Jump to content

Recommended Posts

Hello. Recently I had some nasty malware and its causing my computer to run very slowly, I could use some help from a expert. Oh I also need help enabling the malicious web protection as it refuses to be enabled when I press "Fix Now". Hope someone could help me out here.

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- Vista/W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Let me see those logs in your next reply...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Thank you for the help, and I have no piracy I know about on my computer, if you happen to see some notify me and I will gladly remove it as I am unaware that its on my computer.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Jack Bogart (administrator) on JACKBOGART-HP on 07-01-2015 21:37:04

Running from C:\Users\Jack Bogart\Downloads

Loaded Profiles: Jack Bogart &  (Available profiles: Jack Bogart)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Microsoft Corporation) C:\Windows\System32\regsvr32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Stronghold Online Backup) C:\Users\Jack Bogart\AppData\Local\Strongvault Online Backup\SMessaging.exe

(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()

HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [sMessaging] => C:\Users\Jack Bogart\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)

HKLM-x32\...\Run: [sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-10-14] (Sophos Limited)

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)

HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [1486128 2014-06-11] (Razer Inc)

HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-08-28] (Razer Inc.)

HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1970584 2014-12-12] (APN)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [LightShot] => C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-06] (Google Inc.)

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [GameServer33] => "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [ikmsoft] => regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll" <===== ATTENTION

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Run: [GoogleChromeAutoLaunch_5CC83006F824133D17F3FB678FCC5D39] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Jack Bogart\AppData\Local\Temp\sotoxiu\svictiw\wow.dll ATTENTION! ====> ZeroAccess?

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightShot] => C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-06] (Google Inc.)

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GameServer33] => "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ikmsoft] => regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll" <===== ATTENTION

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_5CC83006F824133D17F3FB678FCC5D39] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

URLSearchHook: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File

URLSearchHook: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF


SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF



&tb_mrud=04-01-2013

 

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = 

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {404C67A2-43E3-4022-A52A-68F9F0B72A63} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = 

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {404C67A2-43E3-4022-A52A-68F9F0B72A63} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File

Toolbar: HKLM - No Name - !{f9bbf004-6e40-4019-8214-c43a37e1d058} -  No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File

Toolbar: HKLM-x32 - No Name - !{f9bbf004-6e40-4019-8214-c43a37e1d058} -  No File

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-18] (EasyBits Software Corp.)

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)

Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jack Bogart\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000: @nsroblox.roblox.com/launcher -> C:\Users\Jack Bogart\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Jack Bogart\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jack Bogart\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Jack Bogart\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Jack Bogart\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jack Bogart\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF

FF HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF

 

Chrome: 

=======

CHR Profile: C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-30]

CHR Extension: (Google Docs) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-30]

CHR Extension: (Google Drive) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-30]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-30]

CHR Extension: (YouTube) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-30]

CHR Extension: (Google Search) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-30]

CHR Extension: (Google Sheets) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-30]

CHR Extension: (Google Wallet) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-30]

CHR Extension: (Gmail) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-30]

CHR Extension: (Space Planet) - C:\Users\Jack Bogart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2014-10-30]

CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JACKBO~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-08]

CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Jack Bogart\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2012-06-30]

CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JACKBO~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-08]

CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Jack Bogart\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2012-06-30]

CHR HKU\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

CHR HKLM-x32\...\Chrome\Extension: [cbnocfnjkmlljbfgpkbhefnlpbiemhif] - C:\Users\Jack Bogart\AppData\Roaming\OneTab\OneTab.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Jack Bogart\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx [2012-06-30]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-23] (APN LLC.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)

R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-04-24] (Sophos Limited)

R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-14] (Sophos Limited)

R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2013-08-22] (Sophos Limited)

R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-10-14] (Sophos Limited)

R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2013-08-22] (Sophos Limited)

R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-14] (Sophos Limited)

R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3262248 2014-10-14] (Sophos Limited)

S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-10-14] (Sophos Limited)

U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\   \...\???\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-07] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-04-24] (Sophos Limited)

S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-04-24] (Sophos Limited)

S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-04-24] (Sophos Limited)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-07 21:37 - 2015-01-07 21:39 - 00032408 _____ () C:\Users\Jack Bogart\Downloads\FRST.txt

2015-01-07 21:36 - 2015-01-07 21:37 - 00000000 ____D () C:\FRST

2015-01-07 21:36 - 2015-01-07 21:36 - 02124288 _____ (Farbar) C:\Users\Jack Bogart\Downloads\FRST64.exe

2015-01-07 21:34 - 2015-01-07 21:35 - 01115648 _____ (Farbar) C:\Users\Jack Bogart\Downloads\FRST.exe

2015-01-07 16:59 - 2015-01-07 20:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-07 16:59 - 2015-01-07 16:59 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-07 16:59 - 2015-01-07 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-07 16:58 - 2015-01-07 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-07 16:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-07 16:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-07 16:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-07 16:51 - 2015-01-07 16:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jack Bogart\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-07 16:15 - 2015-01-07 16:15 - 00001150 _____ () C:\Users\Jack Bogart\Downloads\w7-wscsvc.zip

2015-01-07 16:09 - 2015-01-07 16:10 - 00004264 _____ () C:\Users\Jack Bogart\Downloads\Security Center Service Fix.zip

2015-01-07 16:09 - 2015-01-07 16:10 - 00004264 _____ () C:\Users\Jack Bogart\Downloads\Security Center Service Fix (1).zip

2015-01-05 15:58 - 2015-01-05 15:58 - 00000000 ____D () C:\HP_TOOLS_mountHPSF

2014-12-27 21:59 - 2014-12-27 21:59 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-11 00:51 - 2014-12-11 00:51 - 00639856 _____ (ROBLOX Corporation) C:\Users\Jack Bogart\Downloads\RobloxPlayerLauncher (2).exe

2014-12-11 00:23 - 2014-12-11 00:23 - 00000000 ____D () C:\Users\Jack Bogart\Downloads\Math Articles

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-07 21:21 - 2012-05-20 20:27 - 00000400 _____ () C:\Windows\Tasks\update-sys.job

2015-01-07 21:21 - 2011-12-30 03:40 - 02022466 _____ () C:\Windows\WindowsUpdate.log

2015-01-07 21:18 - 2009-07-13 23:51 - 00065179 _____ () C:\Windows\setupact.log

2015-01-07 21:16 - 2011-07-25 14:31 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Local\CrashDumps

2015-01-07 21:08 - 2011-12-24 18:00 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-07 20:58 - 2012-07-06 23:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-07 20:51 - 2012-05-20 20:27 - 00000400 _____ () C:\Windows\Tasks\update-S-1-5-21-1893334715-2077863899-3365213242-1000.job

2015-01-07 20:22 - 2014-10-08 21:02 - 00000000 ___RD () C:\Users\Jack Bogart\Google Drive

2015-01-07 20:22 - 2013-05-31 14:59 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2015-01-07 20:22 - 2013-05-06 16:20 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Local\Strongvault Online Backup

2015-01-07 20:22 - 2012-08-17 13:37 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Roaming\Skype

2015-01-07 20:22 - 2011-12-24 18:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-07 19:54 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-07 19:54 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-07 19:51 - 2009-07-14 00:13 - 00783226 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-07 19:47 - 2010-11-20 22:47 - 01287892 _____ () C:\Windows\PFRO.log

2015-01-07 19:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-07 19:35 - 2013-09-08 23:39 - 00000000 ____D () C:\ProgramData\VirtualizedApplications

2015-01-07 19:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system

2015-01-07 18:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech

2015-01-07 18:23 - 2012-07-16 12:54 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Local\CRE

2015-01-07 18:23 - 2011-12-30 15:53 - 00000000 ____D () C:\Program Files (x86)\FoxTabFLVPlayer

2015-01-07 17:53 - 2014-10-29 20:19 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Local\USmedia

2015-01-07 16:58 - 2013-08-21 21:14 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-07 16:19 - 2013-09-14 20:57 - 00000000 _____ () C:\Windows\system32\vireng.log

2015-01-06 21:39 - 2011-07-17 10:41 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6AA1DB66-FCCC-45C3-B405-E805426D39B7}

2015-01-06 16:14 - 2014-12-03 18:20 - 00000000 ____D () C:\Program Files\OBS

2015-01-06 16:14 - 2014-12-03 18:20 - 00000000 ____D () C:\Program Files (x86)\OBS

2015-01-05 15:41 - 2012-05-20 20:27 - 00000525 _____ () C:\Users\Jack Bogart\AppData\Local\UserProducts.xml

2015-01-05 15:40 - 2012-05-20 20:27 - 00000000 ____D () C:\Program Files (x86)\Skillbrains

2014-12-28 21:00 - 2014-09-25 13:27 - 00000542 _____ () C:\Windows\Tasks\Weekly Scan.job

2014-12-27 15:04 - 2011-07-17 10:31 - 00000000 ____D () C:\Users\Jack Bogart

2014-12-27 14:25 - 2014-04-05 11:20 - 00000000 ____D () C:\Users\Jack Bogart\Desktop\Steam

2014-12-27 14:25 - 2011-04-18 15:05 - 00000000 ____D () C:\ProgramData\RoxioNow

2014-12-27 14:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-12-20 20:56 - 2012-04-02 17:22 - 00000000 ____D () C:\Users\Jack Bogart\Documents\Wizard101

2014-12-18 16:35 - 2012-05-20 20:27 - 00003286 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-1893334715-2077863899-3365213242-1000

2014-12-15 21:09 - 2013-04-09 17:58 - 00000000 ____D () C:\Users\Jack Bogart\Documents\ROBLOX

2014-12-15 20:44 - 2012-11-10 08:07 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2014-12-15 20:40 - 2012-11-09 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox

2014-12-15 16:25 - 2011-10-10 16:28 - 00000000 ____D () C:\Users\Jack Bogart\AppData\Roaming\.minecraft

2014-12-11 23:15 - 2014-11-14 16:05 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-11 12:54 - 2012-08-17 13:37 - 00000000 ____D () C:\ProgramData\Skype

2014-12-11 08:19 - 2014-01-14 21:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-11 00:51 - 2012-11-09 20:26 - 00001363 _____ () C:\Users\Jack Bogart\Desktop\ROBLOX Player.lnk

2014-12-10 02:07 - 2013-07-22 19:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games

2014-12-09 22:58 - 2012-07-06 23:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-09 22:58 - 2012-03-31 12:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-09 22:58 - 2012-03-03 00:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-08 14:21 - 2009-07-14 00:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

ZeroAccess:

C:\Users\Jack Bogart\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install

 

Files to move or delete:

====================

C:\Users\Jack Bogart\alg.exe

C:\Users\Jack Bogart\flashplayer.exe

C:\Users\Jack Bogart\teamviewer.exe

 

 

Some content of TEMP:

====================

C:\Users\Jack Bogart\AppData\Local\Temp\1871KrakenDevProps.dll

C:\Users\Jack Bogart\AppData\Local\Temp\3rbcxaxm.dll

C:\Users\Jack Bogart\AppData\Local\Temp\Creative Cloud Helper.exe

C:\Users\Jack Bogart\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Jack Bogart\AppData\Local\Temp\install_reader11_en_chra_awa_aih.exe

C:\Users\Jack Bogart\AppData\Local\Temp\ochelper.exe

C:\Users\Jack Bogart\AppData\Local\Temp\Offer.exe

C:\Users\Jack Bogart\AppData\Local\Temp\offercast.exe

C:\Users\Jack Bogart\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Jack Bogart\AppData\Local\Temp\tbVgra.dll

C:\Users\Jack Bogart\AppData\Local\Temp\UNINSTALL.EXE

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-07 20:17

 

==================== End Of Log ============================

 


 

The RougeKiller log will be in my next post as its taking a little while for it to scan so I hope you understand. I just dont want to lose these logs

Link to post
Share on other sites

The RogueKiller scan finally finished. Dont know if you want me to attach it or to paste it so I shall do both for you.

 

RogueKiller V10.1.2.0 [Jan  7 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jack Bogart [Administrator]
Mode : Scan -- Date : 01/07/2015  22:42:45
 
¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] dllhost.exe(9916) -- C:\Windows\syswow64\dllhost.exe[7] -> Killed [TermProc]
[PUP] (SVC) APNMCP -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"[7] -> Stopped
 
¤¤¤ Registry : 33 ¤¤¤
[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SMessaging : "C:\Users\Jack Bogart\AppData\Local\Strongvault Online Backup\SMessaging.exe"  -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"  -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe  -> Found
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | GameServer33 : "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe"  -> Found
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | Ikmsoft : regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll"  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe  -> Found
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | GameServer33 : "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe"  -> Found
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\Microsoft\Windows\CurrentVersion\Run | Ikmsoft : regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll"  -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe  -> Found
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | GameServer33 : "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe"  -> Found
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Ikmsoft : regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll"  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\Jack Bogart\AppData\Local\Skillbrains\lightshot\Lightshot.exe  -> Found
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | GameServer33 : "C:\Users\Jack Bogart\AppData\Roaming\Macromedia\WIN356D.exe"  -> Found
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Ikmsoft : regsvr32.exe "C:\Users\Jack Bogart\AppData\Local\Ikmsoft\DirectcrtTime.dll"  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\swi_update_64 ("C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe") -> Found
[ZeroAccess] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\?etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\   \...\?ﯹ๛\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\GoogleUpdate.exe" <) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swi_update_64 ("C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe") -> Found
[ZeroAccess] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\?etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\   \...\?ﯹ๛\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\GoogleUpdate.exe" <) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swi_update_64 ("C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe") -> Found
[ZeroAccess] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\?etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\   \...\?ﯹ๛\{1d23e0db-fcc0-214f-eadc-e9d494b78477}\GoogleUpdate.exe" <) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16CD061D-272C-4C28-9FD4-F28412B1FF1A} | DhcpNameServer : 10.10.1.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{16CD061D-272C-4C28-9FD4-F28412B1FF1A} | DhcpNameServer : 10.10.1.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{16CD061D-272C-4C28-9FD4-F28412B1FF1A} | DhcpNameServer : 10.10.1.1 [(Private Address) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 | (default) : \\?\globalroot\Device\HarddiskVolume2\Users\Jack Bogart\AppData\Local\Temp\sotoxiu\svictiw\wow.dll  -> Found
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found
[Tr.Rosena] (X64) HKEY_USERS\S-1-5-21-1893334715-2077863899-3365213242-1000\Software\classes\clsid\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 2 ¤¤¤
[ZeroAccess][Folder] Install -- C:\Users\Jack Bogart\AppData\Local\Google\Desktop\Install -> Found
[ZeroAccess][Folder] Install -- C:\Program Files (x86)\Google\Desktop\Install -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 15 (Driver: Not loaded [0xc000036b]) ¤¤¤
[iAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - LoadLibraryExA : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a554c0 (push dword 0x60a554c0|ret )
[iAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - LoadLibraryExW : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a556c0 (push dword 0x60a556c0|ret )
[iAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - LoadLibraryA : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a551a0 (push dword 0x60a551a0|ret )
[iAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.dll - LoadLibraryW : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a55330 (push dword 0x60a55330|ret )
[iAT:Inl(Tr.Zeus)] (iexplore.exe) USER32.dll - MessageBeep : Unknown @ 0x377665c (push dword 0x377665c|ret )
[iAT:Inl(Tr.Zeus)] (iexplore.exe) USER32.dll - DrawTextExW : Unknown @ 0x372b06c (push dword 0x372b06c|ret )
[iAT:Inl(Tr.Zeus)] (iexplore.exe) USER32.dll - DrawTextW : Unknown @ 0x372cdbc (push dword 0x372cdbc|ret )
[iAT:Inl(Tr.Zeus)] (iexplore.exe) WININET.dll - HttpOpenRequestW : Unknown @ 0x3730bdc (push dword 0x3730bdc|ret )
[iAT:Inl(Tr.Zeus)] (iexplore.exe) WS2_32.dll - WSASend : Unknown @ 0x3726ecc (push dword 0x3726ecc|ret )
[iAT:Inl(Tr.Zeus)] (iexplore.exe) WINMM.dll - waveOutOpen : Unknown @ 0x377172c (push dword 0x377172c|ret )
[iAT:Inl(Tr.Zeus)] (iexplore.exe) WININET.dll - HttpOpenRequestA : Unknown @ 0x372bbbc (push dword 0x372bbbc|ret )
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryExA : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a554c0 (push dword 0x60a554c0|ret )
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryW : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a55330 (push dword 0x60a55330|ret )
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryExW : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a556c0 (push dword 0x60a556c0|ret )
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - LoadLibraryA : C:\Users\JACKBO~1\AppData\Local\Temp\1871KrakenDevProps.dll @ 0x60a551a0 (push dword 0x60a551a0|ret )
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 275024b099280278ae1a8966bdc6bc2b
[bSP] 02a405a9db7591c89699b61b85898ec5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 596070 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1221160960 | Size: 14106 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 05fb2a10ce9b420c646c26a072f49a14
[bSP] cf21ac17dabc4b04b507ad4ae514da4b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 409600 | Size: 77824 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 159793152 | Size: 40000 MB
2 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 241713152 | Size: 800 MB
Link to post
Share on other sites

Thanks for the logs, continue as follows:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

 

 

 

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.