Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ive got a virus,,Can't Run Any Antivirus [Closed]

cant run malwarebytes or anti

  • This topic is locked This topic is locked

#16
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, martin999.

Let's try SafeMode.

Step #1
SafeMode Boot
  • Restart your computer. After the screen goes black, repeatedly press the F8 key. Advanced Boot Options window should show up.
    win-7-advanced-boot-options.jpg
  • Using the arrow keys on your keyboard, highlight the option labeled Safe Mode with Networking. Once it is highlighted, press the Enter key on your keyboard.
 
Step #2
Using TDSSKiller in SafeMode
  • Right click TDSSKiller.exe and select Run as Administrator to run the application. Accept the license agreements, then click on Change parameters.
    0Hfdwva.png
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System and click OK.
  • Click the Start Scan button. This scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure that Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

Advertisements


#17
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

hey nevan

i turned on laptop today and it wouldnt start properly.

tried a few times then it gave me an option to do a system restore, which i did.

in doing so i may/most likely have undone some off the previous steps.

would the best thing to do now, be to start over?

 

this is a nasty virus, laptop just seems to be getting worse.


  • 0

#18
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
In this case I think we'll need new FRST logs.
  • Download Farbar Recovery Scan Tool and save it to your Desktop.
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content

  • 0

#19
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

hi

scan results

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by martin (administrator) on MARTIN-HP on 15-03-2015 09:25:58
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available profiles: martin)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIEE.EXE
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-26] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-08] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {0cd8b324-371a-11e3-a68f-60eb69516051} - F:\Startme.exe
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {28ba5079-7b29-11e1-888f-60eb69516051} - F:\LaunchU3.exe -a
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {4deadbd6-0d8a-11e0-84c2-60eb69516051} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\PROGRA~3\64FDB2~1\enehjzcl.cpp (No File)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\7943F95D.cpp (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
SearchScopes: HKLM -> DefaultScope {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8B294682-24E4-4C94-8DE3-45B61E1FA485} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM -> {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {E4B0F441-2653-4E50-8BA8-1E50D53AB9F3} URL = http://au.search.yah...psg&type=CPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {8B294682-24E4-4C94-8DE3-45B61E1FA485} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 -> {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {E4B0F441-2653-4E50-8BA8-1E50D53AB9F3} URL = http://au.search.yah...psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> DefaultScope {989D007B-ABFA-485E-BB07-F864A1638BDD} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {8B294682-24E4-4C94-8DE3-45B61E1FA485} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-11-08 11:56:02&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {989D007B-ABFA-485E-BB07-F864A1638BDD} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {998A235D-8B39-4B89-8DEC-2A80B9B53605} URL = http://search.condui...&ctid=CT2504091
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {C2C91241-D58F-4439-994A-2246570C5C4C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {E4B0F441-2653-4E50-8BA8-1E50D53AB9F3} URL = http://au.search.yah...psg&type=CPNTDF
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-19] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-15] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-19] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll [2014-11-08] (AVG)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.co...gamesplayer.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll [2014-11-08] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07D33E3F-B93C-46D6-BC93-52A509710B0B}: [NameServer] 203.21.112.40 202.124.65.18

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll [2012-01-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-18]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-30]
CHR Extension: (Google Drive) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]
CHR Extension: (Google Search) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]
CHR Extension: (Google Wallet) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-01-30]
CHR Extension: (Gmail) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-23] (Hewlett-Packard Company) [File not signed]
S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-30] ()
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-20] (Hewlett-Packard Company) [File not signed]
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-04-20] (Realtek Semiconductor Corp.) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-08] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-08] (AVG Technologies)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235520 2010-06-10] (ZTE Incorporated)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 09:21 - 2015-03-15 09:21 - 02095616 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe
2015-03-15 08:56 - 2015-03-15 08:56 - 00000056 _____ () C:\Windows\setupact.log
2015-03-15 08:56 - 2015-03-15 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 16:53 - 2015-03-13 14:27 - 01133868 _____ () C:\Windows\system32\CFG3222717847
2015-03-07 19:31 - 2015-03-07 19:32 - 00033405 _____ () C:\Users\martin\Desktop\Addition.txt
2015-03-07 19:30 - 2015-03-15 09:26 - 00020769 _____ () C:\Users\martin\Desktop\FRST.txt
2015-03-07 19:26 - 2015-03-15 09:26 - 00000000 ____D () C:\FRST
2015-03-07 17:00 - 2015-03-13 11:42 - 00000000 ____D () C:\VIPRERESCUE
2015-03-07 11:20 - 2015-03-07 11:20 - 00004760 _____ () C:\Users\martin\Desktop\Statement_of_Account_20150306.html
2015-03-06 18:30 - 2015-03-06 18:30 - 00004002 _____ () C:\Windows\System32\Tasks\RegCure Pro_sch_994948B8-C3D2-11E4-839F-60EB69516051
2015-03-06 10:22 - 2015-03-06 10:23 - 00000000 ____D () C:\Users\martin\AppData\Roaming\QuickScan
2015-03-06 10:18 - 2015-03-06 10:18 - 00237870 _____ () C:\Users\martin\AppData\Local\census.cache
2015-03-06 10:18 - 2015-03-06 10:18 - 00118612 _____ () C:\Users\martin\AppData\Local\ars.cache
2015-03-06 09:53 - 2015-03-06 09:53 - 00000036 _____ () C:\Users\martin\AppData\Local\housecall.guid.cache
2015-03-06 09:41 - 2015-03-06 09:41 - 00000143 _____ () C:\Users\martin\Desktop\fault.txt
2015-03-05 22:52 - 2015-03-06 09:12 - 00000000 ____D () C:\8317c0f12b01bd55efee8d88
2015-03-05 20:47 - 2015-03-05 20:47 - 00003544 ____N () C:\bootsqm.dat
2015-03-05 15:21 - 2015-03-05 15:21 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2015-03-05 15:21 - 2015-03-05 15:21 - 00000000 ____D () C:\inetpub
2015-02-24 18:12 - 2015-02-24 18:12 - 00004515 _____ () C:\Users\martin\Desktop\Statement_of_Account phone.html
2015-02-14 19:01 - 2015-02-14 19:01 - 00000000 ____D () C:\Users\martin\Nightcrawler (2014)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 03:00 - 2010-12-22 17:13 - 00000000 ____D () C:\ProgramData\Recovery
2015-03-15 09:12 - 2013-07-06 12:52 - 01793303 _____ () C:\Windows\WindowsUpdate.log
2015-03-15 09:05 - 2009-07-14 15:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 09:05 - 2009-07-14 15:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 09:01 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-15 09:00 - 2014-03-03 17:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 08:56 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-13 11:43 - 2015-01-18 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-03-13 11:43 - 2015-01-18 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-03-13 11:43 - 2015-01-18 18:59 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-03-13 11:43 - 2015-01-18 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-13 11:43 - 2014-12-07 22:03 - 00000000 ____D () C:\Users\martin\A.Most.Wanted.Man.2014.BRRip.x264.Ac3.CrEwSaDe
2015-03-13 11:43 - 2014-05-25 16:33 - 00000000 ____D () C:\Users\martin\Oculus [2013] HDRip XViD juggs[ETRG]
2015-03-13 11:43 - 2014-05-25 12:58 - 00000000 ____D () C:\Users\martin\Family.Guy.S12E01-21.720p.WEB-DL.x264.AAC
2015-03-13 11:43 - 2014-05-25 11:38 - 00000000 ____D () C:\Users\martin\Buffalo 66 1998 BDRip AAC x264
2015-03-13 11:43 - 2014-03-09 14:36 - 00000000 ____D () C:\Users\martin\12.Years.a.Slave.2013.DVDScr.XVID.AC3.HQ.Hive-CM8
2015-03-13 11:43 - 2013-12-01 02:44 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Paul.Chowdhry.Whats.Happening.White.People.2012.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2013-07-08 20:42 - 00000000 ____D () C:\Users\martin\Lucinda_Williams-Car_Wheels_On_A_Gravel_Road-2CD-(Deluxe_Edition)-2006
2015-03-13 11:43 - 2013-06-13 21:25 - 00000000 ____D () C:\Users\martin\Shutter Island[2010]DvDrip[Eng]-FXG
2015-03-13 11:43 - 2013-05-27 21:12 - 00000000 ____D () C:\Users\martin\Dirty.Pretty.Things.2002.DVDRip.H264.AAC.Gopo
2015-03-13 11:43 - 2013-05-25 19:52 - 00000000 ____D () C:\Users\martin\The.Guard.LIMITED.DVDRip.XviD-DoNE
2015-03-13 11:43 - 2013-05-25 12:43 - 00000000 ____D () C:\Users\martin\A Common Man {2013} DVDRIP. Jaybob
2015-03-13 11:43 - 2013-05-25 12:10 - 00000000 ____D () C:\Users\martin\Side Effects (2013)
2015-03-13 11:43 - 2013-05-03 18:46 - 00000000 ____D () C:\Users\martin\Jack Reacher {2012} DVDRIP. Jaybob
2015-03-13 11:43 - 2013-04-28 13:28 - 00000000 ____D () C:\Users\martin\Welcome ToThe Punch {2013} DVDRIP. Jaybob
2015-03-13 11:43 - 2012-09-02 09:02 - 00000000 ____D () C:\Program Files (x86)\Ad-Aware Antivirus
2015-03-13 11:43 - 2012-06-17 04:12 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Andy.Parsons.Gruntled.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2012-06-17 04:08 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Jason.Manford.Live.2011.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2012-06-16 21:43 - 00000000 ____D () C:\Users\martin\Sean.Lock.Live.Lockipedia.BDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
2015-03-13 11:43 - 2012-06-11 16:20 - 00000000 ____D () C:\Users\martin\Frankie.Boyle.If.I.Could.Reach.Out.Through.Your.TV.And.Strangle.You.I.Would.DVDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
2015-03-13 11:43 - 2012-06-11 00:17 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Mick.Flanagan.Live.-.The.Out.Out.Tour.2011.DVDRIP.X264.AAC.Extras.Included.CrEwSaDe
2015-03-13 11:43 - 2012-06-10 23:43 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Jimmy.Carr.Being.Funny.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2012-06-10 20:19 - 00000000 ____D () C:\Users\martin\Reginald.D.Hunter.Live.2011.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2012-05-13 15:56 - 00000000 ____D () C:\Users\martin\Mission Impossible Ghost Protocol  {2011} DVDRIP. Jaybob
2015-03-13 11:43 - 2011-07-13 20:11 - 00000000 ____D () C:\Users\martin\AppData\Roaming\vlc
2015-03-13 11:43 - 2010-12-21 22:42 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-13 11:43 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-13 11:42 - 2011-11-11 08:33 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-13 11:42 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\registration
2015-03-13 11:41 - 2011-01-16 20:54 - 00000000 ____D () C:\Users\martin\AppData\Roaming\SoftGrid Client
2015-03-13 11:41 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-13 11:39 - 2011-11-12 09:59 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-03-12 21:42 - 2013-08-01 22:19 - 00003074 _____ () C:\Users\martin\Desktop\101-lucinda_williams-right_in_time - Shortcut.lnk
2015-03-12 16:55 - 2009-07-14 16:13 - 00714754 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 16:50 - 2010-12-21 21:18 - 00000000 ____D () C:\Users\martin
2015-03-11 16:29 - 2010-12-28 03:09 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 11:39 - 2011-03-02 16:09 - 00120832 ___SH () C:\Users\martin\Thumbs.db
2015-03-06 09:12 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-03-06 09:12 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-03-05 22:52 - 2014-05-25 10:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-28 07:20 - 2012-03-06 00:06 - 00000000 ____D () C:\Users\martin\AppData\Local\Spotify
2015-02-14 22:23 - 2014-10-15 17:47 - 00000000 ____D () C:\Users\martin\Peaky Blinders - Season 01 720p MrLss
2015-02-14 22:05 - 2014-10-30 17:42 - 00000000 ____D () C:\Users\martin\AppData\Local\Avg2015
2015-02-14 21:46 - 2013-10-03 19:52 - 00000000 ____D () C:\Users\martin\Family Guy - Season 7

==================== Files in the root of some directories =======

2015-03-06 11:06 - 2015-03-06 18:30 - 0000053 _____ () C:\Users\martin\AppData\Roaming\LogFile.txt
2013-05-12 13:22 - 2013-05-12 13:22 - 0154539 _____ () C:\Users\martin\AppData\Local\ad776922-f4fe-4dd2-beff-7bdd53b91d13
2015-03-06 10:18 - 2015-03-06 10:18 - 0118612 _____ () C:\Users\martin\AppData\Local\ars.cache
2015-03-06 10:18 - 2015-03-06 10:18 - 0237870 _____ () C:\Users\martin\AppData\Local\census.cache
2011-11-11 01:29 - 2011-11-11 01:29 - 0003584 _____ () C:\Users\martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-02 23:16 - 2012-05-04 15:14 - 0002679 _____ () C:\Users\martin\AppData\Local\ftoqtffh.log
2012-05-02 23:16 - 2012-05-04 15:14 - 0141317 _____ () C:\Users\martin\AppData\Local\hmfkgejn.log
2015-03-06 09:53 - 2015-03-06 09:53 - 0000036 _____ () C:\Users\martin\AppData\Local\housecall.guid.cache
2012-05-02 23:16 - 2012-05-02 23:16 - 0003315 _____ () C:\Users\martin\AppData\Local\lbxainjl.log
2012-05-02 23:15 - 2012-05-02 23:15 - 0000000 _____ () C:\Users\martin\AppData\Local\oeqlomdq.log
2012-05-03 22:30 - 2012-05-05 10:48 - 0000000 _____ () C:\Users\martin\AppData\Local\qsailmuj.log
2011-12-10 17:46 - 2013-06-22 18:08 - 0007613 _____ () C:\Users\martin\AppData\Local\Resmon.ResmonCfg
2012-05-02 23:14 - 2012-05-05 10:47 - 0000024 _____ () C:\Users\martin\AppData\Local\sbnmapwt.log
2012-05-02 23:14 - 2012-05-02 23:15 - 0953024 _____ () C:\Users\martin\AppData\Local\truavmeq.log
2012-05-02 23:15 - 2012-05-02 23:15 - 0000000 _____ () C:\Users\martin\AppData\Local\ujcvmppf.log
2012-05-02 23:15 - 2012-05-05 10:39 - 0079036 _____ () C:\Users\martin\AppData\Local\urkpttek.log
2012-05-02 23:15 - 2012-05-02 23:15 - 0004048 _____ () C:\Users\martin\AppData\Local\xkihcino.log
2012-02-08 02:33 - 2012-02-08 02:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-08-17 19:36 - 2010-08-17 19:36 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-15 10:58 - 2010-07-15 10:59 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-08-17 19:36 - 2010-08-17 19:36 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-15 10:51 - 2010-07-15 10:53 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-17 19:35 - 2010-08-17 19:35 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-08-17 19:36 - 2010-08-17 19:36 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-15 10:51 - 2010-07-15 10:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-15 10:53 - 2010-07-15 10:58 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-08-17 19:36 - 2010-08-17 19:37 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-24 20:23

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by martin at 2015-03-15 09:27:12
Running from C:\Users\martin\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CPU Speed Pro version 3 (HKLM-x32\...\{E0E0C30A-89AF-11E0-951E-11904824019B}_is1) (Version: 3 - CPU Speed Pro)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
DivX H.264 decoder 8.2.0.26 (HKLM-x32\...\divxh264_is1) (Version: 8.2.0.26 - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.3 - DivX, LLC)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-200 Series Printer Uninstall (HKLM\...\EPSON XP-200 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
e-tax 2011 (HKLM-x32\...\{C078C299-C2C2-4110-A6EF-8D5E66C228DA}) (Version: 11.1.704 - ATO)
e-tax 2012 (HKLM-x32\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10111.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Network Guide EPSON XP-200 Series (HKLM-x32\...\EPSON XP-200 Series Netg) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Puzzle Pirates (HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\Puzzle Pirates) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SoftStylus (HKLM-x32\...\{AC20F304-F02A-473E-BDE7-2400FC7429ED}) (Version: 2.2.131.4 - Motorola)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.3.201402131509 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Spotify (HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
User's Guide EPSON XP-200 Series (HKLM-x32\...\EPSON XP-200 Series Useg) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vidshow (HKLM-x32\...\Vidshow_is1) (Version:  - )
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yontoo Layers Runtime 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo LLC) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-421915183-1335184199-442078303-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\FntCache.dll No File

==================== Restore Points  =========================

03-02-2015 03:37:16 Scheduled Checkpoint
11-02-2015 22:18:29 Scheduled Checkpoint
05-03-2015 15:21:00 Windows Modules Installer
05-03-2015 22:51:59 Windows Update
08-03-2015 07:56:21 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26FA9754-C079-4A44-9CC3-CD1534E0279B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {45CACCF7-2B45-4459-B90B-D7CCCD7F2435} - System32\Tasks\{2B533682-3F35-1BFF-FF2D-D669FE5FEE42} => C:\Users\martin\AppData\Roaming\ad-aware antivirus\logs\20120901t220004.750162pid3520\celcqjx.exe
Task: {6A0357C6-5F79-4B8B-BB9D-F04141C7E122} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {6DAE5DDD-F2E3-4FBF-9083-FD3205097409} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-01] (Adobe Systems Incorporated)
Task: {83A334B2-B8E9-4FDF-954E-402F4F29338E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)
Task: {843B0A98-ED5B-424A-9642-E11639ABEB67} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {86CBD11A-6AE7-451E-810A-744266CA318D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)
Task: {8B061DE4-FECB-41A2-AA4F-B4AB2178A296} - System32\Tasks\{DC893428-AEC6-4311-B34B-A5A2EB6C7B0D} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {942E9391-0F7A-4340-9D11-A6E65F16634C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {9C5AB8B6-BB89-45CC-ACD1-588CE22174C8} - System32\Tasks\C__Users_martin_AppData_Local_Temp_pkg_602f37d0_musicoasis.exe => C:\Users\martin\AppData\Local\Temp\pkg_602f37d0\musicoasis.exe <==== ATTENTION
Task: {AB4F873E-A842-4F0D-B91D-5C5C459BF686} - System32\Tasks\{3F64406E-A24B-48CC-A6A7-F4F9FA0F0AC7} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.)
Task: {C7DA0FD0-FE12-4814-9083-C52C9EF7FEDE} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {F86CE952-0E41-470E-9CF3-413F4C1676EA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-23] (Piriform Ltd)
Task: {FAB52B1D-ABB7-4A1E-9AD1-CB62B80E9AB8} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-18] ()
Task: {FF4741AD-3826-40CA-8492-AEF26AD750A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-23] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-08 11:55 - 2014-11-08 11:55 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
2014-11-08 11:55 - 2014-11-08 11:55 - 03060248 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-11-08 11:55 - 2014-11-08 11:55 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
2014-11-08 11:55 - 2014-11-08 11:55 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2014-08-17 09:47 - 2014-08-07 14:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-17 09:47 - 2014-08-07 14:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-17 09:47 - 2014-08-07 14:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-17 09:47 - 2014-08-07 14:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-17 09:47 - 2014-08-07 14:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\Users\martin\Desktop\forwarded message.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-421915183-1335184199-442078303-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HP Wireless Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\startupfolder: C:^Users^martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^autostart.lnk => C:\Windows\pss\autostart.lnk.Startup
MSCONFIG\startupfolder: C:^Users^martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hzjssfj.lnk => C:\Windows\pss\hzjssfj.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\martin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-421915183-1335184199-442078303-500 - Administrator - Disabled)
Guest (S-1-5-21-421915183-1335184199-442078303-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-421915183-1335184199-442078303-1002 - Limited - Enabled)
martin (S-1-5-21-421915183-1335184199-442078303-1000 - Administrator - Enabled) => C:\Users\martin

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2015 08:57:23 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Scheduled Checkpoint).

Error: (03/15/2015 08:56:50 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/15/2015 08:56:50 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/15/2015 08:56:50 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/15/2015 08:56:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

System errors:
=============
Error: (03/15/2015 08:56:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/15/2015 08:56:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (03/15/2015 08:56:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (03/15/2015 08:56:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%1053

Error: (03/15/2015 08:56:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.

Error: (03/15/2015 08:56:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%1053

Error: (03/15/2015 08:56:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.

Error: (03/12/2015 06:24:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (03/12/2015 06:24:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%1053

Error: (03/12/2015 06:24:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.

Microsoft Office Sessions:
=========================
Error: (03/15/2015 08:57:23 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Scheduled Checkpoint

Error: (03/15/2015 08:56:50 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/15/2015 08:56:50 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/15/2015 08:56:50 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/15/2015 08:56:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (03/15/2015 08:56:49 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

==================== Memory info ===========================

Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz
Percentage of memory in use: 70%
Total physical RAM: 1978.92 MB
Available physical RAM: 592.38 MB
Total Pagefile: 3957.84 MB
Available Pagefile: 2131.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:282.5 GB) (Free:66.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (My Passport) (Fixed) (Total:698.6 GB) (Free:436.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1B0FDEFE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=282.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 0002288C)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#20
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, martin999.

Alright, let's start again.

Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   5.17KB   127 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
SafeMode Boot
  • Restart your computer. After the screen goes black, repeatedly press the F8 key. Advanced Boot Options window should show up.
    win-7-advanced-boot-options.jpg
  • Using the arrow keys on your keyboard, highlight the option labeled Safe Mode with Networking. Once it is highlighted, press the Enter key on your keyboard.
 
Step #3
Using TDSSKiller in SafeMode
  • Right click TDSSKiller.exe and select Run as Administrator to run the application. Accept the license agreements, then click on Change parameters.
    0Hfdwva.png
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System and click OK.
  • Click the Start Scan button. This scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure that Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • TDSSKiller log content

  • 0

#21
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

hey nevan

first part went ok, got the log

second part not so.

i downloaded tdss in safe mode and tried to run it safe, it wouldnt open.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by martin at 2015-03-16 17:20:11 Run:2
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available profiles: martin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {0cd8b324-371a-11e3-a68f-60eb69516051} - F:\Startme.exe
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {28ba5079-7b29-11e1-888f-60eb69516051} - F:\LaunchU3.exe -a
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...\MountPoints2: {4deadbd6-0d8a-11e0-84c2-60eb69516051} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-421915183-1335184199-442078303-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\PROGRA~3\64FDB2~1\enehjzcl.cpp (No File)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\7943F95D.cpp (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-421915183-1335184199-442078303-1000 -> {998A235D-8B39-4B89-8DEC-2A80B9B53605} URL = http://search.condui...&ctid=CT2504091
2015-03-13 11:43 - 2014-12-07 22:03 - 00000000 ____D () C:\Users\martin\A.Most.Wanted.Man.2014.BRRip.x264.Ac3.CrEwSaDe
2015-03-13 11:43 - 2014-05-25 16:33 - 00000000 ____D () C:\Users\martin\Oculus [2013] HDRip XViD juggs[ETRG]
2015-03-13 11:43 - 2014-05-25 12:58 - 00000000 ____D () C:\Users\martin\Family.Guy.S12E01-21.720p.WEB-DL.x264.AAC
2015-03-13 11:43 - 2014-05-25 11:38 - 00000000 ____D () C:\Users\martin\Buffalo 66 1998 BDRip AAC x264
2015-03-13 11:43 - 2014-03-09 14:36 - 00000000 ____D () C:\Users\martin\12.Years.a.Slave.2013.DVDScr.XVID.AC3.HQ.Hive-CM8
2015-03-13 11:43 - 2013-12-01 02:44 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Paul.Chowdhry.Whats.Happening.White.People.2012.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2013-07-08 20:42 - 00000000 ____D () C:\Users\martin\Lucinda_Williams-Car_Wheels_On_A_Gravel_Road-2CD-(Deluxe_Edition)-2006
2015-03-13 11:43 - 2013-06-13 21:25 - 00000000 ____D () C:\Users\martin\Shutter Island[2010]DvDrip[Eng]-FXG
2015-03-13 11:43 - 2013-05-27 21:12 - 00000000 ____D () C:\Users\martin\Dirty.Pretty.Things.2002.DVDRip.H264.AAC.Gopo
2015-03-13 11:43 - 2013-05-25 19:52 - 00000000 ____D () C:\Users\martin\The.Guard.LIMITED.DVDRip.XviD-DoNE
2015-03-13 11:43 - 2013-05-25 12:43 - 00000000 ____D () C:\Users\martin\A Common Man {2013} DVDRIP. Jaybob
2015-03-13 11:43 - 2013-05-25 12:10 - 00000000 ____D () C:\Users\martin\Side Effects (2013)
2015-03-13 11:43 - 2013-05-03 18:46 - 00000000 ____D () C:\Users\martin\Jack Reacher {2012} DVDRIP. Jaybob
2015-03-13 11:43 - 2013-04-28 13:28 - 00000000 ____D () C:\Users\martin\Welcome ToThe Punch {2013} DVDRIP. Jaybob
2015-03-13 11:43 - 2012-09-02 09:02 - 00000000 ____D () C:\Program Files (x86)\Ad-Aware Antivirus
2015-03-13 11:43 - 2012-06-17 04:12 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Andy.Parsons.Gruntled.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2012-06-17 04:08 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Jason.Manford.Live.2011.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2012-06-16 21:43 - 00000000 ____D () C:\Users\martin\Sean.Lock.Live.Lockipedia.BDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
2015-03-13 11:43 - 2012-06-11 16:20 - 00000000 ____D () C:\Users\martin\Frankie.Boyle.If.I.Could.Reach.Out.Through.Your.TV.And.Strangle.You.I.Would.DVDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]
2015-03-13 11:43 - 2012-06-11 00:17 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Mick.Flanagan.Live.-.The.Out.Out.Tour.2011.DVDRIP.X264.AAC.Extras.Included.CrEwSaDe
2015-03-13 11:43 - 2012-06-10 23:43 - 00000000 ____D () C:\Users\martin\[ www.Torrenting.com ] - Jimmy.Carr.Being.Funny.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2012-06-10 20:19 - 00000000 ____D () C:\Users\martin\Reginald.D.Hunter.Live.2011.DVDRip.XviD-HAGGiS
2015-03-13 11:43 - 2012-05-13 15:56 - 00000000 ____D () C:\Users\martin\Mission Impossible Ghost Protocol  {2011} DVDRIP. Jaybob
Task: {45CACCF7-2B45-4459-B90B-D7CCCD7F2435} - System32\Tasks\{2B533682-3F35-1BFF-FF2D-D669FE5FEE42} => C:\Users\martin\AppData\Roaming\ad-aware antivirus\logs\20120901t220004.750162pid3520\celcqjx.exe
C:\Users\martin\AppData\Roaming\ad-aware antivirus
Task: {6A0357C6-5F79-4B8B-BB9D-F04141C7E122} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
C:\PROGRA~2\AD-AWA~1
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 => value deleted successfully.
"HKU\S-1-5-21-421915183-1335184199-442078303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cd8b324-371a-11e3-a68f-60eb69516051}" => Key deleted successfully.
HKCR\CLSID\{0cd8b324-371a-11e3-a68f-60eb69516051} => Key not found.
"HKU\S-1-5-21-421915183-1335184199-442078303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28ba5079-7b29-11e1-888f-60eb69516051}" => Key deleted successfully.
HKCR\CLSID\{28ba5079-7b29-11e1-888f-60eb69516051} => Key not found.
"HKU\S-1-5-21-421915183-1335184199-442078303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4deadbd6-0d8a-11e0-84c2-60eb69516051}" => Key deleted successfully.
HKCR\CLSID\{4deadbd6-0d8a-11e0-84c2-60eb69516051} => Key not found.
HKU\S-1-5-21-421915183-1335184199-442078303-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
"HKU\S-1-5-21-421915183-1335184199-442078303-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk => Moved successfully.
C:\PROGRA~3\64FDB2~1\enehjzcl.cpp not found.
C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\PROGRA~3\7943F95D.cpp not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-421915183-1335184199-442078303-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{998A235D-8B39-4B89-8DEC-2A80B9B53605}" => Key deleted successfully.
HKCR\CLSID\{998A235D-8B39-4B89-8DEC-2A80B9B53605} => Key not found.
C:\Users\martin\A.Most.Wanted.Man.2014.BRRip.x264.Ac3.CrEwSaDe => Moved successfully.
C:\Users\martin\Oculus [2013] HDRip XViD juggs[ETRG] => Moved successfully.
C:\Users\martin\Family.Guy.S12E01-21.720p.WEB-DL.x264.AAC => Moved successfully.
C:\Users\martin\Buffalo 66 1998 BDRip AAC x264 => Moved successfully.
C:\Users\martin\12.Years.a.Slave.2013.DVDScr.XVID.AC3.HQ.Hive-CM8 => Moved successfully.
C:\Users\martin\[ www.Torrenting.com ] - Paul.Chowdhry.Whats.Happening.White.People.2012.DVDRip.XviD-HAGGiS => Moved successfully.
C:\Users\martin\Lucinda_Williams-Car_Wheels_On_A_Gravel_Road-2CD-(Deluxe_Edition)-2006 => Moved successfully.
C:\Users\martin\Shutter Island[2010]DvDrip[Eng]-FXG => Moved successfully.
C:\Users\martin\Dirty.Pretty.Things.2002.DVDRip.H264.AAC.Gopo => Moved successfully.
C:\Users\martin\The.Guard.LIMITED.DVDRip.XviD-DoNE => Moved successfully.
C:\Users\martin\A Common Man {2013} DVDRIP. Jaybob => Moved successfully.
C:\Users\martin\Side Effects (2013) => Moved successfully.
C:\Users\martin\Jack Reacher {2012} DVDRIP. Jaybob => Moved successfully.
C:\Users\martin\Welcome ToThe Punch {2013} DVDRIP. Jaybob => Moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus => Moved successfully.
C:\Users\martin\[ www.Torrenting.com ] - Andy.Parsons.Gruntled.DVDRip.XviD-HAGGiS => Moved successfully.
C:\Users\martin\[ www.Torrenting.com ] - Jason.Manford.Live.2011.DVDRip.XviD-HAGGiS => Moved successfully.
C:\Users\martin\Sean.Lock.Live.Lockipedia.BDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ] => Moved successfully.

"C:\Users\martin\Frankie.Boyle.If.I.Could.Reach.Out.Through.Your.TV.And.Strangle.You.I.Would.DVDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]" directory move:

Could not move "C:\Users\martin\Frankie.Boyle.If.I.Could.Reach.Out.Through.Your.TV.And.Strangle.You.I.Would.DVDRip.XviD-HAGGiS [NO-RAR] - [ www.torrentday.com ]" directory. => Scheduled to move on reboot.

"C:\Users\martin\[ www.Torrenting.com ] - Mick.Flanagan.Live.-.The.Out.Out.Tour.2011.DVDRIP.X264.AAC.Extras.Included.CrEwSaDe" directory move:

Could not move "C:\Users\martin\[ www.Torrenting.com ] - Mick.Flanagan.Live.-.The.Out.Out.Tour.2011.DVDRIP.X264.AAC.Extras.Included.CrEwSaDe" directory. => Scheduled to move on reboot.

C:\Users\martin\[ www.Torrenting.com ] - Jimmy.Carr.Being.Funny.DVDRip.XviD-HAGGiS => Moved successfully.
C:\Users\martin\Reginald.D.Hunter.Live.2011.DVDRip.XviD-HAGGiS => Moved successfully.
C:\Users\martin\Mission Impossible Ghost Protocol  {2011} DVDRIP. Jaybob => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45CACCF7-2B45-4459-B90B-D7CCCD7F2435}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45CACCF7-2B45-4459-B90B-D7CCCD7F2435}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2B533682-3F35-1BFF-FF2D-D669FE5FEE42} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B533682-3F35-1BFF-FF2D-D669FE5FEE42}" => Key deleted successfully.
C:\Users\martin\AppData\Roaming\ad-aware antivirus => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A0357C6-5F79-4B8B-BB9D-F04141C7E122}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0357C6-5F79-4B8B-BB9D-F04141C7E122}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => Key deleted successfully.
"C:\PROGRA~2\AD-AWA~1" => File/Directory not found.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

EmptyTemp: => Removed 131.4 MB temporary data.


  • 0

#22
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Do you have an access to an USB Flash Drive? We'd need it to use Recovery Environment.

 

It's one of these:

bootable-usb-flash-drive.jpg


  • 0

#23
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

yeah i got one.

but i only have this laptop, i dont have a second computer to download stuff.


  • 0

#24
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, martin999.

Let's try the Recovery Environment.

Using FRST in Recovery Environment

Download Farbar Recovery Scan Tool and save it to your flash drive.

WindowsKey.png Enter the System Recovery Options

Enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
Select Command Prompt.

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in notepad.exe and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
Note down the letter and close the notepad.

FRST.gif Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give it a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
When finished it will produce a logfile named FRST.txt in the root of your flash stick and display it. Close that logfile.

Please include the content of that logfile in your next reply.
  • 0

#25
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

scan results attached

 

 

 

Attached File  FRST.txt   12.29KB   144 downloads


  • 0

Advertisements


#26
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,719 posts
Hi. :)

I will be assisting you from this time forward...

After reviewing all logs again it appears one or more of the identified infections is the extremely severe Zero Access Rootkit plus undoubtedly other comprising malware!

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine(anything I try may not be successful) but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0

#27
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

hi dakeyras

i'll go buy a new computer over the weekend

would it be safe to take stuff like my resume/cv a word document. pictures. of this computer

i wont transfer any music or video files.

and is there much point trying to save this computer or should it just be binned.

out of curiousity, how long would u think this computer would have been infected?

was it a milder virus to start, which gradually got worse or what?

 

thanks

 

.


  • 0

#28
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,719 posts
Hi. :)

i'll go buy a new computer over the weekend

No need to do that, your machine appears to have a Recovery Partition so you could invoke that. Which is de-facto a reformat and reinstallation of the Windows Operating System and afterwards when booted up it will be like just after purchased and powered up etc

If unsure how to invoke the aforementioned Recovery Partition, merely let myself know the exact make and modal of your machine and I will provide the appropriate instructions.

would it be safe to take stuff like my resume/cv a word document. pictures. of this computer

Aye they should be fine and no evidence compromised etc.

and is there much point trying to save this computer or should it just be binned.
out of curiousity, how long would u think this computer would have been infected?
was it a milder virus to start, which gradually got worse or what?

As mentioned invoking the Recovery Partition would be the most viable course of action taking into consideration the malware involved and the fact the operating system seems to have so many problems. Though as I mentioned prior:-

I can attempt to clean this machine(anything I try may not be successful) but I can't guarantee that it will be at all secure afterwards.

So that is your choice to make.

As for how long your machine was infected, I have no way of knowing exactly at this time but indication from around the beginning of this month is probable.

thanks

You're most welcome, do let myself know what you have decided to do in your next post.
  • 0

#29
martin999

martin999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

hey dakeyras

thanks for ur advice/expertise, I did a reinstall

all seems to be pretty good.

worst virus I've come across

 

not sure if nevan will see this, but a big thank you to him also.

 

great site, will be recommending.

keep up the good work.

I will be donating soon.

thanks again :thumbsup:


  • 0

#30
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,719 posts
Acknowledged and you're most welcome!

Did you invoke the Recovery Partition then ? Plus would you care for some online safety advise ? :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP