Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware or Virus PLEASE HELP

Started by BFella , May 03 2013 11:32 AM

  • Please log in to reply

#1
BFella
Posted 03 May 2013 - 11:32 AM

BFella

    Member

  • Member
  • PipPip
  • 18 posts
First of all this thread is completely different from the one I've already posted, it's regarding a different computer. Please help, it's MUCH needed.

Anyways, I'm running Windows 7, on a Dell Inspiron 1545.

It takes forever to start up and then when I log into the accounts everything just freezes, sometimes it'll unfreeze for like 1-2 minutes and let me use it but after that it's back to being frozen.

I'm not sure what's wrong with it, but if anyone could help it would be VERY much appreciated. This computer is my baby and has everything on it, I can't lose it.

Thanks again!

NOTE: Not to mention, once I get the computer running in normal mode if I get the internet open it'll work perfectly fine, but the applications and Windows always freezes and stuff, I'm not sure why, trying to run the scan right now in normal mode cause I don't have a USB drive, and can't pick one up till later, I'll post the log when I've got the scan to work.

Edited by BFella, 03 May 2013 - 12:18 PM.

  • 0

Advertisements

#2
JSntgRvr
Posted 03 May 2013 - 11:41 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html


    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#3
BFella
Posted 03 May 2013 - 11:57 AM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
What if I don't have a flash drive? Should I go purchase one?
  • 0

#4
BFella
Posted 03 May 2013 - 12:35 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2013
Ran by aKa BFeLLa (administrator) on 03-05-2013 11:16:47
Running from C:\Users\aKa BFeLLa\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Facebook Inc.) C:\Users\aKa BFeLLa\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Google Inc.) C:\Users\aKa BFeLLa\AppData\Local\Google\Update\GoogleUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Farbar) C:\Users\aKa BFeLLa\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [295936 2009-04-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-08] ()
HKCU\...\Run: [Facebook Update] "C:\Users\aKa BFeLLa\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Google Update] "C:\Users\aKa BFeLLa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-11-04] (Google Inc.)
HKCU\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
MountPoints2: E - E:\SETUP.EXE
MountPoints2: {39762d07-d3a3-11e1-af0f-00256466201b} - F:\TL-Bootstrap.exe
MountPoints2: {39762e04-d3a3-11e1-af0f-00256466201b} - F:\TL-Bootstrap.exe
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QwestTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart [45992 2010-08-26] (Qwest Communications)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [1115568 2011-02-08] (iMesh, Inc)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1297728 2013-02-23] (Spigot, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-05] (AVG Technologies CZ, s.r.o.)
HKU\Mcx1-AKABFELLA-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll [1057160 2011-02-08] (iMesh, Inc)

==================== Internet (Whitelisted) ====================

ProxyServer: 85.93.2.63:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com...r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
URLSearchHook: (No Name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File
URLSearchHook: (No Name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No File
HKLM-x32 SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh....q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh....q={searchTerms}
HKCU SearchScopes: DefaultScope {32615BC9-8479-4162-B373-6EBDF2DF041D} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...search&AF=15627
SearchScopes: HKCU - {32615BC9-8479-4162-B373-6EBDF2DF041D} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh....q={searchTerms}
BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: SecureDocnPrivacynProtectionBHO - {6B2466D6-E2A0-451E-A17D-8D8ED4ED3E1D} - C:\Program Files (x86)\SecureDoc Privacy Protection\8.6\KangoBHO.dll (KangoExtensions)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
Toolbar: HKLM-x32 - MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
Toolbar: HKLM-x32 - SecureDocnPrivacynProtection - {6B818187-4C67-4A7A-98D9-4873D7C8CB95} - C:\Program Files (x86)\SecureDoc Privacy Protection\8.6\KangoBHO.dll (KangoExtensions)
Toolbar: HKLM-x32 - IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\7.0\iobitToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
Toolbar: HKCU - No Name - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
PDF: HKLM-x32 {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\aKa BFeLLa\AppData\Roaming\Mozilla\Firefox\Profiles\6ait7wdd.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://search.imesh.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: firebug - C:\Users\aKa BFeLLa\AppData\Roaming\Mozilla\Firefox\Profiles\6ait7wdd.default\Extensions\[email protected]
FF Extension: iobit - C:\Users\aKa BFeLLa\AppData\Roaming\Mozilla\Firefox\Profiles\6ait7wdd.default\Extensions\[email protected]
FF Extension: wtxpcom - C:\Users\aKa BFeLLa\AppData\Roaming\Mozilla\Firefox\Profiles\6ait7wdd.default\Extensions\[email protected]

