized.

 

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (04/08/2014 08:11:51 AM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

 

Context: Windows Application

 

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (04/08/2014 08:11:51 AM) (Source: Windows Search Service) (User: )

Description: The gatherer object cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (04/08/2014 08:11:51 AM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

Element not found.  (HRESULT : 0x80070490) (0x80070490)

 

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.JetPropStore> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot load the property store information.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

 

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

 

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

 

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (04/08/2014 08:11:50 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot open the Jet property store.

 

 

Details:

0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

 

Error: (04/08/2014 08:11:50 AM) (Source: ESENT) (User: )

Description: Windows (2852) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00007.log.

 

 

System errors:

=============

Error: (04/08/2014 08:17:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)

Description: Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

 

Error: (04/08/2014 08:17:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)

Description: Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

 

Error: (04/08/2014 08:12:23 AM) (Source: Service Control Manager) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

Error: (04/08/2014 08:11:53 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (04/08/2014 08:11:51 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

 

Error: (04/08/2014 08:11:20 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)

Description: Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

 

Error: (04/08/2014 08:11:20 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)

Description: Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

 

Error: (04/07/2014 09:54:17 PM) (Source: Service Control Manager) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

Error: (04/07/2014 09:53:47 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (04/07/2014 09:53:47 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-02-12 11:12:12.876

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-12 11:12:12.871

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-12 11:12:12.868

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-12 11:08:56.771

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-12 11:08:56.769

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-12 11:08:56.766

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-11 19:52:36.008

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-11 19:52:36.008

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-11 19:52:36.008

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-02-11 19:52:35.977

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 44%

Total physical RAM: 2035.84 MB

Available physical RAM: 1131.48 MB

Total Pagefile: 4071.69 MB

Available Pagefile: 2922.9 MB

Total Virtual: 2047.88 MB

Available Virtual: 1881.33 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:93.01 GB) (Free:69.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Fixed) (Total:63.48 GB) (Free:1.05 GB) NTFS

Drive e: () (Fixed) (Total:63.48 GB) (Free:23.05 GB) NTFS

Drive f: () (Fixed) (Total:78.12 GB) (Free:55.26 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D5A8D5A8)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

hi psychotic, my pc restarts automatically for no reason but cpu is on . i dont know why. ive taken the logs.

 

 Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.04.10.05
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
archer :: ARCHER-PC [administrator]
Protection: Enabled
 
11-04-2014 PM 07:42:33
mbam-log-2014-04-11 (19-42-33).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287281
Time elapsed: 30 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
ESET :
C:\Users\archer\Desktop\Windows 7 Loader.exe Win32/HackTool.WinActivator.I potentially unsafe application
C:\Users\archer\Downloads\Programs\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\softwares\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 
Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

hi psychotic,

  

# AdwCleaner v3.023 - Report created 14/04/2014 at 20:16:27
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : archer - ARCHER-PC
# Running from : C:\Users\archer\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\archer\AppData\Local\SwvUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Google Chrome v
 
[ File : C:\Users\archer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [802 octets] - [14/04/2014 20:15:12]
AdwCleaner[s1].txt - [728 octets] - [14/04/2014 20:16:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [787 octets] ##########
 
 
 
 
 
 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Java version out of Date! 
  Adobe Flash Player 11.9.900.149 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome 32.0.1687.2  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender vsserv.exe  
 Bitdefender Bitdefender updatesrv.exe  
 Bitdefender Bitdefender SafeBox safeboxservice.exe  
 Bitdefender Bitdefender bdagent.exe  
 Bitdefender Bitdefender pmbxag.exe  
 Bitdefender Bitdefender bdapppassmgr.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.