Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ive got a virus,,Can't Run Any Antivirus [Closed]

cant run malwarebytes or anti

  • This topic is locked This topic is locked

#1
martin999

martin999

    Member

  • Member
  • PipPip
  • 16 posts

hi

ive tried a few things but with no success

ive gotten rid off viruses b4 but this one is proving difficult

it is possibly Trojan:Win32/Sirefef!cfg

or similar

 

any help would be great

thanks

 


  • 0

Advertisements


#2
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, martin999. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)

 
First, I'd like to have a look at your system. Please, do the following:

FRST Scan

Download Farbar Recovery Scan Tool and save it to your Desktop. There are two different versions:
  • Click here to download the 32-bit version.
  • Click here to download the 64-bit version.
If you don't know which version you should use, download one of them and check if it's working or not. If it doesn't, download the second one. Once you have the right one, perform the instructions below.
  • Right click FRST.exe (or FRST64.exe) and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content

  • 0

#3
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

hey nevan,

thanks for your help

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by martin (administrator) on MARTIN-HP on 07-03-2015 19:30:32
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available profiles: martin)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIEE.EXE
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-26] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-08] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {0cd8b324-371a-11e3-a68f-60eb69516051} - F:\Startme.exe
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {28ba5079-7b29-11e1-888f-60eb69516051} - F:\LaunchU3.exe -a
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {4deadbd6-0d8a-11e0-84c2-60eb69516051} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\PROGRA~3\64FDB2~1\enehjzcl.cpp (No File)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\7943F95D.cpp (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
SearchScopes: HKLM -> DefaultScope {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8B294682-24E4-4C94-8DE3-45B61E1FA485} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM -> {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {E4B0F441-2653-4E50-8BA8-1E50D53AB9F3} URL = http://au.search.yah...psg&type=CPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {8B294682-24E4-4C94-8DE3-45B61E1FA485} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 -> {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {E4B0F441-2653-4E50-8BA8-1E50D53AB9F3} URL = http://au.search.yah...psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> DefaultScope {989D007B-ABFA-485E-BB07-F864A1638BDD} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {8B294682-24E4-4C94-8DE3-45B61E1FA485} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-11-08 11:56:02&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {989D007B-ABFA-485E-BB07-F864A1638BDD} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {998A235D-8B39-4B89-8DEC-2A80B9B53605} URL = http://search.condui...&ctid=CT2504091
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {E4B0F441-2653-4E50-8BA8-1E50D53AB9F3} URL = http://au.search.yah...psg&type=CPNTDF
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.co...gamesplayer.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07D33E3F-B93C-46D6-BC93-52A509710B0B}: [NameServer] 203.21.112.40 202.124.65.18