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\aKa BFeLLa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\aKa BFeLLa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\aKa BFeLLa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\aKa BFeLLa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (RockMelt Update) - C:\Users\aKa BFeLLa\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll No File
CHR Plugin: (Game Face Plugin) - C:\Users\aKa BFeLLa\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Extension: (YouTube) - C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.62_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-04-29] (Akamai Technologies, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll [309688 2012-04-12] (Symantec Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 sprtlisten; C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S3 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.)
S2 HPDrvMntSvc.exe; "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" [x]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-02-14] (AVG Technologies CZ, s.r.o.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-22] (Symantec Corporation)
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [189952 2010-06-23] (Hauppauge, Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20130319.002\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130319.018\ENG64.SYS [126192 2013-03-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130319.018\EX64.SYS [2087664 2013-03-17] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-23] (Symantec Corporation)
R3 Afc; SysWOW64\drivers\Afc.sys [x]
R1 archlp; SysWOW64\drivers\archlp.sys [x]
R1 ccSet_NAV; \SystemRoot\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys [x]
S3 SRTSP; \SystemRoot\System32\Drivers\NAVx64\1309010.00E\SRTSP64.SYS [x]
R1 SRTSPX; \SystemRoot\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS [x]
R0 SymDS; system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS [x]
R0 SymEFA; system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS [x]
R1 SymIRON; \SystemRoot\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS [x]
R1 SymNetS; \SystemRoot\System32\Drivers\NAVx64\1309010.00E\SYMNETS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-03 11:16 - 2013-05-03 11:16 - 01712312 ____A (Farbar) C:\Users\aKa BFeLLa\Downloads\FRST64.exe
2013-05-03 11:16 - 2013-05-03 11:16 - 00000000 ____D C:\FRST
2013-04-29 10:38 - 2013-04-29 10:39 - 00285232 ____A C:\Windows\Minidump\042913-63882-01.dmp

==================== One Month Modified Files and Folders =======

2013-05-03 11:26 - 2011-10-08 12:29 - 00000000 ____D C:\Users\aKa BFeLLa\AppData\Local\PMB Files
2013-05-03 11:24 - 2010-10-18 20:28 - 00000000 ____D C:\Users\aKa BFeLLa\AppData\Local\CrashDumps
2013-05-03 11:19 - 2009-07-13 21:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-03 11:19 - 2009-07-13 21:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-03 11:17 - 2010-11-04 19:47 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011216080-2438783747-224668161-1000UA.job
2013-05-03 11:16 - 2013-05-03 11:16 - 01712312 ____A (Farbar) C:\Users\aKa BFeLLa\Downloads\FRST64.exe
2013-05-03 11:16 - 2013-05-03 11:16 - 00000000 ____D C:\FRST
2013-05-03 11:16 - 2011-02-13 20:00 - 00000000 ____D C:\Users\aKa BFeLLa\AppData\Roaming\Mozilla
2013-05-03 11:10 - 2010-12-24 11:48 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-03 11:07 - 2013-03-17 22:58 - 00000336 ____A C:\Windows\setupact.log
2013-05-03 11:07 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-29 10:39 - 2013-04-29 10:38 - 00285232 ____A C:\Windows\Minidump\042913-63882-01.dmp
2013-04-29 10:38 - 2013-03-18 17:09 - 471747243 ____A C:\Windows\MEMORY.DMP
2013-04-29 10:38 - 2012-07-07 11:11 - 00000000 ____D C:\Windows\Minidump

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-07-16 00:03] - [2011-02-24 23:19] - 2388992 ____A (Microsoft Corporation) 5B9B4852CD20FE2C797AFB37BE2383EE

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-03-06 20:56

==================== End Of Log ============================
  • 0

#5
BFella
Posted 03 May 2013 - 12:36 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2013
Ran by aKa BFeLLa at 2013-05-03 11:27:32 Run:
Running from C:\Users\aKa BFeLLa\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.0.0)
Adobe After Effects CS5 (Version: 10)
Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AIM for Windows
Akamai NetSession Interface
Akamai NetSession Interface Service
ALPS Touch Pad Driver (Version: 7.105.2011.105)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft TotalMedia Extreme (Version: 1.0.9.9)
AVG 2013 (Version: 13.0.3157)
AVG 2013 (Version: 13.0.3258)
AVG 2013 (Version: 2013.0.3258)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.28)
CenturyLink Personal Digital Vault™ (Version: 1.0.0004)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Digital Music Pad 8.2.3.4.8 (Version: 8.2.3.4.8)
Download Updater (AOL LLC)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Feedback Tool (Version: 1.2.0)
Google Chrome (Version: 26.0.1410.64)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Talk Plugin (Version: 3.18.3.12840)
Google Update Helper (Version: 1.3.21.135)
Hauppauge HDPVR Scheduler
Hauppauge WinTV IR Blaster (Version: 7.4.28025)
Hauppauge WinTV Scheduler
Hex Workshop v6.6 (Version: 6.6.1.5158)
iCloud (Version: 2.1.0.39)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)
IObit Toolbar v7.0 (Version: 7.0)
iTunes (Version: 11.0.0.163)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 23 (64-bit) (Version: 6.0.230)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ SE Development Kit 6 Update 23 (64-bit) (Version: 1.6.0.230)
Java™ SE Development Kit 6 Update 23 (Version: 1.6.0.230)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Marvell Miniport Driver (Version: 11.10.5.3)
MediaBar (Version: 2.5.0.100449)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.201)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ Run Time Lib Setup (Version: 1.0.0)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0)
Mozilla Maintenance Service (Version: 19.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
Norton AntiVirus (Version: 19.9.1.14)
Octoshape add-in for Adobe Flash Player
Opera 10.00 (Version: 10.00)
Opera 11.60 (Version: 11.60.1185)
Pando Media Booster (Version: 2.3.6.0)
PDF Settings CS5 (Version: 10.0)
PFPortChecker 1.0.39 (Version: 1.0.39)
PowerISO (Version: 4.7)
PremiumSoft Navicat Lite 10.0
QuickTime (Version: 7.71.80.42)
Qwest Installer (Version: 1.0)
Qwest QuickAssist Desktop Tools (Version: 23)
Qwest Windows Live Toolbar Buttons (Version: 2.0.0.0)
RapidSVN-0.12.0
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30104)
RealUpgrade 1.1 (Version: 1.1.0)
SecureDoc Privacy Protection (Version: 8.6)
Skype™ 6.1 (Version: 6.1.129)
Spybot - Search & Destroy (Version: 1.6.2)
TeamViewer 6 (Version: 6.0.9947)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Vegas Pro 10.0 (64-bit) (Version: 10.0.470)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR archiver
Xvid 1.2.1 final uninstall (Version: 1.2)
YTD Video Downloader 3.9.6 (Version: 3.9.6)

==================== Restore Points =========================


==================== Hosts content: ==========================



::1 localhost

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com

There are more than 1000 lines starting with "127.0.0.1"


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2013 11:24:20 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\uialert.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Symantec Service Framework because of this error.

Program: Symantec Service Framework
File: C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\uialert.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (05/03/2013 11:24:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccSvcHst.exe, version: 11.2.3.6, time stamp: 0x4fdbcf1d
Faulting module name: UIALERT.DLL, version: 19.9.1.14, time stamp: 0x510c9139
Exception code: 0xc0000006
Fault offset: 0x0005d12b
Faulting process id: 0xa18
Faulting application start time: 0xccSvcHst.exe0
Faulting application path: ccSvcHst.exe1
Faulting module path: ccSvcHst.exe2
Report Id: ccSvcHst.exe3

Error: (05/03/2013 11:22:52 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\jscript9.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Desktop Gadgets because of this error.

Program: Windows Desktop Gadgets
File: C:\Windows\System32\jscript9.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (05/03/2013 11:22:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Faulting module name: jscript9.dll, version: 9.0.8112.16470, time stamp: 0x510cb8a6
Exception code: 0xc0000006
Fault offset: 0x0000000000029580
Faulting process id: 0xd84
Faulting application start time: 0xsidebar.exe0
Faulting application path: sidebar.exe1
Faulting module path: sidebar.exe2
Report Id: sidebar.exe3

Error: (05/03/2013 11:12:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: QwestTouchPointAgent.exe, version: 3.0.0.10, time stamp: 0x4c773803
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b8479b
Exception code: 0xe053534f
Fault offset: 0x0000000000009e5d
Faulting process id: 0x%9
Faulting application start time: 0xQwestTouchPointAgent.exe0
Faulting application path: QwestTouchPointAgent.exe1
Faulting module path: QwestTouchPointAgent.exe2
Report Id: QwestTouchPointAgent.exe3

Error: (04/29/2013 10:40:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: QwestTouchPointAgent.exe, version: 3.0.0.10, time stamp: 0x4c773803
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b8479b
Exception code: 0xe053534f
Fault offset: 0x0000000000009e5d
Faulting process id: 0x%9
Faulting application start time: 0xQwestTouchPointAgent.exe0
Faulting application path: QwestTouchPointAgent.exe1
Faulting module path: QwestTouchPointAgent.exe2
Report Id: QwestTouchPointAgent.exe3

Error: (03/19/2013 05:57:42 PM) (Source: Microsoft-Windows-User Profiles Service) (User: aKaBFeLLa-PC)
Description: Windows cannot delete the profile directory C:\Users\Family. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.

Error: (03/19/2013 05:47:13 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\SearchProtocolHost.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Protocol Host because of this error.

Program: Microsoft Windows Search Protocol Host
File: C:\Windows\System32\SearchProtocolHost.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (03/19/2013 05:47:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d006
Faulting module name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d006
Exception code: 0xc0000006
Fault offset: 0x000000000001163b
Faulting process id: 0xc94
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3

Error: (03/19/2013 05:31:44 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Program Files (x86)\AVG\AVG2013\avgadvisorx.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program AVG Watchdog Service because of this error.

Program: AVG Watchdog Service
File: C:\Program Files (x86)\AVG\AVG2013\avgadvisorx.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3


System errors:
=============
Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/03/2013 11:25:21 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (05/03/2013 11:24:20 AM) (Source: Application Error)(User: )
Description: C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\uialert.dllSymantec Service FrameworkC00001853

Error: (05/03/2013 11:24:19 AM) (Source: Application Error)(User: )
Description: ccSvcHst.exe11.2.3.64fdbcf1dUIALERT.DLL19.9.1.14510c9139c00000060005d12ba1801ce48297cb2509dC:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exeC:\PROGRAM FILES (X86)\NORTON ANTIVIRUS\ENGINE\19.9.1.14\UIALERT.DLLaafabda1-b41e-11e2-a58f-00256466201b

Error: (05/03/2013 11:22:52 AM) (Source: Application Error)(User: )
Description: C:\Windows\System32\jscript9.dllWindows Desktop GadgetsC00001853

Error: (05/03/2013 11:22:51 AM) (Source: Application Error)(User: )
Description: sidebar.exe6.1.7601.175144ce7a1c7jscript9.dll9.0.8112.16470510cb8a6c00000060000000000029580d8401ce48298dce8abdC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\jscript9.dll76b67575-b41e-11e2-a58f-00256466201b

Error: (05/03/2013 11:12:05 AM) (Source: Application Error)(User: )
Description: QwestTouchPointAgent.exe3.0.0.104c773803KERNELBASE.dll6.1.7601.1801550b8479be053534f0000000000009e5d

Error: (04/29/2013 10:40:18 AM) (Source: Application Error)(User: )
Description: QwestTouchPointAgent.exe3.0.0.104c773803KERNELBASE.dll6.1.7601.1801550b8479be053534f0000000000009e5d

Error: (03/19/2013 05:57:42 PM) (Source: Microsoft-Windows-User Profiles Service)(User: aKaBFeLLa-PC)
Description: C:\Users\FamilyThe directory is not empty.

Error: (03/19/2013 05:47:13 PM) (Source: Application Error)(User: )
Description: C:\Windows\System32\SearchProtocolHost.exeMicrosoft Windows Search Protocol HostC00001853

Error: (03/19/2013 05:47:13 PM) (Source: Application Error)(User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0d006SearchProtocolHost.exe7.0.7601.176104dc0d006c0000006000000000001163bc9401ce25038df20b73C:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchProtocolHost.exeb4090745-90f7-11e2-b5eb-00256466201b

Error: (03/19/2013 05:31:44 PM) (Source: Application Error)(User: )
Description: C:\Program Files (x86)\AVG\AVG2013\avgadvisorx.dllAVG Watchdog ServiceC00001853


CodeIntegrity Errors:
===================================
Date: 2011-07-15 22:49:03.338
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-15 22:49:03.291
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-15 22:49:03.125
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-15 22:49:03.080
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-15 22:49:02.923
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-15 22:49:02.878
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-15 22:49:02.725
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-15 22:49:02.681
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-15 22:49:02.528
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-15 22:49:02.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nhcDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 3032.36 MB
Available physical RAM: 1168.64 MB
Total Pagefile: 6062.91 MB
Available Pagefile: 3790.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:218.2 GB) (Free:101.16 GB) NTFS (Disk=0 Partition=3)

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B

Partitions of Disk 0:
===============

Disk ID: 086F8F0B

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 218 GB Healthy Boot

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 086F8F0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)
  • 0

#6
JSntgRvr
Posted 03 May 2013 - 01:51 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#7
JSntgRvr
Posted 03 May 2013 - 02:06 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Also:

Run FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

explorer.exe

It then should look like:

Search: explorer.exe

Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.
  • 0

#8
BFella
Posted 03 May 2013 - 02:10 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
# AdwCleaner v2.300 - Logfile created 05/03/2013 at 12:58:11
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : aKa BFeLLa - AKABFELLA-PC
# Boot Mode : Normal
# Running from : C:\Users\aKa BFeLLa\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\iMesh Applications\Mediabar
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\aKa BFeLLa\AppData\Local\PackageAware
Folder Deleted : C:\Users\aKa BFeLLa\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\aKa BFeLLa\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\aKa BFeLLa\AppData\LocalLow\Search Settings

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://search.imesh.com/
hxxp://search.babylon.com/home?AF=15627
hxxp://go.microsoft.com/fwlink/?LinkId=69157 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Secondary_Page_URL] = hxxp://search.imesh.com/
hxxp://search.babylon.com/home?AF=15627
hxxp://go.microsoft.com/fwlink/?LinkId=69157 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\aKa BFeLLa\AppData\Roaming\Mozilla\Firefox\Profiles\6ait7wdd.default\prefs.js

C:\Users\aKa BFeLLa\AppData\Roaming\Mozilla\Firefox\Profiles\6ait7wdd.default\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://search.imesh.com/");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\aKa BFeLLa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.60.1185.0

File : C:\Users\aKa BFeLLa\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://search.imesh.com/

*************************

AdwCleaner[R1].txt - [10540 octets] - [03/05/2013 12:55:43]
AdwCleaner[S1].txt - [10139 octets] - [03/05/2013 12:58:11]

########## EOF - C:\AdwCleaner[S1].txt - [10200 octets] ##########
  • 0

#9
BFella
Posted 03 May 2013 - 02:40 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Malwarye Bytes freezes everything, every time I run it. It'll work for about 2 minutes, then just freeze up everything.
  • 0

#10
JSntgRvr
Posted 03 May 2013 - 02:41 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Search for explorer.exe
  • 0

Advertisements

#11
BFella
Posted 03 May 2013 - 02:51 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Search for explorer.exe


It's still currently searching, not sure how long it's suppose to take but it's been awhile.
  • 0

#12
BFella
Posted 03 May 2013 - 02:52 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Farbar Recovery Scan Tool (x64) Version: 02-05-2013
Ran by aKa BFeLLa at 2013-05-03 13:41:55
Running from C:\Users\aKa BFeLLa\Downloads
Boot Mode: Normal

================== Search: "explorer.exe" ===================

C:\Windows\explorer.exe
[2011-07-16 00:03] - [2011-02-24 23:19] - 2388992 ____A (Microsoft Corporation) 5B9B4852CD20FE2C797AFB37BE2383EE

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-04-26 15:52] - [2011-02-25 22:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011-04-26 15:52] - [2011-02-24 22:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-06-06 21:01] - [2010-11-20 05:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011-04-26 15:52] - [2011-02-25 23:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-04-26 15:52] - [2011-02-24 23:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011-06-06 21:01] - [2010-11-20 06:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\SysWOW64\explorer.exe
[2011-04-26 15:52] - [2011-02-24 22:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

====== End Of Search ======
  • 0

#13
JSntgRvr
Posted 03 May 2013 - 03:24 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download the enclosed file. [attachment=64486:fixlist.txt]

Save it next to FRST64.

Run FRST64 as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log next to FRST64 (Fixlog.txt) please post it to your reply.

Restart the computer.


Please download and run Rkill by Grinler from any of the following locations (Vista and Win7: to run the application, right click on Rkill and choose Run as an Administrator):

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.

Please attempt to run Malwarebytes Antimalware as previously requested.
  • 0

#14
BFella
Posted 03 May 2013 - 03:40 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2013
Ran by aKa BFeLLa at 2013-05-03 14:32:09 Run:1
Running from C:\Users\aKa BFeLLa\Downloads
Boot Mode: Normal
==============================================

C:\Windows\explorer.exe => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe copied successfully to C:\Windows\explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39762d07-d3a3-11e1-af0f-00256466201b} => Key deleted successfully.
HKCR\CLSID\{39762d07-d3a3-11e1-af0f-00256466201b} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39762e04-d3a3-11e1-af0f-00256466201b} => Key deleted successfully.
HKCR\CLSID\{39762e04-d3a3-11e1-af0f-00256466201b} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => Value not found.
HKEY_USERS\Mcx1-AKABFELLA-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

==== End of Fixlog ====
  • 0

#15
BFella
Posted 03 May 2013 - 04:26 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Still freezes even after Rkill.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP