Jump to content

Recommended Posts

pls help... i just scaned a couple times and detect trojan.ag...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014

Ran by John (administrator) on JOHN-PC on 30-10-2014 10:23:20

Running from C:\Users\John\Desktop

Loaded Profile: John (Available profiles: John)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII3E.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-27] (AVAST Software)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-1661234958-3103515025-705734315-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII3E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1661234958-3103515025-705734315-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)

HKU\S-1-5-21-1661234958-3103515025-705734315-1000\...\MountPoints2: {2137c5c6-14ef-11e4-94bd-806e6f6e6963} - D:\Run.exe

HKU\S-1-5-21-1661234958-3103515025-705734315-1000\...\MountPoints2: {5b4dee32-1d0d-11e4-bd46-74d435537fcb} - E:\AutoRun.exe

HKU\S-1-5-21-1661234958-3103515025-705734315-1000\...\MountPoints2: {9710527d-1530-11e4-b34d-74d435537fcb} - E:\AutoRun.exe

HKU\S-1-5-21-1661234958-3103515025-705734315-1000\...\MountPoints2: {97105290-1530-11e4-b34d-74d435537fcb} - E:\AutoRun.exe

HKU\S-1-5-21-1661234958-3103515025-705734315-1000\...\MountPoints2: {f0312411-1968-11e4-bb4c-74d435537fcb} - E:\AutoRun.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-27]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-27]

CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-27]

CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-27]

CHR Extension: (ZenMate) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-27]

CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-27]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-07-27]

CHR Extension: (ZenMate) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\laieghhmgjachnenihhdbkakcdidhhgm [2014-07-27]

CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-27]

CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-27]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-27] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-10-27] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-10-27] (Avast Software)

S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)

S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-27] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-10-27] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [82768 2014-10-27] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-10-27] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-27] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-27] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049920 2014-10-27] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-27] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-27] (AVAST Software)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-10-29] ()

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)

S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-30] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)

S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)

S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-10-27] (Avast Software)

S3 aswVmm; \??\C:\Users\John\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 10:23 - 2014-10-30 10:23 - 00013555 _____ () C:\Users\John\Desktop\FRST.txt

2014-10-30 10:23 - 2014-10-30 10:23 - 00000000 ____D () C:\FRST

2014-10-30 10:19 - 2014-10-30 10:19 - 02113536 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe

2014-10-30 10:19 - 2014-10-30 10:19 - 00001147 _____ () C:\Users\John\Desktop\mbam trj agent.txt

2014-10-29 23:48 - 2014-10-29 23:48 - 00000000 ____D () C:\Users\John\Downloads\mbam-chameleon-3.1.7.0

2014-10-29 21:46 - 2014-10-29 21:46 - 00125024 _____ () C:\Users\John\Desktop\OTL.Txt

2014-10-29 21:46 - 2014-10-29 21:46 - 00038708 _____ () C:\Users\John\Desktop\Extras.Txt

2014-10-29 21:43 - 2014-10-29 21:43 - 00125024 _____ () C:\Users\John\Downloads\OTL.Txt

2014-10-29 21:43 - 2014-10-29 21:43 - 00038708 _____ () C:\Users\John\Downloads\Extras.Txt

2014-10-29 21:32 - 2014-10-29 21:32 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe

2014-10-29 21:28 - 2014-10-29 21:28 - 00001106 _____ () C:\Users\John\Desktop\gmer 2.log

2014-10-29 19:33 - 2014-10-29 19:33 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps

2014-10-29 19:24 - 2014-10-29 19:24 - 00002244 _____ () C:\Users\John\Desktop\gmer.log

2014-10-29 18:33 - 2014-10-29 18:33 - 00380416 _____ () C:\Users\John\Downloads\ie.exe

2014-10-29 15:44 - 2014-10-30 10:08 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

2014-10-29 15:44 - 2014-10-29 15:44 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk

2014-10-29 15:44 - 2014-10-29 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2014-10-29 15:44 - 2014-10-29 15:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit

2014-10-29 15:35 - 2014-10-29 15:35 - 02737592 _____ (Malwarebytes ) C:\Users\John\Downloads\mbae-setup-1.04.1.1012.exe

2014-10-29 15:26 - 2014-10-29 15:42 - 00000000 ____D () C:\Users\John\Desktop\mbar

2014-10-29 15:22 - 2014-10-29 15:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.07.0.1012.exe

2014-10-29 15:22 - 2014-10-29 15:23 - 04909382 _____ () C:\Users\John\Downloads\mbam-chameleon-3.1.7.0.zip

2014-10-29 15:22 - 2014-10-29 15:22 - 00204496 _____ (Malwarebytes) C:\Users\John\Downloads\startuplite-setup-1.07.exe

2014-10-29 15:22 - 2014-10-29 15:22 - 00167034 _____ () C:\Users\John\Downloads\fileassassin-setup-1.06.exe

2014-10-29 15:22 - 2014-10-29 15:22 - 00065232 _____ (Malwarebytes) C:\Users\John\Downloads\regassassin-setup-1.03.exe

2014-10-29 11:19 - 2014-10-29 11:20 - 00000000 ____D () C:\ProgramData\SecTaskMan

2014-10-29 11:18 - 2014-10-29 11:18 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys

2014-10-29 11:17 - 2014-10-29 11:17 - 00001169 _____ () C:\DelFix.txt

2014-10-28 19:39 - 2014-10-28 19:39 - 00000583 _____ () C:\Users\John\Downloads\PCloudCleaner.LOG

2014-10-28 19:09 - 2014-10-28 19:09 - 00001282 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk

2014-10-28 19:09 - 2014-10-28 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security

2014-10-28 19:09 - 2014-10-28 19:09 - 00000000 ____D () C:\Program Files (x86)\Panda Security

2014-10-28 19:09 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys

2014-10-28 18:34 - 2014-10-28 18:35 - 00453048 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\John\Downloads\rufus_v1.3.2.exe

2014-10-28 18:05 - 2014-10-28 18:10 - 32509672 _____ (Panda Security ) C:\Users\John\Downloads\PandaCloudCleaner.exe

2014-10-28 17:50 - 2014-10-28 17:51 - 05192704 ____N (AVAST Software) C:\Users\John\Downloads\aswMBR.exe

2014-10-28 17:38 - 2014-10-28 17:38 - 00000100 _____ () C:\Windows\system32\gathernetworkinfo.wsh

2014-10-28 17:11 - 2014-10-28 17:11 - 00000000 ____D () C:\Users\John\Downloads\tcpv

2014-10-28 17:10 - 2014-10-28 17:10 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-10-28 17:10 - 2014-10-28 17:10 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-10-28 17:09 - 2014-10-28 17:09 - 00000000 ____D () C:\Users\John\Downloads\autoruns

2014-10-28 16:29 - 2014-10-28 16:29 - 00002322 _____ () C:\Users\John\Downloads\HitmanPro_20141028_1629.log

2014-10-28 08:47 - 2014-10-28 08:48 - 00001908 _____ () C:\Windows\diagwrn.xml

2014-10-28 08:47 - 2014-10-28 08:48 - 00001908 _____ () C:\Windows\diagerr.xml

2014-10-28 08:47 - 2014-10-28 08:47 - 00000000 ____D () C:\$WINDOWS.~BT

2014-10-28 08:19 - 2014-10-28 08:20 - 00000000 ____D () C:\Users\John\Downloads\desktop exe

2014-10-28 06:45 - 2014-10-28 06:45 - 00347816 _____ (Microsoft Corporation) C:\Users\John\Downloads\MicrosoftFixit.WinFileFolder.FISC.1933378840631420.2.1.Run.exe

2014-10-28 06:45 - 2014-10-28 06:45 - 00000134 _____ () C:\Users\John\Desktop\Microsoft Fix it.url

2014-10-28 06:43 - 2014-10-28 06:44 - 00347816 _____ (Microsoft Corporation) C:\Users\John\Downloads\MicrosoftFixit.WinSecurity.FISC.1933378840631420.1.1.Run.exe

2014-10-28 06:06 - 2013-04-10 06:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2014-10-28 06:06 - 2013-04-03 05:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2014-10-28 06:06 - 2012-06-01 12:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll

2014-10-28 06:06 - 2012-06-01 12:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll

2014-10-28 06:06 - 2012-06-01 12:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll

2014-10-28 06:06 - 2012-06-01 12:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll

2014-10-28 06:06 - 2012-06-01 12:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll

2014-10-28 06:06 - 2012-06-01 12:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe

2014-10-28 06:06 - 2012-06-01 11:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll

2014-10-28 06:06 - 2012-06-01 11:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll

2014-10-28 06:06 - 2012-06-01 11:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll

2014-10-28 06:06 - 2012-06-01 11:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll

2014-10-28 06:06 - 2012-06-01 11:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll

2014-10-28 06:06 - 2012-06-01 11:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe

2014-10-28 05:51 - 2014-10-28 23:20 - 00038832 _____ () C:\Windows\iis7.log

2014-10-28 05:51 - 2014-10-28 05:51 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices

2014-10-28 05:51 - 2014-10-28 05:51 - 00000000 ____D () C:\Windows\system32\BestPractices

2014-10-28 05:51 - 2014-10-28 05:51 - 00000000 ____D () C:\inetpub

2014-10-28 05:48 - 2014-10-28 05:48 - 00990720 _____ () C:\Users\John\Downloads\MicrosoftFixit50193.msi

2014-10-28 05:45 - 2014-10-28 05:45 - 00000000 ____D () C:\4309b13a2226533669d19e4f

2014-10-28 05:42 - 2014-10-28 05:42 - 01414933 _____ () C:\Users\John\Downloads\Windows6.1-KB971033-x64.MSU

2014-10-27 23:46 - 2014-10-27 23:46 - 00003642 _____ () C:\Users\John\Desktop\cc_20141027_234637.reg

2014-10-27 23:45 - 2014-10-27 23:45 - 00002124 _____ () C:\Users\John\Desktop\registry.txt

2014-10-27 22:19 - 2014-10-27 22:19 - 00000247 _____ () C:\Windows\system32\2014-10-27-15-19-05.095-aswFe.exe-4360.log

2014-10-27 22:17 - 2014-10-27 22:17 - 00000197 _____ () C:\Windows\system32\2014-10-27-15-17-34.031-AvastVBoxSVC.exe-1476.log

2014-10-27 21:01 - 2014-10-27 22:17 - 00000247 _____ () C:\Windows\system32\2014-10-27-14-01-35.039-aswFe.exe-208.log

2014-10-27 21:01 - 2014-10-27 21:01 - 00000197 _____ () C:\Windows\system32\2014-10-27-14-01-33.016-AvastVBoxSVC.exe-2336.log

2014-10-27 20:37 - 2014-10-27 20:37 - 00000247 _____ () C:\Windows\system32\2014-10-27-13-37-08.088-aswFe.exe-4808.log

2014-10-27 20:35 - 2014-10-27 20:35 - 00000197 _____ () C:\Windows\system32\2014-10-27-13-35-39.056-AvastVBoxSVC.exe-3384.log

2014-10-27 19:29 - 2014-10-30 10:07 - 00001861 _____ () C:\Users\John\Desktop\AreaAman Browser.lnk

2014-10-27 19:19 - 2014-10-27 20:35 - 00000247 _____ () C:\Windows\system32\2014-10-27-12-19-37.088-aswFe.exe-1896.log

2014-10-27 19:19 - 2014-10-27 19:19 - 00000197 _____ () C:\Windows\system32\2014-10-27-12-19-35.067-AvastVBoxSVC.exe-3644.log

2014-10-27 19:12 - 2014-10-27 19:12 - 00000247 _____ () C:\Windows\system32\2014-10-27-12-12-26.036-aswFe.exe-4620.log

2014-10-27 19:12 - 2014-10-27 19:12 - 00000197 _____ () C:\Windows\system32\2014-10-27-12-12-22.056-AvastVBoxSVC.exe-4780.log

2014-10-27 19:10 - 2014-10-27 19:10 - 00000000 ____D () C:\Windows\SysWOW64\vbox

2014-10-27 19:10 - 2014-10-27 19:10 - 00000000 ____D () C:\Windows\system32\vbox

2014-10-27 19:05 - 2014-10-27 19:05 - 00001990 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk

2014-10-27 19:05 - 2014-10-27 19:05 - 00001930 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk

2014-10-27 19:05 - 2014-10-27 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2014-10-27 19:04 - 2014-10-27 19:04 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys

2014-10-27 19:04 - 2014-10-27 19:04 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-10-27 19:04 - 2014-10-27 19:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-10-27 18:21 - 2014-10-27 18:21 - 00000000 ____D () C:\Users\John\AppData\Roaming\AVAST Software

2014-10-27 18:20 - 2014-10-27 19:04 - 01049920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-10-27 18:20 - 2014-10-27 19:04 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-10-27 18:20 - 2014-10-27 19:04 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-10-27 18:20 - 2014-10-27 19:04 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-10-27 18:20 - 2014-10-27 19:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-10-27 18:20 - 2014-10-27 19:04 - 00082768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-10-27 18:20 - 2014-10-27 19:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-10-27 18:20 - 2014-10-27 19:04 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-10-27 18:20 - 2014-10-27 19:04 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2014-10-27 18:20 - 2014-10-27 18:20 - 00000000 ____D () C:\Program Files\AVAST Software

2014-10-27 18:18 - 2014-10-27 18:20 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-10-27 18:17 - 2014-10-30 10:04 - 00003523 _____ () C:\Windows\setupact.log

2014-10-27 18:17 - 2014-10-28 08:47 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-27 18:14 - 2014-10-30 10:04 - 00420794 _____ () C:\Windows\PFRO.log

2014-10-27 18:06 - 2014-10-27 18:07 - 05038224 _____ (AVAST Software) C:\Users\John\Downloads\avastclear.exe

2014-10-27 17:50 - 2014-10-27 17:50 - 00000000 ____D () C:\Users\John\Downloads\TCPView

2014-10-27 17:48 - 2014-10-27 17:48 - 00000000 ____D () C:\Users\John\Downloads\RootkitRevealer

2014-10-27 17:22 - 2014-10-29 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager

2014-10-27 17:22 - 2014-10-29 11:19 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager

2014-10-27 17:19 - 2014-10-27 17:20 - 02365840 _____ () C:\Users\John\Downloads\SecurityTaskManager_Setup.exe

2014-10-27 16:57 - 2014-10-28 17:43 - 02199784 _____ () C:\Users\John\Desktop\AutoRuns.arn

2014-10-27 16:39 - 2014-10-27 13:33 - 00063833 _____ () C:\Users\John\Downloads\BlueScreen.zip

2014-10-27 16:39 - 2014-10-27 13:20 - 00291606 _____ () C:\Users\John\Downloads\TCPView.zip

2014-10-27 16:39 - 2014-10-27 13:13 - 00231390 _____ () C:\Users\John\Downloads\RootkitRevealer.zip

2014-10-27 16:39 - 2014-10-27 13:05 - 11194928 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro_x64.exe

2014-10-27 16:23 - 2014-10-27 16:26 - 00000000 ____D () C:\Users\John\Downloads\p.exp

2014-10-27 15:58 - 2014-10-27 16:13 - 00000826 _____ () C:\Users\John\Desktop\CCleaner.lnk

2014-10-27 15:58 - 2014-10-27 15:58 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-10-27 15:58 - 2014-10-27 15:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-10-27 15:58 - 2014-10-27 15:58 - 00000000 ____D () C:\Program Files\CCleaner

2014-10-27 15:57 - 2014-10-29 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-10-27 15:55 - 2014-10-27 16:58 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-10-26 21:53 - 2014-10-26 21:53 - 00000819 _____ () C:\Users\John\Downloads\logfile (1).log

2014-10-26 18:03 - 2014-10-26 18:03 - 00000000 _____ () C:\Users\John\Downloads\logfile.log

2014-10-26 17:41 - 2014-10-26 17:41 - 00000000 ____H () C:\Users\John\Documents\Default.rdp

2014-10-23 16:03 - 2014-10-23 16:03 - 00000000 ____D () C:\ProgramData\Adobe

2014-10-23 14:42 - 2014-10-23 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2014-10-23 14:42 - 2014-10-23 14:42 - 00000000 ____D () C:\Program Files\Common Files\EPSON

2014-10-23 14:36 - 2011-04-19 01:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMI3E.DLL

2014-10-23 14:36 - 2011-03-14 01:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BI3E.DLL

2014-10-23 14:36 - 2007-04-09 23:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL

2014-10-23 14:35 - 2014-10-23 14:42 - 00000000 ____D () C:\ProgramData\EPSON

2014-10-22 21:48 - 2014-10-22 21:48 - 00001184 _____ () C:\Users\John\Desktop\Swordsman Online.lnk

2014-10-22 21:48 - 2014-10-22 21:48 - 00000126 _____ () C:\Users\John\Desktop\Swordsman Homepage.url

2014-10-22 21:13 - 2014-10-22 21:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Swordsman Online

2014-10-22 21:08 - 2014-10-22 21:48 - 00000000 ____D () C:\Program Files (x86)\Swordsman OL

2014-10-22 08:23 - 2014-10-22 10:16 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part11.rar

2014-10-20 22:44 - 2014-10-20 22:44 - 00055258 _____ () C:\Users\John\Downloads\HOME-PC.txt

2014-10-19 18:58 - 2014-10-19 18:59 - 03696937 _____ () C:\Users\John\Desktop\20141019_1158_1661035550.zip

2014-10-19 18:58 - 2014-10-19 18:59 - 00000000 ____D () C:\Users\John\AppData\Local\AvastSupport

2014-10-19 18:50 - 2014-10-19 19:10 - 133009304 _____ (AVAST Software) C:\Users\John\Downloads\avast_internet_security_setup.exe

2014-10-19 12:31 - 2014-10-19 12:31 - 00638888 _____ (Oracle Corporation) C:\Users\John\Downloads\chromeinstall-8u25.exe

2014-10-19 07:12 - 2014-10-19 07:17 - 07248744 _____ () C:\Users\John\Downloads\AUDFPD-00271961-0082.EXE

2014-10-19 07:11 - 2014-10-19 07:12 - 01028456 _____ () C:\Users\John\Downloads\INDOTH-00275065-0082 (1).EXE

2014-10-19 07:10 - 2014-10-19 07:16 - 12490088 _____ () C:\Users\John\Downloads\REDMCC-00269186-0082.EXE

2014-10-19 07:10 - 2014-10-19 07:15 - 03091816 _____ () C:\Users\John\Downloads\SODSWS-00269693-0082.EXE

2014-10-19 07:10 - 2014-10-19 07:14 - 02565480 _____ () C:\Users\John\Downloads\AHDWLL-00270365-0082.EXE

2014-10-19 07:10 - 2014-10-19 07:11 - 01420648 _____ () C:\Users\John\Downloads\SODFEP-00270203-0082.EXE

2014-10-19 07:09 - 2014-10-19 07:17 - 12940136 _____ () C:\Users\John\Downloads\INDOTH-00274525-0082.EXE

2014-10-19 07:09 - 2014-10-19 07:17 - 06462312 _____ () C:\Users\John\Downloads\REDETH-00269386-0082.EXE

2014-10-19 07:09 - 2014-10-19 07:10 - 04032872 _____ () C:\Users\John\Downloads\INDCHI-00270446-0082.EXE

2014-10-19 07:09 - 2014-10-19 07:10 - 01096040 _____ () C:\Users\John\Downloads\SOOOTH-00269356-0082.EXE

2014-10-19 07:09 - 2014-10-19 07:10 - 01028456 _____ () C:\Users\John\Downloads\INDOTH-00275065-0082.EXE

2014-10-19 06:03 - 2014-10-19 06:08 - 32714240 _____ () C:\Users\John\Desktop\EP0000321308.msi

2014-10-19 03:28 - 2014-10-19 03:28 - 00007577 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg

2014-10-19 02:06 - 2014-10-19 02:06 - 00001179 _____ () C:\Users\John\Desktop\SM_Downloader - Shortcut.lnk

2014-10-18 02:10 - 2014-10-22 14:06 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part01.exe

2014-10-18 02:10 - 2014-10-21 21:09 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part10.rar

2014-10-18 02:10 - 2014-10-20 06:25 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part09.rar

2014-10-18 02:10 - 2014-10-20 04:09 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part08.rar

2014-10-18 02:10 - 2014-10-20 02:30 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part06.rar

2014-10-18 02:10 - 2014-10-19 18:47 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part07.rar

2014-10-18 02:10 - 2014-10-19 12:26 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part05.rar

2014-10-18 02:10 - 2014-10-19 05:23 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part04.rar

2014-10-18 02:10 - 2014-10-19 04:57 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part03.rar

2014-10-18 02:09 - 2014-10-22 03:59 - 00000000 ____D () C:\Users\John\Desktop\New folder

2014-10-18 02:09 - 2014-10-19 02:42 - 734003200 _____ () C:\Users\John\Desktop\SM_Installer.part02.rar

2014-10-18 02:08 - 2014-10-22 11:30 - 549746561 _____ () C:\Users\John\Desktop\SM_Installer.part12.rar

2014-10-18 02:05 - 2014-10-18 02:05 - 00000000 ____D () C:\Users\John\Documents\swordsman

2014-10-18 02:04 - 2014-10-18 02:04 - 00131072 _____ (Perfect Game) C:\Users\John\Downloads\SM_Downloader.exe

2014-10-16 09:48 - 2014-10-16 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-10-16 02:46 - 2014-07-03 00:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-10-16 02:01 - 2014-10-07 09:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-16 02:01 - 2014-10-07 09:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-16 02:01 - 2014-09-26 05:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 02:01 - 2014-09-26 05:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-16 02:01 - 2014-09-26 05:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-16 02:01 - 2014-09-26 05:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-16 02:01 - 2014-09-26 05:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-16 02:01 - 2014-09-26 05:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-16 02:01 - 2014-09-26 05:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 02:01 - 2014-09-19 09:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 02:01 - 2014-09-19 08:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 02:01 - 2014-09-19 08:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-16 02:01 - 2014-09-19 08:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-16 02:01 - 2014-09-19 08:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 02:01 - 2014-09-19 08:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-16 02:01 - 2014-09-19 08:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-16 02:01 - 2014-09-19 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-16 02:01 - 2014-09-19 08:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-16 02:01 - 2014-09-19 08:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 02:01 - 2014-09-19 08:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 02:01 - 2014-09-19 08:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-16 02:01 - 2014-09-19 08:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-16 02:01 - 2014-09-19 08:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-16 02:01 - 2014-09-19 08:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-16 02:01 - 2014-09-19 08:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-16 02:01 - 2014-09-19 08:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-16 02:01 - 2014-09-19 08:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-16 02:01 - 2014-09-19 08:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-16 02:01 - 2014-09-19 08:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 02:01 - 2014-09-19 08:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-16 02:01 - 2014-09-19 08:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-16 02:01 - 2014-09-19 08:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-16 02:01 - 2014-09-19 08:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-16 02:01 - 2014-09-19 08:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-16 02:01 - 2014-09-19 08:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 02:01 - 2014-09-19 07:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-16 02:01 - 2014-09-19 07:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 02:01 - 2014-09-19 07:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-16 02:01 - 2014-09-19 07:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-16 02:01 - 2014-09-19 07:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-16 02:01 - 2014-09-19 07:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-16 02:01 - 2014-09-19 07:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-16 02:01 - 2014-09-19 07:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-16 02:01 - 2014-09-19 07:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 02:01 - 2014-09-19 07:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-16 02:01 - 2014-09-19 07:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-16 02:01 - 2014-09-19 07:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-16 02:01 - 2014-09-19 07:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 02:01 - 2014-09-19 07:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-16 02:01 - 2014-09-19 07:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-16 02:01 - 2014-09-19 07:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-16 02:01 - 2014-09-19 07:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 02:01 - 2014-09-19 06:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-16 02:01 - 2014-09-19 06:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-16 02:01 - 2014-09-19 06:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-16 02:01 - 2014-09-19 06:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-16 01:52 - 2014-08-19 10:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2014-10-16 01:52 - 2014-08-19 10:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2014-10-16 01:52 - 2014-08-19 10:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2014-10-16 01:52 - 2014-08-19 10:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2014-10-16 01:52 - 2014-08-19 10:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2014-10-16 01:52 - 2014-08-19 10:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2014-10-16 01:52 - 2014-08-19 10:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2014-10-16 01:52 - 2014-08-19 10:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2014-10-16 01:52 - 2014-08-19 10:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2014-10-16 01:52 - 2014-08-19 10:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2014-10-16 01:52 - 2014-08-19 09:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2014-10-16 01:52 - 2014-08-19 09:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2014-10-16 01:52 - 2014-08-19 09:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2014-10-16 01:52 - 2014-07-07 09:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2014-10-16 01:52 - 2014-07-07 09:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2014-10-16 01:52 - 2014-07-07 09:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-10-16 01:52 - 2014-07-07 09:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-10-16 01:52 - 2014-07-07 09:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-10-16 01:52 - 2014-07-07 09:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2014-10-16 01:52 - 2014-07-07 09:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2014-10-16 01:52 - 2014-07-07 09:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2014-10-16 01:52 - 2014-07-07 09:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2014-10-16 01:52 - 2014-07-07 09:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2014-10-16 01:52 - 2014-07-07 09:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-10-16 01:52 - 2014-07-07 08:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2014-10-16 01:52 - 2014-07-07 08:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2014-10-16 01:52 - 2014-07-07 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2014-10-16 01:52 - 2014-07-07 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2014-10-16 01:52 - 2014-07-07 08:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2014-10-16 01:52 - 2014-07-07 08:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2014-10-16 01:52 - 2014-07-07 08:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2014-10-16 01:52 - 2014-07-07 08:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-10-16 01:52 - 2014-07-07 08:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-10-16 01:52 - 2014-07-07 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-10-16 01:52 - 2014-06-28 07:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2014-10-16 01:52 - 2014-06-28 07:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2014-10-16 01:52 - 2014-06-28 07:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2014-10-16 01:50 - 2014-07-17 09:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-16 01:50 - 2014-07-17 09:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-16 01:50 - 2014-07-17 09:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-16 01:50 - 2014-07-17 09:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-16 01:50 - 2014-07-17 09:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-16 01:50 - 2014-07-17 09:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-16 01:50 - 2014-07-17 08:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-16 01:50 - 2014-07-17 08:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-16 01:50 - 2014-07-17 08:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-16 01:50 - 2014-07-17 08:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-16 01:50 - 2014-07-17 08:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-16 01:49 - 2014-10-10 09:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-16 01:49 - 2014-10-10 09:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-16 01:49 - 2014-10-10 09:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-16 01:49 - 2014-08-29 09:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-16 01:48 - 2014-09-18 09:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-16 01:48 - 2014-09-18 08:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-16 01:47 - 2014-09-29 07:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-16 01:47 - 2014-09-05 09:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-16 01:47 - 2014-09-05 08:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-16 01:47 - 2014-09-04 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-16 01:47 - 2014-09-04 12:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-16 01:47 - 2014-06-19 05:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-16 01:47 - 2014-06-19 05:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-16 01:47 - 2014-06-19 05:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-16 01:47 - 2014-06-19 05:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-16 01:47 - 2014-06-19 05:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-16 01:47 - 2014-06-19 05:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-16 01:46 - 2014-09-13 08:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 01:46 - 2014-09-13 08:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-15 15:55 - 2014-10-15 15:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-consumer.exe

2014-10-09 13:56 - 2014-10-09 13:56 - 01020200 _____ () C:\Users\John\Downloads\Daftar harga 2013-rudy.xlsx

2014-10-09 13:54 - 2014-10-09 13:54 - 00012800 _____ () C:\Users\John\Downloads\warnawarni031014.xls

2014-10-09 13:40 - 2014-10-09 13:41 - 00419871 _____ () C:\Users\John\Downloads\Attachments_2014109.zip

2014-10-08 15:24 - 2014-10-08 15:24 - 00001752 _____ () C:\Users\John\Downloads\license.avastlic

2014-10-04 19:26 - 2014-09-25 09:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-04 19:26 - 2014-09-25 08:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-10-02 17:08 - 2014-10-02 17:08 - 00037942 _____ () C:\Users\John\Downloads\Attachments_2014102.zip

2014-10-02 17:08 - 2014-10-02 17:08 - 00000000 ____D () C:\Users\John\Documents\price list api

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 10:14 - 2009-07-14 11:45 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-30 10:14 - 2009-07-14 11:45 - 00027920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-30 10:10 - 2014-07-27 08:21 - 01087815 _____ () C:\Windows\WindowsUpdate.log

2014-10-30 10:08 - 2009-07-14 12:13 - 00890866 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-30 10:07 - 2014-07-27 11:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-30 10:07 - 2014-07-27 10:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-10-30 10:04 - 2014-07-27 08:49 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-10-30 10:04 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-30 10:04 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-10-29 16:01 - 2014-07-27 08:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-10-28 22:56 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv

2014-10-28 22:56 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\inetsrv

2014-10-28 07:01 - 2014-07-27 10:43 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-10-28 05:52 - 2014-07-27 08:28 - 00834346 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-10-27 17:41 - 2014-08-02 01:47 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-27 17:21 - 2014-07-27 08:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2014-10-27 17:21 - 2014-07-27 08:28 - 00000000 ____D () C:\Program Files (x86)\Intel

2014-10-27 16:08 - 2014-07-27 16:03 - 00000000 ____D () C:\Windows\Panther

2014-10-27 01:53 - 2014-08-04 04:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc

2014-10-26 17:48 - 2014-07-27 17:01 - 00000000 ____D () C:\Windows\Minidump

2014-10-23 14:39 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\registration

2014-10-23 00:29 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache

2014-10-22 23:51 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-10-22 23:51 - 2009-07-14 10:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-10-22 23:49 - 2014-07-27 08:44 - 00000000 ____D () C:\Program Files (x86)\SmartBackup

2014-10-19 17:01 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-10-16 09:47 - 2014-07-27 17:25 - 00000510 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

2014-10-16 09:47 - 2014-07-27 08:28 - 00000000 ____D () C:\Intel

2014-10-16 09:47 - 2009-07-14 12:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-10-16 09:45 - 2009-07-14 11:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-16 09:44 - 2014-07-27 16:40 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-16 09:44 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-10-16 09:44 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-10-16 02:46 - 2014-07-27 08:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-10-16 02:44 - 2014-07-27 08:48 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-10-16 02:43 - 2014-07-27 16:12 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-16 02:40 - 2014-07-27 16:12 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-15 09:51 - 2014-07-27 08:25 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-10-14 10:13 - 2014-07-27 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-14 10:13 - 2014-07-27 11:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-14 10:13 - 2014-07-27 11:06 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-03 07:24 - 2014-08-17 20:03 - 00000000 ____D () C:\Steam

2014-10-02 17:09 - 2014-09-24 16:48 - 00000000 ____D () C:\Users\John\Documents\price list api new

2014-10-02 15:53 - 2010-11-21 10:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-01 11:11 - 2014-07-27 11:08 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-01 11:11 - 2014-07-27 11:08 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-01 11:11 - 2014-07-27 11:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:

====================

C:\Users\John\AppData\Local\Temp\AFXCRQMUVT.exe

C:\Users\John\AppData\Local\Temp\CYVGYUSX.exe

C:\Users\John\AppData\Local\Temp\dllnt_dump.dll

C:\Users\John\AppData\Local\Temp\DXLY.exe

C:\Users\John\AppData\Local\Temp\KXDFMBLAZIQL.exe

C:\Users\John\AppData\Local\Temp\Quarantine.exe

C:\Users\John\AppData\Local\Temp\sqlite3.dll

C:\Users\John\AppData\Local\Temp\UAG.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 16:50

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014

Ran by John at 2014-10-30 10:23:47

Running from C:\Users\John\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)

CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)

Clash of Gods version 1.01 (HKLM-x32\...\{482B45E0-95CA-48BB-B095-E1D5C22BAB77}_is1) (Version: 1.01 - Qeon Interactive)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)

EPSON L110 Series Printer Uninstall (HKLM\...\EPSON L110 Series) (Version: - SEIKO EPSON Corporation)

FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)

Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.001.06.01.500 FaKiro - Huawei Technologies Co.,Ltd)

NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)

ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)

ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)

Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)

Sony PC Companion 2.10.226 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.226 - Sony)

Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)

Swordsman Online (HKLM-x32\...\Swordsman Online 1.0.0) (Version: 1.0.0 - Perfect Game)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

ZOTAC FireStorm (HKLM-x32\...\ZOTAC FireStorm) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1661234958-3103515025-705734315-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

29-10-2014 14:37:36 OTL Restore Point - 29/10/2014 21:37:36

30-10-2014 02:53:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2009-06-11 04:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {008B9460-70C0-40F0-8147-04EABE84B556} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-27] (AVAST Software)

Task: {E5F97F21-F78B-4EAB-800F-71CA10B5FDF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)

==================== Loaded Modules (whitelisted) =============

2014-07-27 08:49 - 2014-07-03 01:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-10-27 19:04 - 2014-10-27 19:04 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll

2014-10-27 19:04 - 2014-10-27 19:04 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll

2014-10-30 09:49 - 2014-10-30 09:49 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102902\algo.dll

2014-10-27 19:04 - 2014-10-27 19:04 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll

2014-10-27 19:04 - 2014-10-27 19:04 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-10-15 09:51 - 2014-10-10 09:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll

2014-10-15 09:51 - 2014-10-10 09:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll

2014-10-15 09:51 - 2014-10-10 09:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll

2014-10-15 09:51 - 2014-10-10 09:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00419567.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17934279.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43368635.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00419567.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17934279.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43368635.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: ArcService => 3

MSCONFIG\Services: cphs => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: IAStorDataMgrSvc => 2

MSCONFIG\Services: igfxCUIService1.0.0.0 => 2

MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2

MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3

MSCONFIG\Services: jhi_service => 2

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: nvsvc => 2

MSCONFIG\Services: SmartBackup => 2

MSCONFIG\Services: Sony PC Companion => 3

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: Stereo Service => 2

MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe /autorun

MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe

MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1661234958-3103515025-705734315-500 - Administrator - Disabled)

Guest (S-1-5-21-1661234958-3103515025-705734315-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1661234958-3103515025-705734315-1002 - Limited - Enabled)

John (S-1-5-21-1661234958-3103515025-705734315-1000 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/29/2014 07:39:27 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\Steam\steam.exe

Error: (10/29/2014 07:32:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ie.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83

Faulting module name: ie.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83

Exception code: 0xc0000005

Fault offset: 0x000620e2

Faulting process id: 0x11c0

Faulting application start time: 0xie.exe0

Faulting application path: ie.exe1

Faulting module path: ie.exe2

Report Id: ie.exe3

Error: (10/28/2014 06:24:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 05:32:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 04:52:16 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 04:33:56 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 04:22:52 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 03:54:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 08:57:01 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 08:45:30 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Error: (10/30/2014 10:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:

%%1058

Microsoft Office Sessions:

=========================

Error: (10/29/2014 07:39:27 PM) (Source: Steam Client Service) (EventID: 1) (User: )

Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\Steam\steam.exe

Error: (10/29/2014 07:32:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: ie.exe2.1.19357.052e7ea83ie.exe2.1.19357.052e7ea83c0000005000620e211c001cff3732d3018cfC:\Users\John\Downloads\ie.exeC:\Users\John\Downloads\ie.exeb53fe3c0-5f67-11e4-bca1-74d435537fcb

Error: (10/28/2014 06:24:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 05:32:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 04:52:16 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 04:33:56 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 04:22:52 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 03:54:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 08:57:01 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 08:45:30 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core i5-4570 CPU @ 3.20GHz

Percentage of memory in use: 43%

Total physical RAM: 3974.67 MB

Available physical RAM: 2257.29 MB

Total Pagefile: 7947.52 MB

Available Pagefile: 5767.8 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.29 GB) (Free:834.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DC9BD333)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Welcome to the forum.

 

That log is not readable, please un-check Word Wrap in Notepad (Format > Word Wrap)

General P2P/Piracy Warning:
 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

 
<====><====><====><====><====><====><====><====>
 
1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........
Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine all that's found
Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg


Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Wait for the Prescan to finish

Click Scan to scan the system.
When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:
%programdata%/RogueKiller/Logs <-------W7
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC
 

Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear".


------->Your topic will be closed if you haven't replied within 3 days!<--------
If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

hi there, thank your for replying my post..

im really sorry for running alot of test before.. maybe im just to currious for what happed and where it came from.. anyway im going to toss this pc for a while until it fix. thanks for helping me though.. sorry for my english.. im from indonesia..

first, im really confused , the first mbam scan i detect trojan ag. After u asked another scan i cant detect the trojan AG.. but here are the newest scan from MBAM + Farbar + Rogue kill...

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 31/10/2014

Scan Time: 16:03:28

Logfile: mbam.txt

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.10.31.03

Rootkit Database: v2014.10.22.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: John

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 300870

Time Elapsed: 6 min, 35 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01

Ran by John (administrator) on JOHN-PC on 31-10-2014 16:14:54

Running from C:\Users\John\Downloads

Loaded Profile: John (Available profiles: John)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://forum.adlice.com

Website : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : John [Administrator]

Mode : Scan -- Date : 10/31/2014 16:22:44

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\John\AppData\Local\Temp\aswVmm.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\John\AppData\Local\Temp\aswVmm.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm (\??\C:\Users\John\AppData\Local\Temp\aswVmm.sys) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 97 (Driver: Not loaded [0x5]) ¤¤¤

[iAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x779501f0 (jmp 0x15d850)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x779503b0 (jmp 0x15ed60)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77950390 (jmp 0x15ed20)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x779502d0 (jmp 0x15eba0)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77950490 (jmp 0x15e300)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x779503a0 (jmp 0x15e870)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x77950400 (jmp 0x15dc20)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77950310 (jmp 0x15ebc0)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77950370 (jmp 0x15ee60)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x779501f0 (jmp 0x15d850)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x779504a0 (jmp 0x15e300)

[iAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x77950350 (jmp 0x15e730)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x779502d0 (jmp 0x15eba0)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77950390 (jmp 0x15ed20)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77950310 (jmp 0x15ebc0)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77950320 (jmp 0x15ed00)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x779503b0 (jmp 0x15ed60)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77950370 (jmp 0x15ee60)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x779502b0 (jmp 0x15e5a0)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x779502c0 (jmp 0x15e030)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x77950290 (jmp 0x15e610)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x779502a0 (jmp 0x15e060)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x77950330 (jmp 0x15e5f0)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x77950340 (jmp 0x15e070)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x779503d0 (jmp 0x15e6a0)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x779503f0 (jmp 0x15ec10)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x77950380 (jmp 0x15e0c0)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x77950430 (jmp 0x15d9a0)

[iAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77950490 (jmp 0x15e300)

[iAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x779503f0 (jmp 0x15ec10)

[iAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x779502d0 (jmp 0x15eba0)

[iAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77950390 (jmp 0x15ed20)

[iAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x779501f0 (jmp 0x15d850)

[iAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77950480 (jmp 0x15e980)

[iAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77950310 (jmp 0x15ebc0)

[iAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x77950440 (jmp 0x15de80)

[iAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x77950280 (jmp 0x15d700)

[iAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77950310 (jmp 0x15ebc0)

[iAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x77950280 (jmp 0x15d700)

[iAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77950480 (jmp 0x15e980)

[iAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77950310 (jmp 0x15ebc0)

[iAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77950320 (jmp 0x15ed00)

[iAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x77950390 (jmp 0x15ed20)

[iAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77950370 (jmp 0x15ee60)

[iAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77950310 (jmp 0x15ebc0)

[iAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ CLBCatQ.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ cscapi.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x779502d0 (jmp 0x15eba0)

[iAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x77950340 (jmp 0x15e070)

[iAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x77950380 (jmp 0x15e0c0)

[iAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x779502c0 (jmp 0x15e030)

[iAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77950320 (jmp 0x15ed00)

[iAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77950370 (jmp 0x15ee60)

[iAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x779502a0 (jmp 0x15e060)

[iAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEventPair : Unknown @ 0x77950300 (jmp 0x15e130)

[iAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77950310 (jmp 0x15ebc0)

[iAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77950480 (jmp 0x15e980)

[iAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77950370 (jmp 0x15ee60)

[iAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x779501f0 (jmp 0x15d850)

[iAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x779502d0 (jmp 0x15eba0)

[iAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x77950330 (jmp 0x15e5f0)

[iAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77950480 (jmp 0x15e980)

[iAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x779502d0 (jmp 0x15eba0)

[iAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77950480 (jmp 0x15e980)

[iAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x779501e0 (jmp 0x15e140)

[iAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ bcryptprimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x779501e0 (jmp 0x15e140)

[iAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x77950350 (jmp 0x15e730)

[iAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x779502d0 (jmp 0x15eba0)

[iAT:Inl] (explorer.exe @ wship6.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x779503e0 (jmp 0x15ee70)

[iAT:Inl] (explorer.exe @ DSROLE.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x779502e0 (jmp 0x15ec30)

[iAT:Inl] (explorer.exe @ WinSATAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77950450 (jmp 0x15f0a0)

[iAT:Inl] (explorer.exe @ WinSATAPI.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x779501f0 (jmp 0x15d850)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD10EZEX-60ZF5A0 SCSI Disk Device +++++

--- User ---

[MBR] 2afd32a9852e1a5bf3c64d60242bc9dc

[bSP] 7a982cea375355ff2309fe77fa1cc812 : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB

User = LL1 ... OK

Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

============================================

RKreport_DEL_10282014_172634.log - RKreport_SCN_10282014_172303.log

Addition.txt

Link to post
Share on other sites

There's not much showing...lets run some scans:

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • [color-red]Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ==========================

    Please read the directions carefully so you don't end up deleting something that is good!!

    If in doubt about an entry....please ask or choose Skip!!!!

    Don't Delete anything unless instructed to!

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    If a suspicious object is detected, the default action will be Skip, click on Continue

    Please note that TDSSKiller can be run in safe mode if needed.

    Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

      tds2.jpg

    • Put a checkmark beside loaded modules.

      13040712472913819.png

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      clip.jpg

    • Click the Start Scan button.

      tds2.jpg

    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      tdsskiller_guide_5.gif

      Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

      If in doubt about an entry....please ask or choose Skip

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      tdsskiller_guide_3.gif

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
    • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    Here's a summary of what to do if you would like to print it out:

    If in doubt about an entry....please ask or choose Skip

    Don't Delete anything unless instructed to!

    If a suspicious object is detected, the default action will be Skip, click on Continue

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    ~~~~~~~~~~~~~~~~~~~~

    You can attach the logs if they're too long:

    Bottom right corner of this page.

    reply1.jpg

    New window that comes up.

    replyer1.jpg

    Then...........

    Please download and run ComboFix.

    The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

    Please visit this webpage for download links, and instructions for running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

    Please make sure you click download buttons that look similar to this, not "sponsored ad links":

    bleep-crop.jpg

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Information on disabling your malware programs can be found Here.

    Make sure you run ComboFix from your desktop.

    Give it at least 30-45 minutes to finish if needed.

    Please include the C:\ComboFix.txt in your next reply for further review.

    ---------->NOTE<----------

    If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

    MrC

Link to post
Share on other sites

OK...Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next.........

Please run a Threat Scan (Malwarebytes)

Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine All that's found

MrC

Link to post
Share on other sites

hi there... 

 

looks everything okay .. when we scan with rogue kill , i saw a lot of rootkit file ...  could you tell me what was happend with my pc ... 

 

# AdwCleaner v3.311 - Report created 01/11/2014 at 09:47:23

# Updated 30/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : John - JOHN-PC

# Running from : C:\Users\John\Desktop\mbam support\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\SecTaskMan

 

***** [ Scheduled Tasks ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

 

-\\ Google Chrome v38.0.2125.111

 

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

*************************

AdwCleaner[R0].txt - [849 octets] - [01/11/2014 09:42:55]

AdwCleaner[s0].txt - [773 octets] - [01/11/2014 09:47:23]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [832 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.5 (10.31.2014:1)

OS: Windows 7 Home Premium x64

Ran by John on 01/11/2014 at  9:52:48,95

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

 

 

~~~ Files

 

 

~~~ Folders

 

 

~~~ Event Viewer Logs were cleared

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01/11/2014 at  9:55:57,85

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 01/11/2014

Scan Time: 9:58:08

Logfile: mbam_new.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.01.02

Rootkit Database: v2014.10.22.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: John

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 313565

Time Elapsed: 4 min, 56 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

when we scan with rogue kill , i saw a lot of rootkit file

Those are OK...it's just a report, not everything is bad.

===============================

If there's no other problems.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

hi there.. 

 

thats nice.. if theres nothng happend.. just wonder why mbam scan got trojan ag and then now its nothing happend ... maybe im just a paranoia.. :D

 

 Results of screen317's Security Check version 0.99.89 

Windows 7 Service Pack 1 x64 (UAC is enabled) 

Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled! 

Windows Firewall Disabled! 

avast! Antivirus  

Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

Panda Cloud Cleaner  

Google Chrome 38.0.2125.104 

Google Chrome 38.0.2125.111 

````````Process Check: objlist.exe by Laurent```````` 

Malwarebytes Anti-Malware mbamservice.exe 

Malwarebytes Anti-Malware mbam.exe 

Malwarebytes Anti-Exploit mbae-svc.exe  

Malwarebytes Anti-Malware mbamscheduler.exe  

Malwarebytes Anti-Exploit mbae.exe  

AVAST Software Avast AvastSvc.exe 

AVAST Software Avast afwServ.exe 

AVAST Software Avast setup instup.exe

AVAST Software Avast avastui.exe 

AVAST Software Avast ng vbox\AvastVBoxSVC.exe

AVAST Software Avast ng ngservice.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

 

Link to post
Share on other sites

That Looks Good.....

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Not much showing..........

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

============================

Then........Download, update and run Malwarebytes Anti-Rookit:

https://malwarebytes.app.box.com/s/xiaxsbl4cjdyyqx5wp8q <-----MBAR

Run it as Administrator! (right click..run as administrator)

===========================

I suggest you installed CCleaner to clean out those temp files

http://www.piriform.com/ccleaner <---download

http://www.howtogeek.com/113382/how-to-use-ccleaner-like-a-pro-9-tips-tricks/ <---CCleaner tutorial (a little old)

==========================

MrC

Link to post
Share on other sites

hi there, sorry for late replay MrC

 

i have no idea also,, but its always my anti virus suddently turn off automatically and behind the firewall i saw google donwload a bunch of file. And when i start playing game (dota 2 - www.steampowered.com) my monitor turn off so many  times and connection became so slow then my keyboard wireless lost signal...

whenever i format the pc or notebook, it start back normal again for a few days... then i update my windows again, a couple days later, the problem went back again.. so frustrating...

 

this is happend about 1-2 years ago until now.. i have change pc so many times.. i suspect my isp provider did something unussual... maybe they just wanna know what i read or what i do with my pc.. or something more then that (hopefully not).

 

oh yeah i forgot, my steam (dota 2 game), it has a cloud system.. i have never check to do a sync cloud over my game... but the game system told me i sync a couple computer for 1 game... (ahh too many things, it just made me paranoia :( ........ )

 

and for my pc with win 7, i format the system 2 days ago.. i hope next week i will not get the same problem like i use to have..

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by haleluya at 2014-11-12 13:17:02 Run:1
Running from C:\Users\haleluya\Desktop\MrC
Loaded Profiles: UpdatusUser & Syamsul & haleluya (Available profiles: UpdatusUser & Syamsul & haleluya & web & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {44507DA3-BE71-45D4-B2E0-214A1AEC06E5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASPJS
SearchScopes: HKCU - {44507DA3-BE71-45D4-B2E0-214A1AEC06E5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASPJS
C:\Users\haleluya\AppData\Roaming\iolo
C:\ProgramData\iolo
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44507DA3-BE71-45D4-B2E0-214A1AEC06E5}" => Key deleted successfully.
"HKCR\CLSID\{44507DA3-BE71-45D4-B2E0-214A1AEC06E5}" => Key not found.
C:\Users\haleluya\AppData\Roaming\iolo => Moved successfully.
C:\ProgramData\iolo => Moved successfully.

==== End of Fixlog ====

 

the mbam anti rootkit scan takes more time... no idea if its hang or stop or running,, looks like didnt run.. but ill wait a couple while... (can i cancel dan run it again)

Link to post
Share on other sites

Un-check "sectors" before you scan.

If that doesn't work.....

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg

  • Put a checkmark beside loaded modules.

    13040712472913819.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    tds2.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdsskiller_guide_5.gif

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    tdsskiller_guide_3.gif

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.