Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Ramsonware Metropolitan Police Please Help [Solved]

Started by Streaky B , Nov 03 2013 08:47 PM

This topic is locked

#1
Streaky B

Posted 03 November 2013 - 08:47 PM

New Member

Member
7 posts

Hi everyone,

I'm trying to fix my brother's computer from a Ramsonware virus. Every time you put it up there's just a white screen and the cursor. I've tried looking for a restore point but there aren't any, booting in safe mode doesn't work and nor would hitman pro. I then managed to get anvi rescue disk to load, it detected one threat which was cleaned and then I fixed the registry but nothing has changed when starting up. I'd really appreciate some help here as I don't really know what else to do. Also the initial screen said British Metropolitan police which will still come up if it's connected to the internet. Thank you

#2
emeraldnzl

Posted 03 November 2013 - 09:15 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Streaky B,

Welcome to geekstogo.

Let's see if your machine will allow you to do this:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

#3
Streaky B

Posted 04 November 2013 - 02:53 AM

New Member

Topic Starter
Member
7 posts

Thank you so much!

During the scan it came up with the following message;
The file or directory C:\$Mft is corrupt and unreadable. Please run the Chkdsk utility

Ok, here is the log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by SYSTEM on MININT-UNB6RN7 on 04-11-2013 08:44:29
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6539880 2010-11-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-02] (Adobe Systems Incorporated)
HKLM\...\Run: [lxcrmon.exe] - C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe [291496 2009-05-01] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe [82600 2009-05-01] (Lexmark International Inc.)
HKLM\...\Run: [LXCRCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [Seagull Drivers] - ssdal_nc.exe startup
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab)
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoDesktop] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoInternetIcon] 0
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [348760 2010-10-01] (Kaspersky Lab)
HKLM-x32\...\Run: [O2Start] - C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe [2662400 2008-10-10] (O2)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-11-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-07-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKU\Streaky\...\Run: [Google Update] - C:\Users\Streaky\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-04] (Google Inc.)
HKU\Streaky\...\Run: [hgstz.exe] - "C:\ProgramData\hgstz.exe"
HKU\Streaky\...\Run: [xrpcr.exe] - "C:\ProgramData\xrpcr.exe"
HKU\Streaky\...\Run: [hsoqr.exe] - "C:\ProgramData\hsoqr.exe"
HKU\Streaky\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\Streaky\...\Run: [AdobeBridge] - [x]
HKU\Streaky\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\Streaky\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\System32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe [465568 2012-03-24] (Adobe Systems, Inc.)
HKU\Streaky\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\Streaky\...\Winlogon: [Shell] explorer.exe,C:\Users\Streaky\AppData\Roaming\Other.res [70656 2013-08-28] () <==== ATTENTION
HKU\UpdatusUser\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Streaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Streaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [348760 2010-10-01] (Kaspersky Lab)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
S2 lxcr_device; C:\Windows\system32\lxcrcoms.exe [566192 2006-12-11] ( )
S2 lxcr_device; C:\Windows\SysWow64\lxcrcoms.exe [537520 2006-12-11] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S2 OrangeMobileBroadband_Service; C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [334792 2011-06-01] ()
S2 QDLService2kDell; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [330488 2010-01-13] (QUALCOMM, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-05-15] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWow64\DRIVERS\ewusbnet.sys [138752 2013-05-15] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWow64\DRIVERS\ew_hwusbdev.sys [117248 2013-05-15] (Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\SysWow64\DRIVERS\ew_usbenumfilter.sys [13952 2013-05-15] (Huawei Technologies Co., Ltd.)
S3 hwdatacard; C:\Windows\SysWow64\DRIVERS\ewusbmdm.sys [121600 2013-05-15] (Huawei Technologies Co., Ltd.)
S1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
S0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [353296 2011-08-08] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-09-14] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-04 08:44 - 2013-11-04 08:44 - 00000000 ____D C:\FRST
2013-11-03 23:21 - 2013-11-03 23:22 - 26548024 _____ C:\asdsetup.exe
2013-11-03 18:31 - 2013-11-03 18:31 - 00005126 _____ C:\Windows\System32\PerfStringBackup.TMP
2013-11-02 08:32 - 2013-11-02 08:32 - 70254592 _____ C:\Windows\System32\config\software.bhv
2013-11-02 08:32 - 2013-11-02 08:32 - 23330816 _____ C:\Windows\System32\config\system.bhv
2013-11-02 08:32 - 2013-11-02 08:32 - 00524288 _____ C:\Windows\System32\config\default.bhv
2013-11-02 08:32 - 2013-11-02 08:32 - 00262144 _____ C:\Windows\System32\config\security.bhv
2013-11-02 08:32 - 2013-11-02 08:32 - 00262144 _____ C:\Windows\System32\config\sam.bhv
2013-11-02 08:26 - 2013-11-02 08:26 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-11-02 06:13 - 2013-11-02 06:13 - 00000000 __SHD C:\found.000
2013-11-02 03:44 - 2013-11-02 03:44 - 00006576 ____N C:\bootsqm.dat
2013-11-01 02:56 - 2013-11-01 02:56 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (71).csv#
2013-11-01 02:53 - 2013-11-01 02:53 - 00004191 _____ C:\Users\Streaky\Downloads\SalesHistory (71).csv
2013-10-31 05:46 - 2013-10-31 05:46 - 00003979 _____ C:\Users\Streaky\Downloads\SalesHistory (70).csv
2013-10-31 05:46 - 2013-10-31 05:46 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (70).csv#
2013-10-30 05:03 - 2013-10-30 05:03 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (69).csv#
2013-10-30 05:02 - 2013-10-30 05:02 - 00005442 _____ C:\Users\Streaky\Downloads\SalesHistory (69).csv
2013-10-29 05:35 - 2013-10-29 05:35 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (68).csv#
2013-10-29 05:34 - 2013-10-29 05:34 - 00006467 _____ C:\Users\Streaky\Downloads\SalesHistory (68).csv
2013-10-29 04:55 - 2013-10-29 04:55 - 01487391 _____ C:\Users\Streaky\Downloads\zoltars_website_Presentation_o1_v9 (1).ppsx
2013-10-29 04:55 - 2013-10-29 04:55 - 01487391 _____ C:\Users\Streaky\Desktop\zoltars first draft.ppsx
2013-10-28 06:25 - 2013-10-28 06:25 - 00010010 _____ C:\Users\Streaky\Desktop\28102013 extra e bits.csv
2013-10-28 04:53 - 2013-10-28 04:53 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (67).csv#
2013-10-28 04:51 - 2013-10-28 04:51 - 00010362 _____ C:\Users\Streaky\Downloads\SalesHistory (67).csv
2013-10-27 14:26 - 2013-10-27 14:26 - 00590496 _____ C:\Users\Streaky\Downloads\uplayermediaplayer-setup (1).exe
2013-10-25 05:24 - 2013-10-25 05:25 - 00004693 _____ C:\Users\Streaky\Downloads\SalesHistory (66).csv
2013-10-24 07:23 - 2013-10-24 07:23 - 00904923 _____ C:\Users\Streaky\Downloads\Ana Lourenço - ELLIOT.pdf-
2013-10-24 04:42 - 2013-10-24 04:42 - 00003612 _____ C:\Users\Streaky\Downloads\SalesHistory (65).csv
2013-10-23 06:50 - 2013-10-23 06:51 - 00002811 _____ C:\Users\Streaky\Downloads\SalesHistory (64).csv
2013-10-22 06:21 - 2013-10-22 06:21 - 00001481 _____ C:\Users\Streaky\Downloads\SalesHistory (63).csv
2013-10-22 02:19 - 2013-10-22 02:19 - 00002770 _____ C:\Users\Streaky\Downloads\SalesHistory (62).csv
2013-10-22 02:02 - 2013-10-22 02:02 - 00011998 _____ C:\Users\Streaky\Downloads\GS=A00010 Escalating claim to Customer Support, I received an item that is not as described [#UK SR# 1-15796901715.zip
2013-10-21 02:37 - 2013-10-21 02:37 - 00008057 _____ C:\Users\Streaky\Downloads\SalesHistory (61).csv
2013-10-20 06:59 - 2013-10-20 06:59 - 00335136 _____ C:\Users\Streaky\Downloads\Setup (2).exe
2013-10-19 04:14 - 2013-10-19 04:14 - 00319728 _____ C:\Users\Streaky\Downloads\Setup (1).exe
2013-10-18 07:22 - 2013-10-18 07:22 - 00000000 ____D C:\Users\Streaky\Downloads\www.NewAlbumReleases.net_VV Brown - Samson and Delilah (2013)
2013-10-18 06:16 - 2013-10-18 06:58 - 129385784 _____ C:\Users\Streaky\Downloads\www.NewAlbumReleases.net_VV Brown - Samson and Delilah (2013).rar
2013-10-18 04:24 - 2013-10-18 04:24 - 00006426 _____ C:\Users\Streaky\Downloads\SalesHistory (60).csv
2013-10-17 07:08 - 2013-10-17 07:08 - 00001084 _____ C:\Users\Streaky\Downloads\SalesHistory (59).csv
2013-10-17 06:50 - 2013-10-17 06:50 - 00001114 _____ C:\Users\Streaky\Downloads\SalesHistory (58).csv
2013-10-17 06:47 - 2013-10-17 06:47 - 00001084 _____ C:\Users\Streaky\Downloads\SalesHistory (57).csv
2013-10-17 06:44 - 2013-10-17 06:44 - 00002731 _____ C:\Users\Streaky\Downloads\SalesHistory (56).csv
2013-10-17 04:42 - 2013-10-17 04:42 - 00003140 _____ C:\Users\Streaky\Downloads\SalesHistory (55).csv
2013-10-16 05:39 - 2013-10-16 05:39 - 00001118 _____ C:\Users\Streaky\Downloads\SalesHistory (54).csv
2013-10-16 04:15 - 2013-10-16 04:15 - 00009800 _____ C:\Users\Streaky\Downloads\SalesHistory (53).csv
2013-10-15 13:04 - 2013-10-15 13:04 - 00321552 _____ C:\Users\Streaky\Downloads\Setup.exe
2013-10-15 02:28 - 2013-10-15 02:28 - 00004064 _____ C:\Users\Streaky\Downloads\SalesHistory (52).csv
2013-10-14 07:16 - 2013-10-14 07:16 - 00001114 _____ C:\Users\Streaky\Downloads\SalesHistory (51).csv
2013-10-14 07:15 - 2013-10-14 07:15 - 00001100 _____ C:\Users\Streaky\Downloads\SalesHistory (50).csv
2013-10-14 04:04 - 2013-10-14 04:04 - 00012390 _____ C:\Users\Streaky\Downloads\SalesHistory (49).csv
2013-10-11 05:33 - 2013-10-11 05:33 - 00004013 _____ C:\Users\Streaky\Downloads\SalesHistory (48).csv
2013-10-10 02:28 - 2013-10-10 02:28 - 00001082 _____ C:\Users\Streaky\Downloads\SalesHistory (47).csv
2013-10-10 02:19 - 2013-10-10 02:19 - 00004806 _____ C:\Users\Streaky\Downloads\SalesHistory (46).csv
2013-10-09 18:09 - 2013-09-22 07:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-09 18:09 - 2013-09-22 07:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-09 18:09 - 2013-09-22 06:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-09 18:09 - 2013-09-22 06:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-09 18:09 - 2013-09-22 06:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-09 18:09 - 2013-09-22 06:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-09 18:09 - 2013-09-22 06:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-09 18:09 - 2013-09-22 06:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-09 18:09 - 2013-09-22 06:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-09 18:09 - 2013-09-22 06:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-09 18:09 - 2013-09-22 06:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-09 18:09 - 2013-09-22 06:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-09 18:09 - 2013-09-22 06:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-09 18:09 - 2013-09-22 06:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-09 18:09 - 2013-09-22 06:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-09 18:09 - 2013-09-22 06:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-09 18:09 - 2013-09-22 02:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 18:09 - 2013-09-22 02:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 18:09 - 2013-09-22 02:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 18:09 - 2013-09-22 02:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-09 18:09 - 2013-09-22 02:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 18:09 - 2013-09-22 02:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 18:09 - 2013-09-22 02:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-09 18:09 - 2013-09-22 02:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 18:09 - 2013-09-22 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-09 18:09 - 2013-09-22 02:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 18:09 - 2013-09-22 02:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-09 18:09 - 2013-09-22 02:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 18:09 - 2013-09-22 02:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 18:09 - 2013-09-22 02:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 18:09 - 2013-09-22 02:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-09 18:09 - 2013-09-22 01:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 05:38 - 2013-10-09 05:38 - 00003611 _____ C:\Users\Streaky\Downloads\SalesHistory (45).csv
2013-10-09 00:47 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-09 00:47 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-09 00:47 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-09 00:47 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 00:47 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-09 00:47 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-09 00:47 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-09 00:47 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-09 00:47 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-09 00:47 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 00:47 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 00:47 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 00:47 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 00:47 - 2013-08-28 17:50 - 00070656 _____ C:\Users\Streaky\AppData\Roaming\Other.res
2013-10-09 00:47 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 00:47 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 00:47 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 00:47 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 00:47 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 00:47 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-09 00:47 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-09 00:47 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-09 00:47 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-09 00:47 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-09 00:47 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-09 00:47 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 00:47 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 00:47 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 00:47 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-09 00:47 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-09 00:47 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-09 00:47 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-09 00:47 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-09 00:47 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-09 00:47 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-09 00:47 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-09 00:47 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-09 00:47 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 00:47 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 00:47 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 00:47 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-09 00:47 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 00:47 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 00:46 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-09 00:46 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-09 00:46 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-09 00:46 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-09 00:46 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-09 00:46 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-09 00:46 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-09 00:46 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 00:46 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-09 00:46 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-09 00:46 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 00:46 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 06:57 - 2013-10-08 06:58 - 00001109 _____ C:\Users\Streaky\Downloads\SalesHistory (44).csv
2013-10-08 03:24 - 2013-10-08 03:24 - 00006491 _____ C:\Users\Streaky\Downloads\SalesHistory (43).csv
2013-10-07 03:15 - 2013-10-07 03:15 - 00013843 _____ C:\Users\Streaky\Downloads\SalesHistory (42).csv

==================== One Month Modified Files and Folders =======

2013-11-04 08:44 - 2013-11-04 08:44 - 00000000 ____D C:\FRST
2013-11-03 23:22 - 2013-11-03 23:21 - 26548024 _____ C:\asdsetup.exe
2013-11-03 18:31 - 2013-11-03 18:31 - 00005126 _____ C:\Windows\System32\PerfStringBackup.TMP
2013-11-03 18:31 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-03 18:31 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-03 18:30 - 2011-08-04 14:29 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-03 18:30 - 2011-08-03 20:03 - 01717392 _____ C:\Windows\WindowsUpdate.log
2013-11-03 18:24 - 2011-08-04 14:29 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-03 18:24 - 2011-08-04 03:36 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-03 18:23 - 2013-08-22 01:08 - 00004279 _____ C:\Windows\setupact.log
2013-11-03 18:23 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-02 08:32 - 2013-11-02 08:32 - 70254592 _____ C:\Windows\System32\config\software.bhv
2013-11-02 08:32 - 2013-11-02 08:32 - 23330816 _____ C:\Windows\System32\config\system.bhv
2013-11-02 08:32 - 2013-11-02 08:32 - 00524288 _____ C:\Windows\System32\config\default.bhv
2013-11-02 08:32 - 2013-11-02 08:32 - 00262144 _____ C:\Windows\System32\config\security.bhv
2013-11-02 08:32 - 2013-11-02 08:32 - 00262144 _____ C:\Windows\System32\config\sam.bhv
2013-11-02 08:32 - 2011-08-03 20:03 - 00000000 ____D C:\users\Streaky
2013-11-02 08:26 - 2013-11-02 08:26 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-11-02 06:13 - 2013-11-02 06:13 - 00000000 __SHD C:\found.000
2013-11-02 04:10 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-02 04:07 - 2011-08-04 14:29 - 00000000 ____D C:\Users\Streaky\AppData\Local\Adobe
2013-11-02 03:44 - 2013-11-02 03:44 - 00006576 ____N C:\bootsqm.dat
2013-11-02 02:57 - 2011-08-25 02:22 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2375752129-1637534469-4161812931-1000UA.job
2013-11-01 04:57 - 2011-08-25 02:22 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2375752129-1637534469-4161812931-1000Core.job
2013-11-01 04:12 - 2013-04-21 10:43 - 00000000 ____D C:\Users\Streaky\Desktop\DMO
2013-11-01 02:56 - 2013-11-01 02:56 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (71).csv#
2013-11-01 02:53 - 2013-11-01 02:53 - 00004191 _____ C:\Users\Streaky\Downloads\SalesHistory (71).csv
2013-10-31 14:56 - 2013-08-12 04:34 - 00002955 _____ C:\Users\Streaky\Desktop\stuff added.txt
2013-10-31 14:36 - 2013-05-30 12:40 - 00000000 ____D C:\Users\Streaky\Desktop\turtles
2013-10-31 05:46 - 2013-10-31 05:46 - 00003979 _____ C:\Users\Streaky\Downloads\SalesHistory (70).csv
2013-10-31 05:46 - 2013-10-31 05:46 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (70).csv#
2013-10-30 05:03 - 2013-10-30 05:03 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (69).csv#
2013-10-30 05:02 - 2013-10-30 05:02 - 00005442 _____ C:\Users\Streaky\Downloads\SalesHistory (69).csv
2013-10-29 05:35 - 2013-10-29 05:35 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (68).csv#
2013-10-29 05:34 - 2013-10-29 05:34 - 00006467 _____ C:\Users\Streaky\Downloads\SalesHistory (68).csv
2013-10-29 04:55 - 2013-10-29 04:55 - 01487391 _____ C:\Users\Streaky\Downloads\zoltars_website_Presentation_o1_v9 (1).ppsx
2013-10-29 04:55 - 2013-10-29 04:55 - 01487391 _____ C:\Users\Streaky\Desktop\zoltars first draft.ppsx
2013-10-28 06:25 - 2013-10-28 06:25 - 00010010 _____ C:\Users\Streaky\Desktop\28102013 extra e bits.csv
2013-10-28 04:53 - 2013-10-28 04:53 - 00000118 ____H C:\Users\Streaky\Downloads\.~lock.SalesHistory (67).csv#
2013-10-28 04:51 - 2013-10-28 04:51 - 00010362 _____ C:\Users\Streaky\Downloads\SalesHistory (67).csv
2013-10-28 02:47 - 2012-01-09 07:01 - 00000437 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-10-27 14:26 - 2013-10-27 14:26 - 00590496 _____ C:\Users\Streaky\Downloads\uplayermediaplayer-setup (1).exe
2013-10-26 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-10-25 05:25 - 2013-10-25 05:24 - 00004693 _____ C:\Users\Streaky\Downloads\SalesHistory (66).csv
2013-10-24 07:23 - 2013-10-24 07:23 - 00904923 _____ C:\Users\Streaky\Downloads\Ana Lourenço - ELLIOT.pdf-
2013-10-24 04:42 - 2013-10-24 04:42 - 00003612 _____ C:\Users\Streaky\Downloads\SalesHistory (65).csv
2013-10-23 06:51 - 2013-10-23 06:50 - 00002811 _____ C:\Users\Streaky\Downloads\SalesHistory (64).csv
2013-10-22 06:21 - 2013-10-22 06:21 - 00001481 _____ C:\Users\Streaky\Downloads\SalesHistory (63).csv
2013-10-22 02:19 - 2013-10-22 02:19 - 00002770 _____ C:\Users\Streaky\Downloads\SalesHistory (62).csv
2013-10-22 02:02 - 2013-10-22 02:02 - 00011998 _____ C:\Users\Streaky\Downloads\GS=A00010 Escalating claim to Customer Support, I received an item that is not as described [#UK SR# 1-15796901715.zip
2013-10-21 02:37 - 2013-10-21 02:37 - 00008057 _____ C:\Users\Streaky\Downloads\SalesHistory (61).csv
2013-10-20 06:59 - 2013-10-20 06:59 - 00335136 _____ C:\Users\Streaky\Downloads\Setup (2).exe
2013-10-19 04:14 - 2013-10-19 04:14 - 00319728 _____ C:\Users\Streaky\Downloads\Setup (1).exe
2013-10-18 15:59 - 2011-08-25 02:22 - 00002380 _____ C:\Users\Streaky\Desktop\Google Chrome.lnk
2013-10-18 07:22 - 2013-10-18 07:22 - 00000000 ____D C:\Users\Streaky\Downloads\www.NewAlbumReleases.net_VV Brown - Samson and Delilah (2013)
2013-10-18 06:58 - 2013-10-18 06:16 - 129385784 _____ C:\Users\Streaky\Downloads\www.NewAlbumReleases.net_VV Brown - Samson and Delilah (2013).rar
2013-10-18 04:24 - 2013-10-18 04:24 - 00006426 _____ C:\Users\Streaky\Downloads\SalesHistory (60).csv
2013-10-17 07:08 - 2013-10-17 07:08 - 00001084 _____ C:\Users\Streaky\Downloads\SalesHistory (59).csv
2013-10-17 06:50 - 2013-10-17 06:50 - 00001114 _____ C:\Users\Streaky\Downloads\SalesHistory (58).csv
2013-10-17 06:47 - 2013-10-17 06:47 - 00001084 _____ C:\Users\Streaky\Downloads\SalesHistory (57).csv
2013-10-17 06:44 - 2013-10-17 06:44 - 00002731 _____ C:\Users\Streaky\Downloads\SalesHistory (56).csv
2013-10-17 04:42 - 2013-10-17 04:42 - 00003140 _____ C:\Users\Streaky\Downloads\SalesHistory (55).csv
2013-10-16 05:39 - 2013-10-16 05:39 - 00001118 _____ C:\Users\Streaky\Downloads\SalesHistory (54).csv
2013-10-16 04:15 - 2013-10-16 04:15 - 00009800 _____ C:\Users\Streaky\Downloads\SalesHistory (53).csv
2013-10-16 02:12 - 2013-02-25 15:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-15 13:04 - 2013-10-15 13:04 - 00321552 _____ C:\Users\Streaky\Downloads\Setup.exe
2013-10-15 02:28 - 2013-10-15 02:28 - 00004064 _____ C:\Users\Streaky\Downloads\SalesHistory (52).csv
2013-10-14 07:16 - 2013-10-14 07:16 - 00001114 _____ C:\Users\Streaky\Downloads\SalesHistory (51).csv
2013-10-14 07:15 - 2013-10-14 07:15 - 00001100 _____ C:\Users\Streaky\Downloads\SalesHistory (50).csv
2013-10-14 04:04 - 2013-10-14 04:04 - 00012390 _____ C:\Users\Streaky\Downloads\SalesHistory (49).csv
2013-10-13 03:52 - 2011-08-25 02:22 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2375752129-1637534469-4161812931-1000UA
2013-10-13 03:52 - 2011-08-25 02:22 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2375752129-1637534469-4161812931-1000Core
2013-10-11 23:27 - 2011-08-04 14:28 - 00002155 _____ C:\Windows\epplauncher.mif
2013-10-11 23:26 - 2012-04-28 01:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-11 23:26 - 2011-08-04 14:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-11 05:33 - 2013-10-11 05:33 - 00004013 _____ C:\Users\Streaky\Downloads\SalesHistory (48).csv
2013-10-10 10:24 - 2012-08-28 09:57 - 00000000 ____D C:\Users\Streaky\Desktop\somes
2013-10-10 04:24 - 2011-08-04 14:29 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 04:24 - 2011-08-04 14:29 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 02:28 - 2013-10-10 02:28 - 00001082 _____ C:\Users\Streaky\Downloads\SalesHistory (47).csv
2013-10-10 02:19 - 2013-10-10 02:19 - 00004806 _____ C:\Users\Streaky\Downloads\SalesHistory (46).csv
2013-10-09 19:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-09 18:36 - 2009-07-13 20:45 - 04990624 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-09 18:34 - 2012-05-19 05:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 18:34 - 2012-05-19 05:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 05:38 - 2013-10-09 05:38 - 00003611 _____ C:\Users\Streaky\Downloads\SalesHistory (45).csv
2013-10-08 06:58 - 2013-10-08 06:57 - 00001109 _____ C:\Users\Streaky\Downloads\SalesHistory (44).csv
2013-10-08 03:24 - 2013-10-08 03:24 - 00006491 _____ C:\Users\Streaky\Downloads\SalesHistory (43).csv
2013-10-07 03:15 - 2013-10-07 03:15 - 00013843 _____ C:\Users\Streaky\Downloads\SalesHistory (42).csv

ZeroAccess:
C:\Users\Streaky\AppData\Local\08f7af18
C:\Users\Streaky\AppData\Local\08f7af18\@

Files to move or delete:
====================
C:\ProgramData\EF194B87BD6EFE.dat
C:\ProgramData\F1135889A345C2.dat
C:\ProgramData\F1135889A345D2.dat
C:\ProgramData\F9055589A273C2.dat
C:\Users\Streaky\taskmgr.exe
C:\Users\Streaky\wevtapi.dll

Some content of TEMP:
====================
C:\Users\Streaky\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Streaky\AppData\Local\Temp\ORXtJTr.exe
C:\Users\Streaky\AppData\Local\Temp\ORXtJTr0.exe
C:\Users\Streaky\AppData\Local\Temp\ResetDevice.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3828.3 MB
Available physical RAM: 3227.3 MB
Total Pagefile: 3826.45 MB
Available Pagefile: 3227.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:453.25 GB) (Free:304.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HITMANPRO) (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C648A420)
Partition 1: (Active) - (Size=453 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 488 MB) (Disk ID: C3B4D326)
Partition 1: (Active) - (Size=486 MB) - (Type=0B)

LastRegBack: 2013-10-30 17:09

==================== End Of Log ============================

#4
emeraldnzl

Posted 04 November 2013 - 02:02 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Streaky B,

Please download the attached fixlist.txt file to your flashdrive .

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#5
Streaky B

Posted 04 November 2013 - 02:24 PM

New Member

Topic Starter
Member
7 posts

Hi my friend!

Ok log for that is as follows;

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by SYSTEM at 2013-11-04 20:22:30 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Streaky\...\Run: [hgstz.exe] - "C:\ProgramData\hgstz.exe"
HKU\Streaky\...\Run: [xrpcr.exe] - "C:\ProgramData\xrpcr.exe"
HKU\Streaky\...\Run: [hsoqr.exe] - "C:\ProgramData\hsoqr.exe"
HKU\Streaky\...\Winlogon: [Shell] explorer.exe,C:\Users\Streaky\AppData\Roaming\Other.res [70656 2013-08-28] () <==== ATTENTION
C:\Users\Streaky\AppData\Roaming\Other.res
C:\Users\Streaky\AppData\Local\08f7af18
C:\Users\Streaky\AppData\Local\08f7af18\@
C:\ProgramData\EF194B87BD6EFE.dat
C:\ProgramData\F1135889A345C2.dat
C:\ProgramData\F1135889A345D2.dat
C:\ProgramData\F9055589A273C2.dat
C:\Users\Streaky\taskmgr.exe
C:\Users\Streaky\wevtapi.dll
C:\Users\Streaky\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Streaky\AppData\Local\Temp\ORXtJTr.exe
C:\Users\Streaky\AppData\Local\Temp\ORXtJTr0.exe
C:\Users\Streaky\AppData\Local\Temp\ResetDevice.exe
*****************

HKU\Streaky\Software\Microsoft\Windows\CurrentVersion\Run\\hgstz.exe => Value deleted successfully.
HKU\Streaky\Software\Microsoft\Windows\CurrentVersion\Run\\xrpcr.exe => Value deleted successfully.
HKU\Streaky\Software\Microsoft\Windows\CurrentVersion\Run\\hsoqr.exe => Value deleted successfully.
HKU\Streaky\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Streaky\AppData\Roaming\Other.res => Moved successfully.
C:\Users\Streaky\AppData\Local\08f7af18 => Moved successfully.
"C:\Users\Streaky\AppData\Local\08f7af18\@ " => File/Directory not found.
C:\ProgramData\EF194B87BD6EFE.dat => Moved successfully.
C:\ProgramData\F1135889A345C2.dat => Moved successfully.
C:\ProgramData\F1135889A345D2.dat => Moved successfully.
C:\ProgramData\F9055589A273C2.dat => Moved successfully.
C:\Users\Streaky\taskmgr.exe => Moved successfully.
C:\Users\Streaky\wevtapi.dll => Moved successfully.
C:\Users\Streaky\AppData\Local\Temp\DataCard_Setup64.exe => Moved successfully.
C:\Users\Streaky\AppData\Local\Temp\ORXtJTr.exe => Moved successfully.
C:\Users\Streaky\AppData\Local\Temp\ORXtJTr0.exe => Moved successfully.
C:\Users\Streaky\AppData\Local\Temp\ResetDevice.exe => Moved successfully.

==== End of Fixlog ====

#6
emeraldnzl

Posted 04 November 2013 - 02:43 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Are you able to boot to normal or safe mode now?

#7
Streaky B

Posted 04 November 2013 - 02:51 PM

New Member

Topic Starter
Member
7 posts

Amazing, it booted up normally, thank you so so much!!

Would you recommend I do anything else to it?

#8
emeraldnzl

Posted 04 November 2013 - 02:59 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Would you recommend I do anything else to it?

Oh yes we have some more to do. Just needed to confirm that you can boot your computer normally so that we can carry out some other actions.

Now

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on ComboFix.exe & follow the prompts.
If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
Your desktop may go blank. This is normal.
ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#9
Streaky B

Posted 04 November 2013 - 03:54 PM

New Member

Topic Starter
Member
7 posts

That log has just finished, which is as follows;

ComboFix 13-11-03.02 - Streaky 04/11/2013 21:26:36.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3828.2166 [GMT 0:00]
Running from: c:\users\Streaky\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL2D0D.tmp
c:\programdata\SPL909B.tmp
c:\programdata\SPL92A1.tmp
c:\programdata\SPL9891.tmp
c:\programdata\SPLACB3.tmp
c:\users\Streaky\AppData\Local\Temp\223F.tmp
c:\users\Streaky\AppData\Local\Temp\2E6F.tmp
c:\users\Streaky\AppData\Local\Temp\38EA.tmp
c:\users\Streaky\AppData\Local\Temp\41D0.tmp
c:\users\Streaky\AppData\Local\Temp\4BFD.tmp
c:\users\Streaky\AppData\Local\Temp\5234.tmp
c:\users\Streaky\AppData\Local\Temp\556F.tmp
c:\users\Streaky\AppData\Local\Temp\55BD.tmp
c:\users\Streaky\AppData\Local\Temp\643E.tmp
c:\users\Streaky\AppData\Local\Temp\779F.tmp
c:\users\Streaky\AppData\Local\Temp\D4BC.tmp
c:\users\Streaky\AppData\Local\Temp\GoogleUpdateSetup.exe60ad9ba
.
.
((((((((((((((((((((((((( Files Created from 2013-10-04 to 2013-11-04 )))))))))))))))))))))))))))))))
.
.
2013-11-04 21:38 . 2013-11-04 21:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-04 21:38 . 2013-11-04 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-04 21:21 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9959A8B9-9800-4E5D-A8D8-9F95D98427B5}\mpengine.dll
2013-11-04 16:44 . 2013-11-04 16:44 -------- d-----w- C:\FRST
2013-11-04 07:21 . 2013-11-04 07:22 26548024 ----a-w- C:\asdsetup.exe
2013-11-02 16:26 . 2013-11-02 16:26 -------- d---a-w- C:\$Anvi Rescue Disk$
2013-11-02 14:13 . 2013-11-02 14:13 -------- d-----w- C:\found.000
2013-11-02 09:26 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-18 19:06 . 2013-10-18 19:06 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2776C20-03F4-4943-8D29-4790E0F8C03D}\gapaengine.dll
2013-10-09 08:47 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-09 08:46 . 2013-08-29 00:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-10-09 08:46 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:46 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:46 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-09 08:46 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 08:46 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-09 08:46 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-09 08:46 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-09 08:46 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-09 08:46 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-09 08:46 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-09 08:46 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-07 01:53 . 2011-08-12 02:13 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-29 01:48 . 2013-10-09 08:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-10 12:25 . 2013-08-10 12:25 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-10 12:25 . 2012-06-24 11:09 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-10 12:25 . 2011-10-20 12:44 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"O2Start"="c:\program files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe" [2008-10-10 2662400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-07-12 2236816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Streaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1050 J410 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1831N8W205QT;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe [2013-5-15 510920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 00000000
"NoTrayContextMenu"= 00000000
"NoChangeStartMenu"= 00000000
"NoDesktop"= 00000000
"MaxRecentDocs"= 0 (0x0)
"NoViewContextMenu"= 00000000
"NoWinKey"= 0 (0x0)
"NoNetConnextDisconnect"= 0 (0x0)
"NoWindowsUpdate"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoControlPanle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys;c:\windows\SYSNATIVE\DRIVERS\klbg.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe ;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 OrangeMobileBroadband_Service;OrangeMobileBroadband_Service;c:\program files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe;c:\program files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [x]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 22:28]
.
2013-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 22:28]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2375752129-1637534469-4161812931-1000Core.job
- c:\users\Streaky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 22:34]
.
2013-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2375752129-1637534469-4161812931-1000UA.job
- c:\users\Streaky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 22:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-06-19 23:45 3317616 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-06-19 23:45 3317616 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-06-19 23:45 3317616 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagull Drivers"="ssdal_nc.exe startup" [X]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-02 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-02 415256]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-25 283240]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-11-09 6539880]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"lxcrmon.exe"="c:\program files (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-04 21:50:31
ComboFix-quarantined-files.txt 2013-11-04 21:50
.
Pre-Run: 328,513,093,632 bytes free
Post-Run: 328,974,741,504 bytes free
.
- - End Of File - - 56549FC2748B2084005FF77218DDF5D9

#10
emeraldnzl

Posted 04 November 2013 - 04:14 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Streaky B,

Please run Chkdsk:

Right click on the Start > Open Windows Explorer.
Select the hard drive letter (usually local disk C) for which you want to run the Chkdsk utility.
Right-click on the driver letter and select Properties > Tools.
Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
Click Start.
Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer. Shut down your computer and then turn it back on, Chkdsk will run.

Next

Please download Junkware Removal Tool to your desktop.

Shut down your protection software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

After that

Download and run TFC.exe (Vista and above users right click and run as Administrator).

You may be asked to reboot when it is finished. Please do so.

Finally in this post

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Make sure that the option Scan archives is checked.
If you are given an option to quarantine files ensure the scan is set to do so.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Then click on: Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

So when you return please post
JRT.txt
Results of the ESET on line scan

#11
Streaky B

Posted 05 November 2013 - 05:35 PM

New Member

Topic Starter
Member
7 posts

Hi again, sorry about the late reply but the scans too a little while! I'm not sure I followed the instructions correctly for ESET as I didn't get a text log although it did find and clean some threats which were as follows

C:\FRST\Quarantine\ORXtJTr0.exe Win32/LockScreen.AVP trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\Other.res Win32/LockScreen.AVP trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\wevtapi.dll Win64/Agent.AC trojan cleaned by deleting - quarantined
C:\Users\Streaky\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\1679bace-62e286bb multiple threats cleaned by deleting - quarantined
C:\Users\Streaky\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\363569c4-41d92b00 multiple threats cleaned by deleting - quarantined

I'll run the program again just to be safe, the JRT file was as follows;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Professional x64
Ran by Streaky on 05/11/2013 at 21:06:28.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Streaky\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/11/2013 at 21:12:20.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.

First log;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Professional x64
Ran by Streaky on 05/11/2013 at 20:58:18.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownload

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Streaky\appdata\local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Failed to delete: [Folder] C:\Users\Streaky\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/11/2013 at 21:04:33.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12
emeraldnzl

Posted 05 November 2013 - 06:06 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Looking good, how is your computer now?

#13
Streaky B

Posted 05 November 2013 - 06:51 PM

New Member

Topic Starter
Member
7 posts

I think it's ok! I'm running the eset again, in case I didn't check one of the boxes.

Should I do anything else after this?

I can't thank you enough for this, you've been such a great help. This forum is amazing!!

#14
emeraldnzl

Posted 05 November 2013 - 06:59 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again Streaky B,

I think it's ok!

Looking at the logs I do too. :thumbsup:

Should I do anything else after this?

We have a couple of last steps to perform and then you're all set. Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

Go to Start > Programs > Accessories and click on Run
Copy and paste the the bolded text below in the box then hit OK

Combofix /Uninstall

Step 2

Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

TFC.exe (Temporary File Cleaner) can be deleted but it may be a useful tool to keep. I run it once a week after a full anti-virus scan.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

Download Java for Windows

Reboot your computer.
You also need to unininstall older versions of Java.
Click Start > Control Panel > Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

#15
emeraldnzl

Posted 04 April 2014 - 03:36 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.