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-18]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-30]
CHR Extension: (Google Drive) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]
CHR Extension: (Google Search) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]
CHR Extension: (Google Wallet) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-01-30]
CHR Extension: (Gmail) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-23] (Hewlett-Packard Company) [File not signed]
S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-30] ()
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-20] (Hewlett-Packard Company) [File not signed]
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-04-20] (Realtek Semiconductor Corp.) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-08] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-08] (AVG Technologies)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235520 2010-06-10] (ZTE Incorporated)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 19:30 - 2015-03-07 19:31 - 00020397 _____ () C:\Users\martin\Desktop\FRST.txt
2015-03-07 19:29 - 2015-03-07 19:29 - 02092544 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe
2015-03-07 19:27 - 2015-03-07 19:27 - 02092544 _____ (Farbar) C:\Users\martin\Downloads\FRST64.exe
2015-03-07 19:26 - 2015-03-07 19:30 - 00000000 ____D () C:\FRST
2015-03-07 17:00 - 2015-03-07 18:27 - 00000000 ____D () C:\VIPRERESCUE
2015-03-07 17:00 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-03-07 17:00 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-03-07 14:17 - 2015-03-07 14:17 - 00887280 _____ (Microsoft Corporation) C:\Users\martin\Downloads\mssstool64 (2).exe
2015-03-07 14:17 - 2015-03-07 14:17 - 00887280 _____ (Microsoft Corporation) C:\Users\martin\Downloads\mssstool64 (1).exe
2015-03-07 14:16 - 2015-03-07 14:16 - 00887280 _____ (Microsoft Corporation) C:\Users\martin\Downloads\mssstool64.exe
2015-03-07 13:52 - 2015-03-07 13:52 - 00277048 _____ () C:\Windows\Minidump\030715-39421-01.dmp
2015-03-07 12:43 - 2015-03-07 12:43 - 00716896 _____ (Kaspersky Lab) C:\Users\martin\Desktop\kassetup.exe
2015-03-07 12:09 - 2015-03-07 12:09 - 00368992 _____ (ESET) C:\Users\martin\Desktop\ESETSirefefCleaner.exe
2015-03-07 11:20 - 2015-03-07 11:20 - 00004760 _____ () C:\Users\martin\Desktop\Statement_of_Account_20150306.html
2015-03-06 19:07 - 2015-03-06 19:07 - 01158964 _____ () C:\Windows\system32\CFG3222717847
2015-03-06 19:03 - 2015-03-07 13:51 - 355150235 _____ () C:\Windows\MEMORY.DMP
2015-03-06 19:03 - 2015-03-06 19:03 - 00270440 _____ () C:\Windows\Minidump\030615-48251-01.dmp
2015-03-06 18:30 - 2015-03-06 18:30 - 00004002 _____ () C:\Windows\System32\Tasks\RegCure Pro_sch_994948B8-C3D2-11E4-839F-60EB69516051
2015-03-06 18:30 - 2015-03-06 18:30 - 00000000 ____D () C:\Users\martin\AppData\Roaming\ParetoLogic
2015-03-06 18:29 - 2015-03-06 18:29 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2015-03-06 18:29 - 2015-03-06 18:29 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-03-06 18:29 - 2015-03-06 18:29 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2015-03-06 11:06 - 2015-03-06 18:11 - 00000000 ____D () C:\ProgramData\SparkTrust
2015-03-06 11:06 - 2015-03-06 11:06 - 00000000 ____D () C:\Users\martin\AppData\Roaming\SparkTrust
2015-03-06 10:22 - 2015-03-06 10:23 - 00000000 ____D () C:\Users\martin\AppData\Roaming\QuickScan
2015-03-06 10:18 - 2015-03-06 10:18 - 00237870 _____ () C:\Users\martin\AppData\Local\census.cache
2015-03-06 10:18 - 2015-03-06 10:18 - 00118612 _____ () C:\Users\martin\AppData\Local\ars.cache
2015-03-06 09:53 - 2015-03-06 09:53 - 00000036 _____ () C:\Users\martin\AppData\Local\housecall.guid.cache
2015-03-06 09:41 - 2015-03-06 09:41 - 00000143 _____ () C:\Users\martin\Desktop\fault.txt
2015-03-05 22:52 - 2015-03-06 09:12 - 00000000 ____D () C:\8317c0f12b01bd55efee8d88
2015-03-05 20:47 - 2015-03-05 20:47 - 00003544 ____N () C:\bootsqm.dat
2015-03-05 15:21 - 2015-03-05 15:21 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2015-03-05 15:21 - 2015-03-05 15:21 - 00000000 ____D () C:\inetpub
2015-02-24 18:12 - 2015-02-24 18:12 - 00004515 _____ () C:\Users\martin\Desktop\Statement_of_Account phone.html
2015-02-14 19:01 - 2015-02-14 19:01 - 00000000 ____D () C:\Users\martin\Nightcrawler (2014)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 19:30 - 2009-07-14 15:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 19:30 - 2009-07-14 15:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 19:26 - 2013-07-06 12:52 - 01792554 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 19:26 - 2009-07-14 16:13 - 00714754 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 19:20 - 2015-01-25 14:39 - 00000336 _____ () C:\Windows\setupact.log
2015-03-07 19:20 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 18:27 - 2012-05-13 15:56 - 00000000 ____D () C:\Users\martin\Mission Impossible Ghost Protocol  {2011} DVDRIP. Jaybob
2015-03-07 15:00 - 2014-03-03 17:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 13:58 - 2015-01-18 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-03-07 13:58 - 2015-01-18 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-03-07 13:58 - 2015-01-18 18:59 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-03-07 13:58 - 2015-01-18 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-07 13:58 - 2014-12-07 22:03 - 00000000 ____D () C:\Users\martin\A.Most.Wanted.Man.2014.BRRip.x264.Ac3.CrEwSaDe
2015-03-07 13:58 - 2014-05-25 16:33 - 00000000 ____D () C:\Users\martin\Oculus [2013] HDRip XViD juggs[ETRG]
2015-03-07 13:58 - 2014-05-25 12:58 - 00000000 ____D () C:\Users\martin\Family.Guy.S12E01-21.720p.WEB-DL.x264.AAC
2015-03-07 13:58 - 2014-05-25 11:38 - 00000000 ____D () C:\Users\martin\Buffalo 66 1998 BDRip AAC x264
2015-03-07 13:58 - 2014-03-09 14:36 - 00000000 ____D () C:\Users\martin\12.Years.a.Slave.2013.DVDScr.XVID.AC3.HQ.Hive-CM8
2015-03-07 13:58 - 2013-12-01 02:44 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Paul.Chowdhry.Whats.Happening.White.People.2012.DVDRip.XviD-HAGGiS
2015-03-07 13:58 - 2013-07-08 20:42 - 00000000 ____D () C:\Users\martin\Lucinda_Williams-Car_Wheels_On_A_Gravel_Road-2CD-(Deluxe_Edition)-2006
2015-03-07 13:58 - 2013-06-13 21:25 - 00000000 ____D () C:\Users\martin\Shutter Island[2010]DvDrip[Eng]-FXG
2015-03-07 13:58 - 2013-05-27 21:12 - 00000000 ____D () C:\Users\martin\Dirty.Pretty.Things.2002.DVDRip.H264.AAC.Gopo
2015-03-07 13:58 - 2013-05-25 19:52 - 00000000 ____D () C:\Users\martin\The.Guard.LIMITED.DVDRip.XviD-DoNE
2015-03-07 13:58 - 2013-05-25 12:43 - 00000000 ____D () C:\Users\martin\A Common Man {2013} DVDRIP. Jaybob
2015-03-07 13:58 - 2013-05-25 12:10 - 00000000 ____D () C:\Users\martin\Side Effects (2013)
2015-03-07 13:58 - 2013-05-03 18:46 - 00000000 ____D () C:\Users\martin\Jack Reacher {2012} DVDRIP. Jaybob
2015-03-07 13:58 - 2013-04-28 13:28 - 00000000 ____D () C:\Users\martin\Welcome ToThe Punch {2013} DVDRIP. Jaybob
2015-03-07 13:58 - 2012-06-17 04:12 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Andy.Parsons.Gruntled.DVDRip.XviD-HAGGiS
2015-03-07 13:58 - 2012-06-17 04:08 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Jason.Manford.Live.2011.DVDRip.XviD-HAGGiS
2015-03-07 13:58 - 2012-06-16 21:43 - 00000000 ____D () C:\Users\martin\Sean.Lock.Live.Lockipedia.BDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
2015-03-07 13:58 - 2012-06-11 16:20 - 00000000 ____D () C:\Users\martin\Frankie.Boyle.If.I.Could.Reach.Out.Through.Your.TV.And.Strangle.You.I.Would.DVDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
2015-03-07 13:58 - 2012-06-11 00:17 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Mick.Flanagan.Live.-.The.Out.Out.Tour.2011.DVDRIP.X264.AAC.Extras.Included.CrEwSaDe
2015-03-07 13:58 - 2012-06-10 23:43 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Jimmy.Carr.Being.Funny.DVDRip.XviD-HAGGiS
2015-03-07 13:58 - 2012-06-10 20:19 - 00000000 ____D () C:\Users\martin\Reginald.D.Hunter.Live.2011.DVDRip.XviD-HAGGiS
2015-03-07 13:58 - 2011-07-13 20:11 - 00000000 ____D () C:\Users\martin\AppData\Roaming\vlc
2015-03-07 13:58 - 2010-12-21 22:42 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-07 13:58 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-07 13:58 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\registration
2015-03-07 13:57 - 2011-11-11 08:33 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-07 13:57 - 2011-01-16 20:54 - 00000000 ____D () C:\Users\martin\AppData\Roaming\SoftGrid Client
2015-03-07 13:57 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-07 13:52 - 2010-12-28 03:09 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 11:39 - 2011-03-02 16:09 - 00120832 ___SH () C:\Users\martin\Thumbs.db
2015-03-06 19:04 - 2010-12-21 21:18 - 00000000 ____D () C:\Users\martin
2015-03-06 09:18 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-06 09:12 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-03-06 09:12 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-03-05 22:52 - 2014-05-25 10:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-28 07:20 - 2012-03-06 00:06 - 00000000 ____D () C:\Users\martin\AppData\Local\Spotify
2015-02-18 00:04 - 2012-04-01 11:29 - 00000000 ____D () C:\Users\martin\AppData\Roaming\uTorrent
2015-02-14 22:23 - 2014-10-15 17:47 - 00000000 ____D () C:\Users\martin\Peaky Blinders - Season 01 720p MrLss
2015-02-14 22:05 - 2014-10-30 17:42 - 00000000 ____D () C:\Users\martin\AppData\Local\Avg2015
2015-02-14 21:46 - 2013-10-03 19:52 - 00000000 ____D () C:\Users\martin\Family Guy - Season 7

==================== Files in the root of some directories =======

2015-03-06 11:06 - 2015-03-06 18:30 - 0000053 _____ () C:\Users\martin\AppData\Roaming\LogFile.txt
2013-05-12 13:22 - 2013-05-12 13:22 - 0154539 _____ () C:\Users\martin\AppData\Local\ad776922-f4fe-4dd2-beff-7bdd53b91d13
2015-03-06 10:18 - 2015-03-06 10:18 - 0118612 _____ () C:\Users\martin\AppData\Local\ars.cache
2015-03-06 10:18 - 2015-03-06 10:18 - 0237870 _____ () C:\Users\martin\AppData\Local\census.cache
2011-11-11 01:29 - 2011-11-11 01:29 - 0003584 _____ () C:\Users\martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-02 23:16 - 2012-05-04 15:14 - 0002679 _____ () C:\Users\martin\AppData\Local\ftoqtffh.log
2012-05-02 23:16 - 2012-05-04 15:14 - 0141317 _____ () C:\Users\martin\AppData\Local\hmfkgejn.log
2015-03-06 09:53 - 2015-03-06 09:53 - 0000036 _____ () C:\Users\martin\AppData\Local\housecall.guid.cache
2012-05-02 23:16 - 2012-05-02 23:16 - 0003315 _____ () C:\Users\martin\AppData\Local\lbxainjl.log
2012-05-02 23:15 - 2012-05-02 23:15 - 0000000 _____ () C:\Users\martin\AppData\Local\oeqlomdq.log
2012-05-03 22:30 - 2012-05-05 10:48 - 0000000 _____ () C:\Users\martin\AppData\Local\qsailmuj.log
2011-12-10 17:46 - 2013-06-22 18:08 - 0007613 _____ () C:\Users\martin\AppData\Local\Resmon.ResmonCfg
2012-05-02 23:14 - 2012-05-05 10:47 - 0000024 _____ () C:\Users\martin\AppData\Local\sbnmapwt.log
2012-05-02 23:14 - 2012-05-02 23:15 - 0953024 _____ () C:\Users\martin\AppData\Local\truavmeq.log
2012-05-02 23:15 - 2012-05-02 23:15 - 0000000 _____ () C:\Users\martin\AppData\Local\ujcvmppf.log
2012-05-02 23:15 - 2012-05-05 10:39 - 0079036 _____ () C:\Users\martin\AppData\Local\urkpttek.log
2012-05-02 23:15 - 2012-05-02 23:15 - 0004048 _____ () C:\Users\martin\AppData\Local\xkihcino.log
2012-02-08 02:33 - 2012-02-08 02:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-25 02:55 - 2010-12-25 02:55 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-08-17 19:36 - 2010-08-17 19:36 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-15 10:58 - 2010-07-15 10:59 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-08-17 19:36 - 2010-08-17 19:36 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-15 10:51 - 2010-07-15 10:53 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-17 19:35 - 2010-08-17 19:35 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-08-17 19:36 - 2010-08-17 19:36 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-15 10:51 - 2010-07-15 10:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-15 10:53 - 2010-07-15 10:58 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-08-17 19:36 - 2010-08-17 19:37 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-421915183-1335184199-442078303-1000\$fa6ac1251b0f0cd3f56a2fde2fe50831

Files to move or delete:
====================
C:\Users\martin\hash.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-24 20:23

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by martin at 2015-03-07 19:31:41
Running from C:\Users\martin\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29342 - BitTorrent Inc.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CPU Speed Pro version 3 (HKLM-x32\...\{E0E0C30A-89AF-11E0-951E-11904824019B}_is1) (Version: 3 - CPU Speed Pro)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
DivX H.264 decoder 8.2.0.26 (HKLM-x32\...\divxh264_is1) (Version: 8.2.0.26 - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.3 - DivX, LLC)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-200 Series Printer Uninstall (HKLM\...\EPSON XP-200 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
e-tax 2011 (HKLM-x32\...\{C078C299-C2C2-4110-A6EF-8D5E66C228DA}) (Version: 11.1.704 - ATO)
e-tax 2012 (HKLM-x32\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10111.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Network Guide EPSON XP-200 Series (HKLM-x32\...\EPSON XP-200 Series Netg) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Puzzle Pirates (HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\Puzzle Pirates) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SoftStylus (HKLM-x32\...\{AC20F304-F02A-473E-BDE7-2400FC7429ED}) (Version: 2.2.131.4 - Motorola)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.3.201402131509 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Spotify (HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
User's Guide EPSON XP-200 Series (HKLM-x32\...\EPSON XP-200 Series Useg) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vidshow (HKLM-x32\...\Vidshow_is1) (Version:  - )
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yontoo Layers Runtime 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo LLC) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-421915183-1335184199-442078303-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\FntCache.dll No File

==================== Restore Points  =========================

18-01-2015 19:01:34 Installed Microsoft Visual C++ 2005 Redistributable
18-01-2015 19:02:57 Installed Easy Photo Print Plug-in for PMB(Picture Motion Browse
18-01-2015 19:04:42 Installed ABBYY FineReader 9.0 Sprint
26-01-2015 09:30:28 Scheduled Checkpoint
03-02-2015 03:37:16 Scheduled Checkpoint
11-02-2015 22:18:29 Scheduled Checkpoint
05-03-2015 15:21:00 Windows Modules Installer
05-03-2015 22:51:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26FA9754-C079-4A44-9CC3-CD1534E0279B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {45CACCF7-2B45-4459-B90B-D7CCCD7F2435} - System32\Tasks\{2B533682-3F35-1BFF-FF2D-D669FE5FEE42} => C:\Users\martin\AppData\Roaming\ad-aware antivirus\logs\20120901t220004.750162pid3520\celcqjx.exe
Task: {6A0357C6-5F79-4B8B-BB9D-F04141C7E122} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {6DAE5DDD-F2E3-4FBF-9083-FD3205097409} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-01] (Adobe Systems Incorporated)
Task: {83A334B2-B8E9-4FDF-954E-402F4F29338E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)
Task: {843B0A98-ED5B-424A-9642-E11639ABEB67} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {86CBD11A-6AE7-451E-810A-744266CA318D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)
Task: {8B061DE4-FECB-41A2-AA4F-B4AB2178A296} - System32\Tasks\{DC893428-AEC6-4311-B34B-A5A2EB6C7B0D} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {942E9391-0F7A-4340-9D11-A6E65F16634C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {9C5AB8B6-BB89-45CC-ACD1-588CE22174C8} - System32\Tasks\C__Users_martin_AppData_Local_Temp_pkg_602f37d0_musicoasis.exe => C:\Users\martin\AppData\Local\Temp\pkg_602f37d0\musicoasis.exe <==== ATTENTION
Task: {AB4F873E-A842-4F0D-B91D-5C5C459BF686} - System32\Tasks\{3F64406E-A24B-48CC-A6A7-F4F9FA0F0AC7} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {C7DA0FD0-FE12-4814-9083-C52C9EF7FEDE} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {F86CE952-0E41-470E-9CF3-413F4C1676EA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-23] (Piriform Ltd)
Task: {FAB52B1D-ABB7-4A1E-9AD1-CB62B80E9AB8} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()
Task: {FF4741AD-3826-40CA-8492-AEF26AD750A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-23] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-08 11:55 - 2014-11-08 11:55 - 03060248 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-11-08 11:55 - 2014-11-08 11:55 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
2014-11-08 11:55 - 2014-11-08 11:55 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
2014-11-08 11:55 - 2014-11-08 11:55 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\Users\martin\Desktop\forwarded message.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-421915183-1335184199-442078303-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HP Wireless Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\startupfolder: C:^Users^martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^autostart.lnk => C:\Windows\pss\autostart.lnk.Startup
MSCONFIG\startupfolder: C:^Users^martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hzjssfj.lnk => C:\Windows\pss\hzjssfj.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\martin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-421915183-1335184199-442078303-500 - Administrator - Disabled)
Guest (S-1-5-21-421915183-1335184199-442078303-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-421915183-1335184199-442078303-1002 - Limited - Enabled)
martin (S-1-5-21-421915183-1335184199-442078303-1000 - Administrator - Enabled) => C:\Users\martin

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2015 02:37:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x7c8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/07/2015 00:40:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x10bc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/07/2015 11:35:11 AM) (Source: MsiInstaller) (EventID: 11330) (User: martin-HP)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREa.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 0 was returned by WinVerifyTrust.

Error: (03/07/2015 11:34:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: martin-HP)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27055. CA_Error27055: SetupActionManager_init(0xE0010058): Installation failed.

Error: (03/05/2015 11:20:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/05/2015 01:03:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3ac0

Start Time: 01d05656fa41c4a0

Termination Time: 5450

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: ab60a5da-c2d9-11e4-9daf-60eb69516051

Error: (03/05/2015 00:08:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: igd10umd32.dll, version: 8.15.10.2086, time stamp: 0x4b80087f
Exception code: 0xc0000005
Fault offset: 0x000280a1
Faulting process id: 0x3344
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/01/2015 10:32:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: igd10umd32.dll, version: 8.15.10.2086, time stamp: 0x4b80087f
Exception code: 0xc0000005
Fault offset: 0x000280a1
Faulting process id: 0x72b4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/01/2015 09:57:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: igd10umd32.dll, version: 8.15.10.2086, time stamp: 0x4b80087f
Exception code: 0xc0000005
Fault offset: 0x000280a1
Faulting process id: 0xca40
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (03/01/2015 08:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: igd10umd32.dll, version: 8.15.10.2086, time stamp: 0x4b80087f
Exception code: 0xc0000005
Fault offset: 0x000280a1
Faulting process id: 0x4638
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (03/07/2015 07:21:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (03/07/2015 07:20:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%1053

Error: (03/07/2015 07:20:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.

Error: (03/07/2015 07:20:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%1053

Error: (03/07/2015 07:20:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.

Error: (03/07/2015 07:16:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2015 07:16:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2015 07:16:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2015 07:15:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2015 07:15:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (03/07/2015 02:37:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dunknown0.0.0.000000000c0000005000000007c801d05887f4dfdcbcC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown3bedcaf2-c47b-11e4-9b14-60eb69516051

Error: (03/07/2015 00:40:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dunknown0.0.0.000000000c00000050000000010bc01d05877bd5123c0C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownfbd339da-c46a-11e4-9f9e-60eb69516051

Error: (03/07/2015 11:35:11 AM) (Source: MsiInstaller) (EventID: 11330) (User: martin-HP)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1330. SA_Error1330: StandardAction(0xC0070532): A file that is required cannot be installed because the cabinet file C:\ProgramData\AVG2015\SetupBackup\COREa.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.  Error 0 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/07/2015 11:34:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: martin-HP)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27055. CA_Error27055: SetupActionManager_init(0xE0010058): Installation failed.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/05/2015 11:20:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/05/2015 01:03:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.164213ac001d05656fa41c4a05450C:\Program Files (x86)\Internet Explorer\iexplore.exeab60a5da-c2d9-11e4-9daf-60eb69516051

Error: (03/05/2015 00:08:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255digd10umd32.dll8.15.10.20864b80087fc0000005000280a1334401d0565857263f5eC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\igd10umd32.dll887a0eaa-c26f-11e4-9daf-60eb69516051

Error: (03/01/2015 10:32:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255digd10umd32.dll8.15.10.20864b80087fc0000005000280a172b401d0541016853b94C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\igd10umd32.dll9d5759ab-c006-11e4-8405-60eb69516051

Error: (03/01/2015 09:57:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255digd10umd32.dll8.15.10.20864b80087fc0000005000280a1ca4001d0540240b1cb1dC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\igd10umd32.dllbf4b39de-c001-11e4-8405-60eb69516051

Error: (03/01/2015 08:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255digd10umd32.dll8.15.10.20864b80087fc0000005000280a1463801d053f479d37608C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\igd10umd32.dll675d8a7c-bff5-11e4-8405-60eb69516051

==================== Memory info ===========================

Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz
Percentage of memory in use: 60%
Total physical RAM: 1978.92 MB
Available physical RAM: 783.11 MB
Total Pagefile: 3957.84 MB
Available Pagefile: 2291.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:282.5 GB) (Free:63.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1B0FDEFE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=282.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 5DDB0A76)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================


  • 0

#4
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, martin999.

Let's start with a warning.

P2P Warning

I've noticed that you have or have had a P2P (Peer-to-Peer) file sharing program on your machine:
  • µTorrent
It is important to stay away from them as they are used to share pirated material. The programs themselves can be safe, but majority of the files shared through them is infected.

Some of things to keep in mind when using P2P programs:
  • Your computer is more likely to get infected with malware, which will result in coming back to our or other forums for help.
  • You may have your important data stolen, including passwords, photos or personal information.
  • You help to share pirated material, which may result in arrest, fines, or even jail time for illegal downloads of copyrighted material.
If I still didn't convince you, please read these short reports about how dangerous it can be to use P2P programs:Whether you remove them or not is your decision. Though I strongly recommend you to uninstall your P2P programs as they most likely will cause problems in the future.

If you choose not to remove them, please refrain from using them until we are done on cleaning your computer.

 
Please note that the following folders will be deleted as they're likely the source of the malware as they've been obtained illegally:

C:\Users\martin\A.Most.Wanted.Man.2014.BRRip.x264.Ac3.CrEwSaDe
C:\Users\martin\Oculus [2013] HDRip XViD juggs[ETRG]
C:\Users\martin\Family.Guy.S12E01-21.720p.WEB-DL.x264.AAC
C:\Users\martin\Buffalo 66 1998 BDRip AAC x264
C:\Users\martin\12.Years.a.Slave.2013.DVDScr.XVID.AC3.HQ.Hive-CM8
C:\Users\martin\[ www.Torrenting.com ] - Paul.Chowdhry.Whats.Happening.White.People.2012.DVDRip.XviD-HAGGiS
C:\Users\martin\Lucinda_Williams-Car_Wheels_On_A_Gravel_Road-2CD-(Deluxe_Edition)-2006
C:\Users\martin\Shutter Island[2010]DvDrip[Eng]-FXG
C:\Users\martin\Dirty.Pretty.Things.2002.DVDRip.H264.AAC.Gopo
C:\Users\martin\The.Guard.LIMITED.DVDRip.XviD-DoNE
C:\Users\martin\A Common Man {2013} DVDRIP. Jaybob
C:\Users\martin\Side Effects (2013)
C:\Users\martin\Jack Reacher {2012} DVDRIP. Jaybob
C:\Users\martin\Welcome ToThe Punch {2013} DVDRIP. Jaybob
C:\Users\martin\[ www.Torrenting.com ] - Andy.Parsons.Gruntled.DVDRip.XviD-HAGGiS
C:\Users\martin\[ www.Torrenting.com ] - Jason.Manford.Live.2011.DVDRip.XviD-HAGGiS
C:\Users\martin\Sean.Lock.Live.Lockipedia.BDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
C:\Users\martin\Frankie.Boyle.If.I.Could.Reach.Out.Through.Your.TV.And.Strangle.You.I.Would.DVDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
C:\Users\martin\[ www.Torrenting.com ] - Mick.Flanagan.Live.-.The.Out.Out.Tour.2011.DVDRIP.X264.AAC.Extras.Included.CrEwSaDe
C:\Users\martin\[ www.Torrenting.com ] - Jimmy.Carr.Being.Funny.DVDRip.XviD-HAGGiS
C:\Users\martin\Reginald.D.Hunter.Live.2011.DVDRip.XviD-HAGGiS
Step #1
Uninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:
  • Yontoo Layers Runtime 1.10.01
Optional programs to uninstall:
  • µTorrent
 
Step #2
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   5.78KB   189 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Right click TDSSKiller.exe and select Run as Administrator to run the application. Accept the license agreements, then click on Change parameters.
    0Hfdwva.png
  • Check all boxes then click OK.
    Note: You will be prompted to reboot. Please do so.
  • Click the Start Scan button. This scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure that Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 
Things that should appear in your next post:
  • TDSSKiller log content
  • Fixlog.txt log content

  • 0

#5
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

hi

ive removed utorrent but

Yontoo Layers Runtime 1.10.01 wont uninstall

it says     set up initialization error       when i click uninstall

 

should i continue or do we need to get rid of this first?


  • 0

#6
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Leave it and move forward.


  • 0

#7
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

step 2  went ok

step 3  downloaded to desk top but would not open

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by martin at 2015-03-08 07:56:14 Run:1
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available profiles: martin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {0cd8b324-371a-11e3-a68f-60eb69516051} - F:\Startme.exe
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {28ba5079-7b29-11e1-888f-60eb69516051} - F:\LaunchU3.exe -a
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {4deadbd6-0d8a-11e0-84c2-60eb69516051} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\PROGRA~3\64FDB2~1\enehjzcl.cpp (No File)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\7943F95D.cpp (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
2015-03-06 18:30 - 2015-03-06 18:30 - 00000000 ____D () C:\Users\martin\AppData\Roaming\ParetoLogic
2015-03-06 18:29 - 2015-03-06 18:29 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2015-03-06 18:29 - 2015-03-06 18:29 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-03-06 18:29 - 2015-03-06 18:29 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2015-03-06 11:06 - 2015-03-06 18:11 - 00000000 ____D () C:\ProgramData\SparkTrust
2015-03-06 11:06 - 2015-03-06 11:06 - 00000000 ____D () C:\Users\martin\AppData\Roaming\SparkTrust
2010-12-25 02:55 - 2010-12-25 02:55 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-03-07 13:58 - 2014-12-07 22:03 - 00000000 ____D () C:\Users\martin\A.Most.Wanted.Man.2014.BRRip.x264.Ac3.CrEwSaDe
2015-03-07 13:58 - 2014-05-25 16:33 - 00000000 ____D () C:\Users\martin\Oculus [2013] HDRip XViD juggs[ETRG]
2015-03-07 13:58 - 2014-05-25 12:58 - 00000000 ____D () C:\Users\martin\Family.Guy.S12E01-21.720p.WEB-DL.x264.AAC
2015-03-07 13:58 - 2014-05-25 11:38 - 00000000 ____D () C:\Users\martin\Buffalo 66 1998 BDRip AAC x264
2015-03-07 13:58 - 2014-03-09 14:36 - 00000000 ____D () C:\Users\martin\12.Years.a.Slave.2013.DVDScr.XVID.AC3.HQ.Hive-CM8
2015-03-07 13:58 - 2013-12-01 02:44 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Paul.Chowdhry.Whats.Happening.White.People.2012.DVDRip.XviD-HAGGiS
2015-03-07 13:58 - 2013-07-08 20:42 - 00000000 ____D () C:\Users\martin\Lucinda_Williams-Car_Wheels_On_A_Gravel_Road-2CD-(Deluxe_Edition)-2006
2015-03-07 13:58 - 2013-06-13 21:25 - 00000000 ____D () C:\Users\martin\Shutter Island[2010]DvDrip[Eng]-FXG
2015-03-07 13:58 - 2013-05-27 21:12 - 00000000 ____D () C:\Users\martin\Dirty.Pretty.Things.2002.DVDRip.H264.AAC.Gopo
2015-03-07 13:58 - 2013-05-25 19:52 - 00000000 ____D () C:\Users\martin\The.Guard.LIMITED.DVDRip.XviD-DoNE
2015-03-07 13:58 - 2013-05-25 12:43 - 00000000 ____D () C:\Users\martin\A Common Man {2013} DVDRIP. Jaybob
2015-03-07 13:58 - 2013-05-25 12:10 - 00000000 ____D () C:\Users\martin\Side Effects (2013)
2015-03-07 13:58 - 2013-05-03 18:46 - 00000000 ____D () C:\Users\martin\Jack Reacher {2012} DVDRIP. Jaybob
2015-03-07 13:58 - 2013-04-28 13:28 - 00000000 ____D () C:\Users\martin\Welcome ToThe Punch {2013} DVDRIP. Jaybob
2015-03-07 13:58 - 2012-06-17 04:12 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Andy.Parsons.Gruntled.DVDRip.XviD-HAGGiS
2015-03-07 13:58 - 2012-06-17 04:08 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Jason.Manford.Live.2011.DVDRip.XviD-HAGGiS
2015-03-07 13:58 - 2012-06-16 21:43 - 00000000 ____D () C:\Users\martin\Sean.Lock.Live.Lockipedia.BDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
2015-03-07 13:58 - 2012-06-11 16:20 - 00000000 ____D () C:\Users\martin\Frankie.Boyle.If.I.Could.Reach.Out.Through.Your.TV.And.Strangle.You.I.Would.DVDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
2015-03-07 13:58 - 2012-06-11 00:17 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Mick.Flanagan.Live.-.The.Out.Out.Tour.2011.DVDRIP.X264.AAC.Extras.Included.CrEwSaDe
2015-03-07 13:58 - 2012-06-10 23:43 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Jimmy.Carr.Being.Funny.DVDRip.XviD-HAGGiS
2015-03-07 13:58 - 2012-06-10 20:19 - 00000000 ____D () C:\Users\martin\Reginald.D.Hunter.Live.2011.DVDRip.XviD-HAGGiS
C:\$Recycle.Bin\S-1-5-21-421915183-1335184199-442078303-1000\$fa6ac1251b0f0cd3f56a2fde2fe50831
C:\Users\martin\hash.dat
Task: {45CACCF7-2B45-4459-B90B-D7CCCD7F2435} - System32\Tasks\{2B533682-3F35-1BFF-FF2D-D669FE5FEE42} => C:\Users\martin\AppData\Roaming\ad-aware antivirus\logs\20120901t220004.750162pid3520\celcqjx.exe
Task: {6A0357C6-5F79-4B8B-BB9D-F04141C7E122} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
C:\PROGRA~2\AD-AWA~1
Task: {9C5AB8B6-BB89-45CC-ACD1-588CE22174C8} - System32\Tasks\C__Users_martin_AppData_Local_Temp_pkg_602f37d0_musicoasis.exe => C:\Users\martin\AppData\Local\Temp\pkg_602f37d0\musicoasis.exe <==== ATTENTION
C:\Users\martin\AppData\Local\Temp\pkg_602f37d0
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 => value deleted successfully.
"HKU\S-1-5-21-421915183-1335184199-442078303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cd8b324-371a-11e3-a68f-60eb69516051}" => Key deleted successfully.
HKCR\CLSID\{0cd8b324-371a-11e3-a68f-60eb69516051} => Key not found.
"HKU\S-1-5-21-421915183-1335184199-442078303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ba5079-7b29-11e1-888f-60eb69516051}" => Key deleted successfully.
HKCR\CLSID\{28ba5079-7b29-11e1-888f-60eb69516051} => Key not found.
"HKU\S-1-5-21-421915183-1335184199-442078303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4deadbd6-0d8a-11e0-84c2-60eb69516051}" => Key deleted successfully.
HKCR\CLSID\{4deadbd6-0d8a-11e0-84c2-60eb69516051} => Key not found.
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
"HKU\S-1-5-21-421915183-1335184199-442078303-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk => Moved successfully.
C:\PROGRA~3\64FDB2~1\enehjzcl.cpp not found.
C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\PROGRA~3\7943F95D.cpp not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\martin\AppData\Roaming\ParetoLogic => Moved successfully.
C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic => Moved successfully.
C:\ProgramData\ParetoLogic => Moved successfully.
C:\Program Files (x86)\ParetoLogic => Moved successfully.
C:\ProgramData\SparkTrust => Moved successfully.
C:\Users\martin\AppData\Roaming\SparkTrust => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.
C:\Users\martin\A.Most.Wanted.Man.2014.BRRip.x264.Ac3.CrEwSaDe => Moved successfully.
C:\Users\martin\Oculus [2013] HDRip XViD juggs[ETRG] => Moved successfully.
C:\Users\martin\Family.Guy.S12E01-21.720p.WEB-DL.x264.AAC => Moved successfully.
C:\Users\martin\Buffalo 66 1998 BDRip AAC x264 => Moved successfully.
C:\Users\martin\12.Years.a.Slave.2013.DVDScr.XVID.AC3.HQ.Hive-CM8 => Moved successfully.
C:\Users\martin\[ www.Torrenting.com ] - Paul.Chowdhry.Whats.Happening.White.People.2012.DVDRip.XviD-HAGGiS => Moved successfully.
C:\Users\martin\Lucinda_Williams-Car_Wheels_On_A_Gravel_Road-2CD-(Deluxe_Edition)-2006 => Moved successfully.
C:\Users\martin\Shutter Island[2010]DvDrip[Eng]-FXG => Moved successfully.
C:\Users\martin\Dirty.Pretty.Things.2002.DVDRip.H264.AAC.Gopo => Moved successfully.
C:\Users\martin\The.Guard.LIMITED.DVDRip.XviD-DoNE => Moved successfully.
C:\Users\martin\A Common Man {2013} DVDRIP. Jaybob => Moved successfully.
C:\Users\martin\Side Effects (2013) => Moved successfully.
C:\Users\martin\Jack Reacher {2012} DVDRIP. Jaybob => Moved successfully.
C:\Users\martin\Welcome ToThe Punch {2013} DVDRIP. Jaybob => Moved successfully.
C:\Users\martin\[ www.Torrenting.com ] - Andy.Parsons.Gruntled.DVDRip.XviD-HAGGiS => Moved successfully.
C:\Users\martin\[ www.Torrenting.com ] - Jason.Manford.Live.2011.DVDRip.XviD-HAGGiS => Moved successfully.
C:\Users\martin\Sean.Lock.Live.Lockipedia.BDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ] => Moved successfully.
C:\Users\martin\Frankie.Boyle.If.I.Could.Reach.Out.Through.Your.TV.And.Strangle.You.I.Would.DVDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ] => Moved successfully.
C:\Users\martin\[ www.Torrenting.com ] - Mick.Flanagan.Live.-.The.Out.Out.Tour.2011.DVDRIP.X264.AAC.Extras.Included.CrEwSaDe => Moved successfully.
C:\Users\martin\[ www.Torrenting.com ] - Jimmy.Carr.Being.Funny.DVDRip.XviD-HAGGiS => Moved successfully.
C:\Users\martin\Reginald.D.Hunter.Live.2011.DVDRip.XviD-HAGGiS => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-421915183-1335184199-442078303-1000\$fa6ac1251b0f0cd3f56a2fde2fe50831 => Moved successfully.
C:\Users\martin\hash.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45CACCF7-2B45-4459-B90B-D7CCCD7F2435}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45CACCF7-2B45-4459-B90B-D7CCCD7F2435}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2B533682-3F35-1BFF-FF2D-D669FE5FEE42} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B533682-3F35-1BFF-FF2D-D669FE5FEE42}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A0357C6-5F79-4B8B-BB9D-F04141C7E122}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0357C6-5F79-4B8B-BB9D-F04141C7E122}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => Key deleted successfully.
C:\PROGRA~2\AD-AWA~1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C5AB8B6-BB89-45CC-ACD1-588CE22174C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C5AB8B6-BB89-45CC-ACD1-588CE22174C8}" => Key deleted successfully.
C:\Windows\System32\Tasks\C__Users_martin_AppData_Local_Temp_pkg_602f37d0_musicoasis.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\C__Users_martin_AppData_Local_Temp_pkg_602f37d0_musicoasis.exe" => Key deleted successfully.
"C:\Users\martin\AppData\Local\Temp\pkg_602f37d0" => File/Directory not found.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{604299D7-6999-4C2F-A927-CB645811775A} canceled.
{7A709336-6AAC-4070-8C0A-4E3864ED8241} canceled.
{08D38C94-8AA2-4AB7-9DC9-9A82480B9FDB} canceled.
{D0269C82-8F00-48C4-8805-34704E11CE6D} canceled.
{93004B67-76A6-4D27-8CC8-1665E8D0A799} canceled.
{00C7BC47-B2D7-4007-AF79-31721D8E58B9} canceled.
6 out of 6 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

EmptyTemp: => Removed 322.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 07:57:53 ====


  • 0

#8
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Did you get any error when you were trying to launch TDSSKiller?


  • 0

#9
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

no, nothing.

 

just the usual user account control, do you want to allow the following program to make changes to this computer.  yes/no

click yes box closes and nothing happens


  • 0

#10
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, martin999.

Let's try doing something else first.

Step #1
RKill
  • Please download Rkill.exe to your desktop.
  • Right-click RKill.exe and click Run as administrator.
  • The program will start the scan. Once it's done, RKill.txt will be created on your Desktop and opened in Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Note: If the program fails to work, try either this version or this one.

 
Step #2
TDSSKiller

Delete the old TDSSKiller.exe before proceeding.

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Right click TDSSKiller.exe and select Run as Administrator to run the application. Accept the license agreements, then click on Change parameters.
    0Hfdwva.png
  • Check all boxes then click OK.
    Note: You will be prompted to reboot. Please do so.
  • Click the Start Scan button. This scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure that Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 
Things that should appear in your next post:
  • RKill.txt log content
  • TDSSKiller log content

  • 0

Advertisements


#11
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

hi

all 3 versions of rkill wont open.

same thing as the tdss before


  • 0

#12
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Could you please tell me if you're actually able to run any other .exe file?


  • 0

#13
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

the farbar one still can be opened


  • 0

#14
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Alright, another thing to try.

You might want to do a photo of these instructions or write them down as your browser will be closed.
  • Remove the old TDSSKiller.exe if you still have it
  • Download OTH.scr and TDSSKiller.exe to your Desktop
  • Launch OTH and click Kill All Processes. Once done, select Start Misc Program and look for TDSSKiller.exe. Try to do a scan with the instructions below.
  • Once you've run TDSSKiller, accept the license agreements, then click on Change parameters.
    0Hfdwva.png
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System and click OK.
  • Click the Start Scan button. This scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure that Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Note: If nothing was found to be cured by TDSSKiller, click Reboot in OTH and then post the TDSSKiller log.
  • 0

#15
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

hi

bad news again

followed instructions, all went good till i tried to open tdss

tdss still wont open

 

click yes to open and nothing happens


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP