Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Constant blue screen [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Also... what's zoek.exe? Where do I download that from?


Oh my bad. :whistling:

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

Follow the instructions I gave you. :)
  • 0

Advertisements


#17
bangramonkey

bangramonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Zoek took a long time to run! After the reboot it generated the following report log:




Zoek.exe v5.0.0.0 Updated 25-Januari-2014
Tool run by T on 25/01/14 at 5:33:17.60.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\T\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

25/01/14 05:34:10 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2796125895-4089865643-1469591702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----


ProfilePath: C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvdkdw.default

user.js not found
---- Lines iminent removed from prefs.js ----
user_pref("browser.startup.homepage", "http://start.iminent...0-D4169ADF0666");
---- FireFox user.js and prefs.js backups ----

prefs_0114_0545_.backup

==== Deleting Files \ Folders ======================

C:\Users\T\daemonprocess.txt deleted
C:\PROGRA~2\Coupon Printer deleted
C:\PROGRA~2\SaveClicker deleted
C:\PROGRA~2\Amazon deleted
C:\Users\T\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\SearchProtect deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Windows\Syswow64\tmp.tmp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvdkdw.default\searchplugins\conduit-search.xml deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvdkdw.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} deleted
"C:\ProgramData\2e034dc3f04803a9\{E96338DC-1468-4918-8EC2-8454BFFC5025}" deleted
"C:\ProgramData\2e034dc3f04803a9\{E96338DC-1468-4918-8EC2-8454BFFC5025}.old" deleted
"C:\Users\T\AppData\Roaming\Touhf\diaco.tmp" deleted
"C:\Users\T\AppData\Roaming\Otalki\ydaqb.koe" deleted
"C:\Users\T\AppData\Roaming\Otalki\ydaqb.tmp" deleted
"C:\Users\T\AppData\Roaming\Suylas\imwa.eql" deleted
"C:\ProgramData\2e034dc3f04803a9" deleted
"C:\Users\T\AppData\Roaming\Laag" deleted
"C:\Users\T\AppData\Roaming\Uqcu" deleted
"C:\Users\T\AppData\Roaming\Byicx" deleted
"C:\Users\T\AppData\Roaming\Efuqy" deleted
"C:\Users\T\AppData\Roaming\Touhf" deleted
"C:\Users\T\AppData\Roaming\Amazon" deleted
"C:\Users\T\AppData\Roaming\Caepry" deleted
"C:\Users\T\AppData\Roaming\Enlius" deleted
"C:\Users\T\AppData\Roaming\Opimyc" deleted
"C:\Users\T\AppData\Roaming\Otalki" deleted
"C:\Users\T\AppData\Roaming\Supieg" deleted
"C:\Users\T\AppData\Roaming\Suylas" deleted
"C:\Users\T\AppData\Roaming\GrabPro" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default
- Screengrab - %ProfilePath%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
- Tamper Data - %ProfilePath%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
- Firebug - %ProfilePath%\extensions\[email protected]
- Media Hint - %ProfilePath%\extensions\[email protected]
- YSlow - %ProfilePath%\extensions\[email protected]
- ReloadEvery - %ProfilePath%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
- SearchStatus - %ProfilePath%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi

ProfilePath: C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\5dwvdkdw.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default
C36444D7301A8C881FC7296B092609C7 - C:\Users\T\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]

SaveClicker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - Guest\AppData\Local\Torch\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - Guest\AppData\Local\Torch\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - Guest\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - Guest\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - HomeGroupUser$\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - HomeGroupUser$\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - T\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - T\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp
SaveClicker - T\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn
SaveClicker - T\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp

==== Chrome Fix ======================

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\Guest\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\T\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\T\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\dgoiljnbfojihclapobmhhcakhggplpn deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\Guest\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\T\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully
C:\Users\T\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\jmohamijjmbemmmniekflfcchcgijfdp deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://uk.search.yah...=spigot-yhp-ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{460C3D19-B3D4-4964-A550-77D263B0CCCB}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...ox&FORM=IE8SRC"
{4A98A2AF-C8AE-4ECE-952B-CBC7A105EDA0} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.co...ge={startPage}"
{9FBA711C-D436-44AB-A697-879E7B6A7279} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2796125895-4089865643-1469591702-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-2796125895-4089865643-1469591702-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-2796125895-4089865643-1469591702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4A98A2AF-C8AE-4ECE-952B-CBC7A105EDA0} deleted successfully
HKEY_USERS\S-1-5-21-2796125895-4089865643-1469591702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9FBA711C-D436-44AB-A697-879E7B6A7279} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\99D7FE25B00A80FD deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cleanddm deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cleanhdm deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{D43F22B1-1435-51BF-3526-3E584F6BF0FA} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\5dwvdkdw.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=378 folders=92 6672660 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\HomeGroupUser$\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\T\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\T\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UV4GWVP6\image.com.com" not found

==== EOF on 25/01/14 at 5:53:42.38 ======================
  • 0

#18
bangramonkey

bangramonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
And the FRST:




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by T (administrator) on DESTINY on 25-01-2014 05:55:09
Running from C:\Users\T\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [369152 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-03] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2320752 2009-11-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\mekomdo-x32: C:\Windows\system32\config\systemprofile\AppData\Local\mekomdo.dll [X]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: 1.179.147.2:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {4A98A2AF-C8AE-4ECE-952B-CBC7A105EDA0} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {9FBA711C-D436-44AB-A697-879E7B6A7279} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...age={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...age={startPage}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\T\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\T\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default\searchplugins\yahoo_ff.xml
FF Extension: Screengrab - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010-07-09]
FF Extension: Tamper Data - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2010-07-22]
FF Extension: Firebug - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default\Extensions\[email protected] [2012-09-12]
FF Extension: Media Hint - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default\Extensions\[email protected] [2013-11-12]
FF Extension: YSlow - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default\Extensions\[email protected] [2012-09-12]
FF Extension: ReloadEvery - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012-09-12]
FF Extension: SearchStatus - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\xjxu2101.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2012-09-12]

Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: http://uk.search.yah...p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-25]
CHR Extension: (Google Drive) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]
CHR Extension: (YouTube) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-25]
CHR Extension: (Google Search) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Gmail) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-25]
CHR StartMenuInternet: Google Chrome - C:\Users\T\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9663848 2011-04-10] (DisplayLink Corp.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.)
S2 Akamai; c:\program files (x86)\common files\akamai\netsession_win_b31de1e.dll [x]

==================== Drivers (Whitelisted) ====================

S3 massfilter; C:\Windows\SysWOW64\drivers\massfilter.sys [10752 2008-08-22] (ZTE Incorporated)
S2 mdvrmng; C:\Windows\SysWOW64\drivers\mdvrmng.sys [10240 2007-05-28] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [150656 2008-08-22] (ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [150656 2008-08-22] (ZTE Incorporated)
S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [150656 2008-08-22] (ZTE Incorporated)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-25 05:52 - 2014-01-25 05:52 - 00001424 _____ C:\Windows\PFRO.log
2014-01-25 05:51 - 2014-01-25 05:33 - 00024064 _____ C:\Windows\zoek-delete.exe
2014-01-25 05:34 - 2014-01-25 05:53 - 00017928 _____ C:\zoek-results.log
2014-01-25 05:33 - 2014-01-25 05:48 - 00000000 ____D C:\zoek_backup
2014-01-25 05:23 - 2014-01-25 05:23 - 00000000 ____D C:\_OTL
2014-01-25 05:09 - 2014-01-25 05:54 - 00000000 ____D C:\Users\T\Desktop\Geeks to Go
2014-01-25 04:51 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-25 04:51 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-25 04:51 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-25 04:51 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-25 04:51 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-25 04:51 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-25 04:51 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-25 04:51 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-25 04:50 - 2014-01-25 05:04 - 00000000 ____D C:\Qoobox
2014-01-25 04:50 - 2014-01-25 05:02 - 00000000 ____D C:\Windows\erdnt
2014-01-25 04:36 - 2014-01-25 04:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-25 03:59 - 2014-01-25 03:59 - 00277768 _____ C:\Windows\Minidump\012514-19749-01.dmp
2014-01-25 03:58 - 2014-01-25 03:59 - 372751320 _____ C:\Windows\MEMORY.DMP
2014-01-25 03:58 - 2014-01-25 03:58 - 00277768 _____ C:\Windows\Minidump\012514-19734-01.dmp
2014-01-25 03:54 - 2014-01-25 03:54 - 00277768 _____ C:\Windows\Minidump\012514-26239-01.dmp
2014-01-25 03:13 - 2014-01-25 05:55 - 00013505 _____ C:\Users\T\Desktop\FRST.txt
2014-01-25 03:13 - 2014-01-25 03:13 - 00062912 _____ C:\Users\T\Desktop\Addition.txt
2014-01-25 03:13 - 2014-01-25 03:13 - 00000000 ____D C:\FRST
2014-01-25 03:12 - 2014-01-25 03:12 - 02077696 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2014-01-25 01:56 - 2014-01-25 01:56 - 00277768 _____ C:\Windows\Minidump\012514-30061-01.dmp
2014-01-25 01:42 - 2014-01-25 05:52 - 00000448 _____ C:\Windows\setupact.log
2014-01-25 01:42 - 2014-01-25 01:42 - 00270960 _____ C:\Windows\Minidump\012514-33462-01.dmp
2014-01-25 01:42 - 2014-01-25 01:42 - 00000000 _____ C:\Windows\setuperr.log
2014-01-25 01:37 - 2014-01-25 01:43 - 05059264 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-25 01:37 - 2014-01-25 01:37 - 00277768 _____ C:\Windows\Minidump\012514-33805-01.dmp
2014-01-25 01:35 - 2014-01-25 01:52 - 00000000 ____D C:\AdwCleaner
2014-01-25 01:07 - 2014-01-25 01:07 - 00000000 ____D C:\Windows\ERUNT
2014-01-25 01:06 - 2014-01-25 01:06 - 00133288 _____ C:\Users\T\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-22 16:41 - 2014-01-22 16:45 - 00000000 ____D C:\Program Files\Recuva
2014-01-22 16:41 - 2014-01-22 16:41 - 00001660 _____ C:\Users\Public\Desktop\Recuva.lnk
2014-01-22 03:16 - 2014-01-22 03:16 - 00015264 _____ C:\Users\T\Downloads\data.xls
2014-01-22 03:16 - 2014-01-22 03:16 - 00014046 _____ C:\Users\T\Downloads\data (6).csv
2014-01-21 18:54 - 2012-09-11 16:51 - 00065024 _____ (pdfforge GbR) C:\Windows\system32\pdfcmon.dll
2014-01-21 18:20 - 2014-01-21 19:09 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-21 18:20 - 2014-01-21 18:20 - 00003440 _____ C:\Windows\System32\Tasks\RegistryDr_Popup
2014-01-21 18:20 - 2014-01-21 18:20 - 00003176 _____ C:\Windows\System32\Tasks\RegistryDr_Start
2014-01-21 18:20 - 2014-01-21 18:20 - 00000000 ____D C:\Users\T\AppData\Local\RegistryDR
2014-01-21 18:19 - 2014-01-21 19:03 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-21 18:19 - 2014-01-21 18:20 - 00000000 ____D C:\Users\T\Documents\RegistryDr
2014-01-21 18:18 - 2014-01-21 19:20 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-21 18:17 - 2014-01-21 19:07 - 00000083 _____ C:\Users\T\AppData\Roaming\die.bat
2014-01-21 17:35 - 2014-01-21 17:35 - 00001694 _____ C:\Windows\SysWOW64\${LOGFILE}
2014-01-21 17:25 - 2014-01-22 13:52 - 00000000 ____D C:\Support
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\T\AppData\Local\Packages
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\T\AppData\Local\Comodo
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Guest
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Administrator
2014-01-21 17:20 - 2014-01-21 17:21 - 00013016 _____ C:\Users\T\AppData\Roaming\Bubble Dock.installation.log
2014-01-19 19:42 - 2014-01-25 05:51 - 00048387 _____ C:\Windows\WindowsUpdate.log
2014-01-17 16:38 - 2014-01-17 16:38 - 00003494 _____ C:\Users\T\Downloads\data (5).csv
2014-01-17 16:38 - 2014-01-17 16:38 - 00003494 _____ C:\Users\T\Downloads\data (4).csv
2014-01-14 22:11 - 2014-01-14 22:11 - 00058880 _____ C:\Users\T\Downloads\aAffiliateEventBreakdownReport (1).xls
2014-01-14 22:08 - 2014-01-14 22:09 - 00014848 _____ C:\Users\T\Downloads\aAffiliateEventBreakdownReport.xls
2014-01-11 00:41 - 2014-01-11 00:41 - 00006407 _____ C:\Users\T\Downloads\data (3).csv
2014-01-09 18:40 - 2014-01-09 18:40 - 00003698 _____ C:\Users\T\Downloads\S-304949-11l1508.csv
2014-01-09 17:45 - 2014-01-09 17:45 - 00127289 _____ C:\Users\T\Downloads\S-304949-1l1000437.csv
2014-01-09 17:17 - 2014-01-09 17:18 - 02122272 _____ (A.I.SOFT,INC.) C:\Users\T\Downloads\Y11E_C1-hostm-64-D1.EXE.download
2014-01-09 16:41 - 2014-01-09 16:41 - 00000690 _____ C:\Users\T\Downloads\data (2).csv
2014-01-09 16:40 - 2014-01-09 16:41 - 00000690 _____ C:\Users\T\Downloads\data (1).csv
2014-01-09 00:56 - 2014-01-09 00:56 - 00001428 _____ C:\Users\T\Downloads\download.csv
2014-01-07 18:47 - 2014-01-07 18:47 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-07 18:47 - 2014-01-07 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-07 18:47 - 2014-01-07 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-07 18:47 - 2014-01-07 18:47 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-07 18:46 - 2014-01-07 18:47 - 30694824 _____ (Oracle Corporation) C:\Users\T\Downloads\jre-7u45-windows-x64.exe
2014-01-06 15:40 - 2014-01-06 15:40 - 00001276 _____ C:\Users\T\Downloads\data.csv
2014-01-06 12:18 - 2014-01-06 12:18 - 00042952 _____ C:\Users\T\Downloads\268701-invoice.csv
2013-12-27 16:21 - 2013-12-27 16:21 - 00000000 ____D C:\Program Files\OutfoxTV

==================== One Month Modified Files and Folders =======

2014-01-25 05:55 - 2014-01-25 03:13 - 00013505 _____ C:\Users\T\Desktop\FRST.txt
2014-01-25 05:54 - 2014-01-25 05:09 - 00000000 ____D C:\Users\T\Desktop\Geeks to Go
2014-01-25 05:53 - 2014-01-25 05:34 - 00017928 _____ C:\zoek-results.log
2014-01-25 05:52 - 2014-01-25 05:52 - 00001424 _____ C:\Windows\PFRO.log
2014-01-25 05:52 - 2014-01-25 01:42 - 00000448 _____ C:\Windows\setupact.log
2014-01-25 05:52 - 2011-05-08 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 05:51 - 2014-01-19 19:42 - 00048387 _____ C:\Windows\WindowsUpdate.log
2014-01-25 05:51 - 2009-07-14 04:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 05:51 - 2009-07-14 04:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 05:48 - 2014-01-25 05:33 - 00000000 ____D C:\zoek_backup
2014-01-25 05:45 - 2010-06-07 21:35 - 00000000 ____D C:\Users\T
2014-01-25 05:33 - 2014-01-25 05:51 - 00024064 _____ C:\Windows\zoek-delete.exe
2014-01-25 05:23 - 2014-01-25 05:23 - 00000000 ____D C:\_OTL
2014-01-25 05:04 - 2014-01-25 04:50 - 00000000 ____D C:\Qoobox
2014-01-25 05:04 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2014-01-25 05:02 - 2014-01-25 04:50 - 00000000 ____D C:\Windows\erdnt
2014-01-25 05:02 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2014-01-25 04:36 - 2014-01-25 04:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-25 03:59 - 2014-01-25 03:59 - 00277768 _____ C:\Windows\Minidump\012514-19749-01.dmp
2014-01-25 03:59 - 2014-01-25 03:58 - 372751320 _____ C:\Windows\MEMORY.DMP
2014-01-25 03:59 - 2010-12-26 01:40 - 00000000 ____D C:\Windows\Minidump
2014-01-25 03:58 - 2014-01-25 03:58 - 00277768 _____ C:\Windows\Minidump\012514-19734-01.dmp
2014-01-25 03:54 - 2014-01-25 03:54 - 00277768 _____ C:\Windows\Minidump\012514-26239-01.dmp
2014-01-25 03:53 - 2010-05-27 16:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 03:53 - 2010-05-27 16:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 03:43 - 2011-06-06 00:38 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796125895-4089865643-1469591702-1000UA.job
2014-01-25 03:13 - 2014-01-25 03:13 - 00062912 _____ C:\Users\T\Desktop\Addition.txt
2014-01-25 03:13 - 2014-01-25 03:13 - 00000000 ____D C:\FRST
2014-01-25 03:12 - 2014-01-25 03:12 - 02077696 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2014-01-25 01:56 - 2014-01-25 01:56 - 00277768 _____ C:\Windows\Minidump\012514-30061-01.dmp
2014-01-25 01:52 - 2014-01-25 01:35 - 00000000 ____D C:\AdwCleaner
2014-01-25 01:45 - 2012-10-14 19:15 - 00000000 ____D C:\Users\T\AppData\Roaming\Notepad++
2014-01-25 01:43 - 2014-01-25 01:37 - 05059264 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-25 01:42 - 2014-01-25 01:42 - 00270960 _____ C:\Windows\Minidump\012514-33462-01.dmp
2014-01-25 01:42 - 2014-01-25 01:42 - 00000000 _____ C:\Windows\setuperr.log
2014-01-25 01:37 - 2014-01-25 01:37 - 00277768 _____ C:\Windows\Minidump\012514-33805-01.dmp
2014-01-25 01:07 - 2014-01-25 01:07 - 00000000 ____D C:\Windows\ERUNT
2014-01-25 01:06 - 2014-01-25 01:06 - 00133288 _____ C:\Users\T\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-25 00:29 - 2010-06-07 21:35 - 00000000 ___RD C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 00:08 - 2011-01-20 22:36 - 00000000 ___RD C:\Users\T\Dropbox
2014-01-24 23:53 - 2011-01-20 22:33 - 00000000 ____D C:\Users\T\AppData\Roaming\Dropbox
2014-01-24 18:34 - 2010-10-08 22:52 - 00000000 ____D C:\Users\T\Documents\Outlook Files
2014-01-24 14:55 - 2011-06-06 00:38 - 00000840 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796125895-4089865643-1469591702-1000Core.job
2014-01-23 23:16 - 2010-10-07 14:30 - 00000000 ____D C:\Users\T\AppData\Roaming\Skype
2014-01-23 22:06 - 2010-06-07 21:47 - 00000600 _____ C:\Users\T\AppData\Roaming\winscp.rnd
2014-01-23 11:38 - 2010-07-09 10:12 - 00001456 _____ C:\Users\T\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-23 10:33 - 2009-07-14 05:13 - 00006350 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-22 16:45 - 2014-01-22 16:41 - 00000000 ____D C:\Program Files\Recuva
2014-01-22 16:41 - 2014-01-22 16:41 - 00001660 _____ C:\Users\Public\Desktop\Recuva.lnk
2014-01-22 13:52 - 2014-01-21 17:25 - 00000000 ____D C:\Support
2014-01-22 03:16 - 2014-01-22 03:16 - 00015264 _____ C:\Users\T\Downloads\data.xls
2014-01-22 03:16 - 2014-01-22 03:16 - 00014046 _____ C:\Users\T\Downloads\data (6).csv
2014-01-21 19:52 - 2010-10-13 10:23 - 00000000 ____D C:\Users\T\AppData\Roaming\Blueberry
2014-01-21 19:45 - 2010-10-13 21:09 - 00000031 _____ C:\Windows\system32\bbcap.err
2014-01-21 19:20 - 2014-01-21 18:18 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-21 19:09 - 2014-01-21 18:20 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-21 19:07 - 2014-01-21 18:17 - 00000083 _____ C:\Users\T\AppData\Roaming\die.bat
2014-01-21 19:03 - 2014-01-21 18:19 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-21 18:20 - 2014-01-21 18:20 - 00003440 _____ C:\Windows\System32\Tasks\RegistryDr_Popup
2014-01-21 18:20 - 2014-01-21 18:20 - 00003176 _____ C:\Windows\System32\Tasks\RegistryDr_Start
2014-01-21 18:20 - 2014-01-21 18:20 - 00000000 ____D C:\Users\T\AppData\Local\RegistryDR
2014-01-21 18:20 - 2014-01-21 18:19 - 00000000 ____D C:\Users\T\Documents\RegistryDr
2014-01-21 17:59 - 2011-06-13 22:28 - 00000000 ____D C:\Users\T\AppData\Roaming\uTorrent
2014-01-21 17:35 - 2014-01-21 17:35 - 00001694 _____ C:\Windows\SysWOW64\${LOGFILE}
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\T\AppData\Local\Packages
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\T\AppData\Local\Comodo
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Guest
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-21 17:25 - 2014-01-21 17:25 - 00000000 ____D C:\Users\Administrator
2014-01-21 17:25 - 2010-12-14 12:28 - 00000000 ____D C:\Users\T\AppData\Local\Google
2014-01-21 17:21 - 2014-01-21 17:20 - 00013016 _____ C:\Users\T\AppData\Roaming\Bubble Dock.installation.log
2014-01-21 16:53 - 2011-06-13 22:29 - 00000000 ____D C:\Program Files (x86)\uTorrent
2014-01-17 16:38 - 2014-01-17 16:38 - 00003494 _____ C:\Users\T\Downloads\data (5).csv
2014-01-17 16:38 - 2014-01-17 16:38 - 00003494 _____ C:\Users\T\Downloads\data (4).csv
2014-01-16 11:46 - 2012-07-19 12:30 - 00002351 _____ C:\Users\T\Desktop\Google Chrome.lnk
2014-01-14 22:11 - 2014-01-14 22:11 - 00058880 _____ C:\Users\T\Downloads\aAffiliateEventBreakdownReport (1).xls
2014-01-14 22:09 - 2014-01-14 22:08 - 00014848 _____ C:\Users\T\Downloads\aAffiliateEventBreakdownReport.xls
2014-01-11 01:28 - 2011-01-20 22:36 - 00001008 _____ C:\Users\T\Desktop\Dropbox.lnk
2014-01-11 01:28 - 2011-01-20 22:33 - 00000000 ____D C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-11 00:41 - 2014-01-11 00:41 - 00006407 _____ C:\Users\T\Downloads\data (3).csv
2014-01-09 18:40 - 2014-01-09 18:40 - 00003698 _____ C:\Users\T\Downloads\S-304949-11l1508.csv
2014-01-09 17:45 - 2014-01-09 17:45 - 00127289 _____ C:\Users\T\Downloads\S-304949-1l1000437.csv
2014-01-09 17:18 - 2014-01-09 17:17 - 02122272 _____ (A.I.SOFT,INC.) C:\Users\T\Downloads\Y11E_C1-hostm-64-D1.EXE.download
2014-01-09 17:15 - 2012-09-03 10:28 - 00000000 ____D C:\ProgramData\Brother
2014-01-09 17:14 - 2011-02-09 14:06 - 00000000 ____D C:\Program Files (x86)\Safari
2014-01-09 16:41 - 2014-01-09 16:41 - 00000690 _____ C:\Users\T\Downloads\data (2).csv
2014-01-09 16:41 - 2014-01-09 16:40 - 00000690 _____ C:\Users\T\Downloads\data (1).csv
2014-01-09 00:56 - 2014-01-09 00:56 - 00001428 _____ C:\Users\T\Downloads\download.csv
2014-01-07 18:48 - 2013-10-18 02:11 - 00000000 ____D C:\ProgramData\Oracle
2014-01-07 18:47 - 2014-01-07 18:47 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-07 18:47 - 2014-01-07 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-07 18:47 - 2014-01-07 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-07 18:47 - 2014-01-07 18:47 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-07 18:47 - 2014-01-07 18:46 - 30694824 _____ (Oracle Corporation) C:\Users\T\Downloads\jre-7u45-windows-x64.exe
2014-01-07 18:47 - 2010-05-27 16:02 - 00000000 ____D C:\Program Files\Java
2014-01-07 18:43 - 2010-05-27 16:01 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-06 15:40 - 2014-01-06 15:40 - 00001276 _____ C:\Users\T\Downloads\data.csv
2014-01-06 12:18 - 2014-01-06 12:18 - 00042952 _____ C:\Users\T\Downloads\268701-invoice.csv
2014-01-04 03:38 - 2011-05-08 02:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 01:36 - 2012-07-26 12:29 - 00000757 _____ C:\Users\T\Desktop\K****m Reports.lnk
2013-12-27 17:07 - 2013-12-05 15:33 - 00000000 ____D C:\Program Files (x86)\Belarc
2013-12-27 16:21 - 2013-12-27 16:21 - 00000000 ____D C:\Program Files\OutfoxTV

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 02:14

==================== End Of Log ============================

Edited by bangramonkey, 25 January 2014 - 05:26 AM.

  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Making good progress I think.

Now

Go to the link below for instructions on how to reset Google Chrome browser settings:

https://support.goog...r/3296214?hl=en

After that

Looks like you might have used this one before.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#20
bangramonkey

bangramonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Scan took a while to run and found several targets (below). There was no log file created at C:\Program Files\ESET\EsetOnlineScanner\log.txt. There was just an option to copy the list of files to the clipboard which is what I did.

It's hard to tell how the system is running as it could just be in a "stable period". Last blue screen and restart was when I messaged it on here which is a good sign. It does however still say this copy of Windows 7 is not genuine. I'm going to reboot the computer now to see how it acts on restart.

PS I've edited some of the folder names as didn't want certain things being indexed on search engines under those names.



C:\Users\All Users\Adobe\CS5\jre\lib\deploy\ffjcext.zip MSIL/Agent.AE worm
C:\Users\All Users\SupportSoft\DellSupportCenter\SYSTEM\data\manifest.zip MSIL/Agent.AE worm
C:\Users\All Users\SupportSoft\DellSupportCenter\_default\data\manifest.zip MSIL/Agent.AE worm
C:\Windows\SysWOW64\KBDDINPUN.DLL Win32/BHO.OEV trojan
C:\Windows\SysWOW64\KBDTH00.DLL Win32/BHO.OEV trojan
C:\Windows\SysWOW64\mapi332.dll Win32/BHO.OEV trojan
D:\K****m Backups\1and1-17012014\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\about\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\baby-kids\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\charity\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\claim\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\computers-software\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\contact\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\daily-clicks\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\electricals\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\entertainment\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\failed-to-set-cookie\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\fashion\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\finance\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\gambling\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\general-shopping\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\gifts-gadgets\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\guarantee\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\health-beauty\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\help\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\home-garden\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\learn\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\login\lib\ez_sql_help.htm JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\login\lib\date_class\readme.htm JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\making\footer.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\making\header.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\making\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\making\admin\footer.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\making\admin\header.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\making\admin\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\merchant\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\mobiles-utilities\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\no-spend\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\office\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\privacy\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\redeem\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\refer\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\review\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\sitemap\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\sports-leisure\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\statement\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\stores\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\suggest\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\terms\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\ticket\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\travel\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\vouchers\coupon.html JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\vouchers\index.php JS/Kryptik.BM trojan
D:\K****m Backups\1and1-17012014\white-label\index.php JS/Kryptik.BM trojan
D:\K****m Backups\f********e.co.uk-01102010\ccount\index.php PHP/Obfuscated.F application
D:\K****m Backups\f********e.co.uk-05122010\ccount\index.php PHP/Obfuscated.F application
D:\K****m Backups\f********e.co.uk-29112010\ccount\index.php PHP/Obfuscated.F application
D:\K****m Backups\K****m_24July2009\ccount12.zip PHP/Obfuscated.F application
D:\K****m Backups\K****m_24July2009\ccount\index.php PHP/Obfuscated.F application
D:\K****m Backups\K****m_24July2009\Thincheese\ccount\index.php PHP/Obfuscated.F application
D:\My Stuff\E-books For Dummies Collection 2012\E-books For Dummies Collection 2012.zip a variant of Win32/BHO.OEG trojan
D:\My Stuff\Illustrator CS5\Adobe Illustrator CS5.1 Incl Crack\SOFTWARE\Set-up.exe a variant of Win32/VB.RDA trojan
C:\AdwCleaner\Quarantine\C\Users\T\AppDaTa\Local\genienext\nengine.dll.vir Win32/NextLive.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\coza.exe a variant of Win32/Kryptik.KBU trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\mekomdo.dll a variant of Win32/TrojanProxy.Agent.NHM trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\oxkimi.exe a variant of Win32/Injector.GPC trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\qyko.exe a variant of Win32/Kryptik.MSZ trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\ukore.exe a variant of Win32/Injector.GXE trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\ycte.exe a variant of Win32/Kryptik.TFO trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Adobe\Adobe Device Central CS5\Required\Devices.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\StageManager\Debug\CSXS StageManager.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\StageManager\Release\CSXS StageManager.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\CyberLink\PowerDVD DX\Koan\psyco.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\CyberLink\PowerDVD DX\Koan\python24.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Interface.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\LoginForm.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\images.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\images_classic.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\images_crystal.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\images_hicontrast.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\images_industrial.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\images_tango.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\glas-blue.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\glas-green.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\glas-red.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\round-gorilla.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\round-white.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\simple.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-blue.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-gray.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-green.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-red.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\Basis\share\config\wizard\web\buttons\square-yellow.zip MSIL/Agent.AE worm deleted - quarantined
C:\Program Files (x86)\OpenOffice.org 3\share\config\images_brand.zip MSIL/Agent.AE worm deleted - quarantined
C:\ProgramData\Adobe\CS5\jre\lib\deploy\ffjcext.zip MSIL/Agent.AE worm deleted - quarantined
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\data\manifest.zip MSIL/Agent.AE worm deleted - quarantined
C:\ProgramData\SupportSoft\DellSupportCenter\_default\data\manifest.zip MSIL/Agent.AE worm deleted - quarantined
C:\TDSSKiller_Quarantine\25.01.2014_04.35.20\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.01.2014_04.35.20\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.G trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.01.2014_04.35.20\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Olmarik.AIZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.01.2014_04.35.20\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.G trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.01.2014_04.35.20\mbr0000\tdlfs0000\tsk0007.dta probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.01.2014_04.35.20\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.A trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.01.2014_04.35.20\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/TrojanProxy.Agent.NJZ trojan cleaned by deleting - quarantined
C:\Users\T\AppData\Local\SupportSoft\dellsupportcenter\T\data\manifest.zip MSIL/Agent.AE worm deleted - quarantined
C:\Windows\pss\avcheck.exe.Startup MSIL/Agent.AE worm cleaned by deleting - quarantined
C:\Windows\System32\KBDDINPUN.DLL Win32/BHO.OEV trojan cleaned by deleting - quarantined
C:\Windows\System32\KBDTH00.DLL Win32/BHO.OEV trojan cleaned by deleting - quarantined
C:\Windows\System32\mapi332.dll Win32/BHO.OEV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01252014_052325\c_windows\System32\gonrrkt.dll Win32/TrojanProxy.Agent.NGY trojan cleaned by deleting - quarantined
D:\Clients\CTS International\cts-brochure.zip MSIL/Agent.AE worm deleted - quarantined
D:\Clients\CTS International\cts-images.zip MSIL/Agent.AE worm deleted - quarantined
D:\Home-Documents\Backup_MBR_0.zip MSIL/Agent.AE worm deleted - quarantined
D:\Home-Documents\BangraMonkey-cth-dmp(4).zip MSIL/Agent.AE worm deleted - quarantined
D:\iPhone\redsn0w-win_0.9.4.zip MSIL/Agent.AE worm deleted - quarantined
D:\iPhone\redsn0w_win_0.9.5b5-5.zip MSIL/Agent.AE worm deleted - quarantined
D:\K****m\Admin\auto_reports\New folder\php_sample_code_daily_publisher_commission_report.zip MSIL/Agent.AE worm deleted - quarantined
D:\K****m\Admin\auto_reports\New folder\php_sample_code_real_time_commission_report.zip MSIL/Agent.AE worm deleted - quarantined
D:\K****m\DESIGN\big-cheese-istockphoto\iStock_000007588574Illustra.zip MSIL/Agent.AE worm deleted - quarantined
D:\K****m\IE-Network\CLIENTS\RubyCotton\original.zip MSIL/Agent.AE worm deleted - quarantined
D:\K****m\Plunkett Communications\logos.zip MSIL/Agent.AE worm deleted - quarantined
D:\K****m\Reports\Zanox\asos-f********e-promotions.zip MSIL/Agent.AE worm deleted - quarantined
D:\K****m\RTE\wyzz0.65.zip MSIL/Agent.AE worm deleted - quarantined

Edited by bangramonkey, 25 January 2014 - 05:24 AM.

  • 0

#21
bangramonkey

bangramonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Restarted into Windows straight away (previously sometimes I'd have to restart 4 or 5 times before it was "stable")) which is good however I'm still greeted by the message to say Windows isn't genuine :(



EDIT: Something strange has happened. I use both MS Office and OpenOffice. When using OpenOffice all the icons have disappeared from the toolbar.. they been replaced by text instead e.g. instead of a button with "B" for bold it actually says the word "Bold".

Edited by bangramonkey, 25 January 2014 - 07:31 AM.

  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Scan took a while to run and found several targets (below).


Many of those were already in quarantine in the tools we have been using. ESET is very thorough and picks those up.

EDIT: Something strange has happened. I use both MS Office and OpenOffice. When using OpenOffice all the icons have disappeared from the toolbar.. they been replaced by text instead e.g. instead of a button with "B" for bold it actually says the word "Bold".


Might be something to do with the changes the tools we use make to your machine to allow them to work efficiently. They are reversed when we remove the tools at the end. We will check again following a reboot after the cleanup process.

It does however still say this copy of Windows 7 is not genuine.


We will look at that now.

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
Next

  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.
So when you return please post
  • MGA Diagnostic report
  • WVCheck report

  • 0

#23
bangramonkey

bangramonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for getting back to me.

I ran both scans but not sure if WVCheck worked or not. It looked like it was running OK but the command window just closed after a couple of minutes and there was no file displayed for me to copy & paste.

The MGADiag report is as follows:




Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {295B9E95-3177-4045-BD7B-56C65E1D555A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_rtm.090713-1255
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{295B9E95-3177-4045-BD7B-56C65E1D555A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-2796125895-4089865643-1469591702</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1764</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="6"/><Date>20100226000000.000000+000</Date></BIOS><HWID>AAB93607018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-2057-7600.0000-3392013
Installation ID: 021202204776277586877023460896537085213996138381758865
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: RMV82
License Status: Notification
Notification Reason: 0xC004F057.
Remaining Windows rearm count: 3
Trusted time: 25/01/14 23:27:11

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LgAAAAEAAgABAAEAAAABAAAAAgABAAEAeqjuJOCfMo6aUQLPkIF0XQQUhmNcXQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
OSFR DELL DELL
SSDT PmRef CpuPm
  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
That is showing that the trial period has expired and that the OS isn't validated.

Your computer had a lot of infection. Don't know whether the TDL4 one caused this but the validation needs attending to.

I suggest you talk to microsoft.

Click Start > All Programs > Accessories > Command Prompt and type slui.exe 4 (note the space... it should be there) and hit Enter.

Select an activation centre near you, call, speak with a real person and explain what happened.

Come back and tell me how your got on. I cannot help you further until the machine is validated.

Apart from that I think your machine is good to go.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#25
bangramonkey

bangramonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you very much for all your help. I'll give Microsoft a call on Monday to see I can get a new activation key from them.

I've removed all the tools as instructed... it all feels a lot better now. Fingers crossed it stays good. Still have that issue with OpenOffice however. I'll just uninstall and reinstall to fix it.

Thanks once again.
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Your welcome and good luck. :happy:
  • 0

#27
bangramonkey

bangramonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi

Just wanted to give you an update :)

After a couple of days the message that kept popping up stating the Windows version wasn't genuine disappeared! Only issue is that whenever I try to install Windows updates it comes up with some sort of error half way through and stops updating.

System seems a million times better now which is great.

Thanks once again.
  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Yes, until you get it validated the updates won't work.

Thank you for the update.
  • 0

#29
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP