Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't repair files possible malware infection [Solved]

Started by m8dman , Jun 05 2016 02:57 PM

  • This topic is locked This topic is locked

#1
m8dman
Posted 05 June 2016 - 02:57 PM

m8dman

    Member

  • Member
  • PipPipPip
  • 150 posts

Phillpower2 told me to start this thread to make sure that malware isn't causing my current system problems.

 

Thread here

 

Long story short I have a few files that SFC can't repair or replace. FRST logs below. Thanks in advance.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Ran by Desktop (administrator) on DESKTOP-PC (05-06-2016 15:38:57)
Running from C:\Users\Desktop\Desktop
Loaded Profiles: Desktop (Available Profiles: Desktop & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(PortableApps.com) E:\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) E:\FirefoxPortable\App\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [YMailAdvisor] => C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-4294630807-675267869-4210432101-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-07-29]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BE79449A-D39B-441C-A5F8-8AE7E6B6EEE3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4294630807-675267869-4210432101-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4294630807-675267869-4210432101-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4294630807-675267869-4210432101-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-4294630807-675267869-4210432101-1001 -> {11364B91-F6BD-4449-A938-D5BBDA6DB838} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-01-21] (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-01-21] (Yahoo! Inc)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-01-21] (Yahoo! Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\sysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\sysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\wpkattbm.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 idsvc; "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 NTACCESS; \??\D:\NTACCESS_64.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-05 15:37 - 2016-06-05 15:39 - 00012024 _____ C:\Users\Desktop\Desktop\FRST.txt
2016-06-05 15:36 - 2016-06-05 15:38 - 00000000 ____D C:\FRST
2016-06-05 15:35 - 2016-06-05 15:35 - 02384896 _____ (Farbar) C:\Users\Desktop\Desktop\FRST64.exe
2016-06-04 22:11 - 2016-06-05 15:01 - 00116896 _____ C:\Users\Desktop\Desktop\sfcdetails.txt
2016-06-01 13:03 - 2016-06-01 13:03 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-PC-Windows-7-Home-Premium-(64-bit).dat
2016-06-01 13:03 - 2016-06-01 13:03 - 00000000 ____D C:\RegBackup
2016-06-01 12:42 - 2016-06-01 14:28 - 00000000 ____D C:\Windows\pss
2016-05-27 14:26 - 2016-06-01 14:57 - 00295410 _____ C:\Users\Desktop\Documents\sfcdetails.txt
2016-05-27 12:51 - 2016-05-27 12:54 - 00000000 ____D C:\ProgramData\ASign
2016-05-27 09:52 - 2016-05-27 09:52 - 00000000 ___HD C:\found.009
2016-05-10 14:11 - 2016-04-14 08:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-10 14:11 - 2016-04-14 08:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-10 14:11 - 2016-04-09 02:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-10 14:11 - 2016-04-09 02:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-10 14:11 - 2016-04-09 02:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-10 14:11 - 2016-04-09 02:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-10 14:11 - 2016-04-09 02:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-10 14:11 - 2016-04-09 02:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-10 14:11 - 2016-04-09 02:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-10 14:11 - 2016-04-09 01:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-10 14:11 - 2016-04-09 01:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-10 14:11 - 2016-04-09 01:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-10 14:11 - 2016-04-09 01:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 01:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-10 14:11 - 2016-04-09 00:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-10 14:11 - 2016-04-09 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-10 14:11 - 2016-04-09 00:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-10 14:11 - 2016-04-09 00:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-10 14:11 - 2016-04-09 00:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-10 14:11 - 2016-04-09 00:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-10 14:11 - 2016-04-09 00:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-10 14:11 - 2016-04-09 00:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-10 14:11 - 2016-04-09 00:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-10 14:11 - 2016-04-09 00:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-10 14:11 - 2016-04-09 00:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-10 14:11 - 2016-04-09 00:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-10 14:11 - 2016-04-09 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-10 14:11 - 2016-04-09 00:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-10 14:11 - 2016-04-09 00:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-10 14:11 - 2016-04-09 00:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-10 14:11 - 2016-04-09 00:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-10 14:11 - 2016-04-09 00:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-10 14:11 - 2016-04-09 00:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 00:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 00:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 14:11 - 2016-04-09 00:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-10 14:11 - 2016-04-08 23:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-10 14:11 - 2016-04-08 22:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-10 14:11 - 2016-04-06 10:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-10 14:11 - 2016-03-09 13:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-10 14:11 - 2016-03-09 13:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-05 15:36 - 2012-04-29 08:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-05 15:30 - 2015-09-10 03:39 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\Mozilla
2016-06-05 15:30 - 2009-07-13 23:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-05 15:30 - 2009-07-13 23:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-05 15:26 - 2009-07-14 00:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-05 15:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-06-05 15:22 - 2011-09-19 04:43 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-05 15:22 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-05 15:21 - 2011-09-19 04:43 - 00000000 ____D C:\Users\UpdatusUser
2016-06-05 15:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-06-05 12:39 - 2014-04-08 23:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-05 12:36 - 2014-04-08 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-05 12:36 - 2014-04-08 23:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-05 12:36 - 2012-01-03 07:20 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-03 15:00 - 2011-08-29 02:10 - 00000000 ____D C:\Users\Desktop\AppData\Roaming\uTorrent
2016-06-01 15:44 - 2015-02-12 03:58 - 00000569 _____ C:\Users\Desktop\Documents\pc build.txt
2016-06-01 14:29 - 2011-02-28 19:26 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E3C20163-157F-40F6-A2AD-35959EE3DD42}
2016-06-01 14:28 - 2012-04-29 08:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-01 14:28 - 2011-02-28 17:55 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-06-01 14:28 - 2011-02-26 20:30 - 00109296 _____ C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-01 14:25 - 2009-07-13 23:45 - 00409520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-01 14:20 - 2009-07-13 21:34 - 00000514 _____ C:\Windows\win.ini
2016-06-01 14:17 - 2011-02-28 17:58 - 00772352 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-01 13:36 - 2009-07-13 21:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_31
2016-05-31 17:43 - 2014-09-20 03:52 - 00001564 _____ C:\Users\Desktop\Documents\untitled.txt
2016-05-30 12:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-05-22 09:26 - 2014-09-01 20:04 - 00000000 ____D C:\Users\Desktop\Documents\Punisher comics
2016-05-13 02:37 - 2012-04-29 08:53 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 02:37 - 2011-05-21 02:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 21:59 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 15:11 - 2013-08-14 12:49 - 00000000 ____D C:\Windows\system32\MRT
2016-05-10 15:05 - 2011-02-26 19:30 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-08 13:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2011-04-07 15:32 - 2012-08-08 05:16 - 0029696 ___SH () C:\Users\Desktop\AppData\Roaming\Thumbs.db
2011-04-06 20:23 - 2011-04-06 20:23 - 0022847 _____ () C:\Users\Desktop\AppData\Roaming\UserTile.png

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-30 12:32

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by Desktop (2016-06-05 15:39:17)
Running from C:\Users\Desktop\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-02-26 23:16:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4294630807-675267869-4210432101-500 - Administrator - Disabled)
Desktop (S-1-5-21-4294630807-675267869-4210432101-1001 - Administrator - Enabled) => C:\Users\Desktop
Guest (S-1-5-21-4294630807-675267869-4210432101-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-4294630807-675267869-4210432101-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4294630807-675267869-4210432101-1001\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Combined Community Codec Pack 2015-10-18 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2015.10.19.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Sweeper version 3.1.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.1.0 - Phyxion.net)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MSI Afterburner 2.0.0 Beta 4 (HKLM-x32\...\Afterburner) (Version: 2.0.0 Beta 4 - MSI Co., LTD)
NVIDIA 3D Vision Controller Driver 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{679F739E-5C76-4A41-B562-F9392156B6DD}) (Version: 4.4.21.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
Yahoo! Mail Advisor (HKLM-x32\...\Yahoo! Mail Advisor) (Version:  - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23EE3BD1-7756-4D65-85D2-ACCD9734E35F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {3BA1076A-6868-4C72-A8C4-FCE3F1B74DD3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4294630807-675267869-4210432101-1001

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-11-17 13:35 - 2012-10-02 14:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-28 17:58 - 2010-03-15 12:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2016-06-05 15:30 - 2016-06-05 15:30 - 00011264 _____ () C:\Users\Desktop\AppData\Local\Temp\nsd9EA1.tmp\System.dll
2016-06-05 15:30 - 2016-06-05 15:30 - 00029696 _____ () C:\Users\Desktop\AppData\Local\Temp\nsd9EA1.tmp\registry.dll
2016-06-05 15:30 - 2016-06-05 15:30 - 00008704 _____ () C:\Users\Desktop\AppData\Local\Temp\nsd9EA1.tmp\newadvsplash.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-06-01 14:20 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4294630807-675267869-4210432101-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Desktop\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A242C3AC-6215-4646-A5D3-ECF02101B634}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7DB8B662-285E-4C80-9374-6857337EF022}] => (Allow) LPort=2869
FirewallRules: [{F4E93184-6920-4AE5-A464-51E17FCB546E}] => (Allow) LPort=1900
FirewallRules: [{9993ABA3-4A7E-4070-B633-10C5D8DEB374}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{798CBE9C-1A93-48F3-949A-3CFC9C5894AB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A2F29C00-7E26-499C-B4BD-0CDB359BD0FA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3A146516-AB15-4074-BDFD-BA62EB6CE4EC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{C2B74262-753C-43BD-98B5-72467AF09F96}C:\programdata\bf6312\bmbf6_2185.exe] => (Block) C:\programdata\bf6312\bmbf6_2185.exe
FirewallRules: [UDP Query User{FCF8DB0C-9987-41E2-983D-59CD51A432BB}C:\programdata\bf6312\bmbf6_2185.exe] => (Block) C:\programdata\bf6312\bmbf6_2185.exe
FirewallRules: [{8C7F6A3C-B840-43FE-AA05-9A2F1DD7AAE6}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{77CDC258-5662-4D63-8F3C-4890C202D483}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{312CDA60-EB33-4D3C-881C-434C49532BB1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9AC06F04-4631-4E44-BE76-815AB7204F06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{9DA82A3B-E21B-4BCE-87D5-444A0EA55962}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [UDP Query User{66D9007F-4F5A-426B-93A7-D1ED5F91F75E}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [{90CF7806-887F-4D3B-91A1-13CCE64E5BD2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B44266AA-E58B-4118-94E3-5586B756C983}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{436BEDF6-027D-427F-8537-526BC0CFFB8A}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0E684005-937A-44CA-9822-946FA59EEDF7}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{610C7AF5-8630-4DEA-B922-845BC44658E9}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{7C2FED90-746A-4EBB-99A8-9BD1A91CBF66}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{3B5D6B06-4468-457F-8A29-921013D6F2C5}J:\firefoxportable\app\firefox\firefox.exe] => (Block) J:\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{EAFB9102-A849-4333-81CF-0F191871CD39}J:\firefoxportable\app\firefox\firefox.exe] => (Block) J:\firefoxportable\app\firefox\firefox.exe

==================== Restore Points =========================

14-05-2016 03:30:24 Windows Update
17-05-2016 22:17:09 Windows Update
22-05-2016 01:38:47 Windows Update
26-05-2016 09:41:51 Windows Update
28-05-2016 09:43:34 Restore Operation
28-05-2016 10:05:15 Windows Update
31-05-2016 15:42:16 Windows Update
01-06-2016 12:33:53 before windows repair
01-06-2016 13:04:16 Tweaking.com - Windows Repair
03-06-2016 14:21:20 Installed Windows 7 USB/DVD Download Tool
03-06-2016 15:00:13 after boot
03-06-2016 15:55:01 Removed Windows 7 USB/DVD Download Tool
04-06-2016 19:56:38 Windows Update
05-06-2016 13:41:53 before fix
05-06-2016 15:15:59 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2016 02:26:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/01/2016 02:26:48 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/01/2016 02:18:50 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: NVIDIA|NVWMI|EVENTS|2.0select * from ThermalEventThermalEvent//./root/cimv2/NV/Events

Error: (06/01/2016 02:18:50 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: NVIDIA|NVWMI|EVENTS|2.0select * from CoolerEventCoolerEvent//./root/cimv2/NV/Events

Error: (06/01/2016 02:18:50 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from ThermalEventThermalEvent//./root/cimv2/NV/Events

Error: (06/01/2016 02:18:50 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from CoolerEventCoolerEvent//./root/cimv2/NV/Events

Error: (06/01/2016 01:50:34 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/01/2016 01:50:34 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/01/2016 01:39:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Desktop-PC)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Error: (06/01/2016 01:39:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Desktop-PC)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (06/05/2016 03:24:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/05/2016 03:24:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/05/2016 02:33:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/05/2016 02:33:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/05/2016 12:32:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/05/2016 12:32:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/04/2016 09:30:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/04/2016 07:46:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/04/2016 07:46:10 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/04/2016 05:26:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069


CodeIntegrity:
===================================
  Date: 2013-05-09 12:13:29.614
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-09 12:13:29.489
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-26 20:41:13.007
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\NTGLM7X.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-26 20:41:12.992
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\NTGLM7X.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-26 20:41:11.182
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install\GMSIPCI.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-02-26 20:41:11.167
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install\GMSIPCI.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8125.94 MB
Available physical RAM: 6222.05 MB
Total Virtual: 16250.07 MB
Available Virtual: 14172.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:808.93 GB) NTFS
Drive e: () (Removable) (Total:119.22 GB) (Free:113.5 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 201C83CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 119.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Edited by m8dman, 05 June 2016 - 02:58 PM.

  • 0

Advertisements

#2
Dakeyras
Posted 05 June 2016 - 04:29 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is a Backdoor Trojan.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0

#3
m8dman
Posted 05 June 2016 - 04:44 PM

m8dman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

I'd like to try and remove the Trojan if possible.   Also what parts of the log show I'm infected? 


Edited by m8dman, 05 June 2016 - 05:24 PM.

  • 0

#4
Dakeyras
Posted 05 June 2016 - 05:39 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

I'd like to try and remove the Trojan if possible.

Acknowledged/fair play, lets proceed as follows shall we...
 

Also what parts of the log show I'm infected?

Evidence in the windows firewall settings revealed this.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Java Advice:

There has been a recent severe exploitation of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that it is installed Java related:-

JavaFX 2.1.1
Java 7 Update 67

So you need to uninstall all(if still present via Uninstall a program or Programs and Features located in the Control Panel)...Your choice if you wish to go ahead and reinstall a updated version of the software but as mentioned I advise against it and for the present I do not even have anything Java related installed on my machines.

Please let myself know what you wish to do about this in your next reply please and if you opt to re-install I will provide both the appropriate instructions and safety advice etc.

Peer to Peer Advice:

I see µTorrent is installed. If you have used this recently, you can be fairly confident this is a principal reason your computer became infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

My friendly advice would be to uninstall the aforementioned. To be honest I have lost count of the number of machines I have dealt with over the years that became infected due to the use of P2P software...
However if you opt not to...please refrain from using it for the duration of the malware removal process, thank you.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the desktop.

Attached File  fixlist.txt   646bytes   158 downloads
  • Now right-click on FRST64.exe and select Run as Administrator to start FRST.
After the tool has checked for any updates and The tool is ready to use is denoted:-
  • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
  • Your machine should now automatically reboot itself.
  • Post the contents of the newly created Fixlog in your next reply.
Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.
  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Scan tab >> once the scan is complete click on the Cleaning tab and follow the prompts.
  • Allow the system to reboot. You will then be presented with the report. Copy and Paste this report in your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Next:

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any further symptoms and or problems encountered?
  • Your decision about Java.
  • Custom FRST Script Log.
  • AdwCleaner Log.

  • 0

#5
m8dman
Posted 05 June 2016 - 06:36 PM

m8dman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

Thanks for the help! My computers been running fine except for the cannot repair files thing. Strange that Malwarebytes and MSE didn't pick this up.

 

But I do remember MSE detecting and quarantining a Trojan a year ago or so... MSE was able to clean and delete it so I didn't think anything of it at the time. Could these have been leftovers that MSE didn't get rid of? Anyway here's the logs you requested and I will uninstall java.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by Desktop (2016-06-05 19:11:05) Run:1
Running from C:\Users\Desktop\Desktop
Loaded Profiles: Desktop (Available Profiles: Desktop & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4294630807-675267869-4210432101-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
2016-05-27 12:51 - 2016-05-27 12:54 - 00000000 ____D C:\ProgramData\ASign
C:\Users\Desktop\AppData\Local\Temp\nsd9EA1.tmp
C:\programdata\bf6312
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4294630807-675267869-4210432101-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\ProgramData\ASign => moved successfully
C:\Users\Desktop\AppData\Local\Temp\nsd9EA1.tmp => moved successfully
"C:\programdata\bf6312" => not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {7CD4C1AC-3F71-4244-A2A4-D713759B9E08}.
Unable to cancel {23203A5C-3590-4797-BC28-5A429DE31C3F}.
Unable to cancel {A1C4B738-C361-408F-92AD-6D36E317C668}.
Unable to cancel {8891BB61-E02C-47FA-9571-92E9B5DAEB68}.
Unable to cancel {5292F54D-92A8-40A6-9216-3406FDAC3BF2}.
Unable to cancel {9B77EE5C-4316-4BBA-B4DA-34290C415B3A}.
Unable to cancel {DFD70659-5850-4E76-A465-2CE7E6F958B9}.
Unable to cancel {1C42A9A6-47E2-4347-8BFB-CFB67A6CA7BC}.
Unable to cancel {6654CFB6-4D17-4861-814D-3A896E2C0A7F}.
Unable to cancel {1A0AD98C-32CE-4035-AF71-3728710D869E}.
Unable to cancel {63F63233-FFEE-4F86-AAE0-83B1231215BB}.
0 out of 11 jobs canceled.

========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 176.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:12:00 ====

 

# AdwCleaner v5.119 - Logfile created 05/06/2016 at 19:18:23
# Updated 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Desktop - DESKTOP-PC
# Running from : C:\Users\Desktop\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[#] Folder Deleted : C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Desktop\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Desktop\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Desktop\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [11743 bytes] - [05/06/2016 19:18:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [11352 bytes] - [05/06/2016 19:14:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11891 bytes] ##########
 


Edited by m8dman, 05 June 2016 - 06:37 PM.

  • 0

#6
Dakeyras
Posted 06 June 2016 - 06:38 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thanks for the help! My computers been running fine except for the cannot repair files thing

You're welcome! If the need you can always go back to your original topic so my esteemed colleague phillpower2 can further assist you etc.

But I do remember MSE detecting and quarantining a Trojan a year ago or so... MSE was able to clean and delete it so I didn't think anything of it at the time. Could these have been leftovers that MSE didn't get rid of?

Aye a very distinct possibility and it may still be present in MSE's quarantine folder >> Open/launch MSE >> History etc. If it is make a note of what exactly it is present and post the information in your next reply please.

I will uninstall java.

Fair play.

I have noticed you machine appears to have a GPT (GUID Partition Table) rather than a Windows 7 MBR (Master Boot Record). Not a actual cause for concern and I am more curious as too why than anything ele being honest. However to err on the side of caution we will check this out in due course.

Also your version Internet Explorer is way out of date and thus deemed a security risk but we can address that when I give the all clear.

Malwarebytes Anti-Malware:
  • Launch the application...
  • Once the GUI(graphical user interface) for Malwarebytes Anti-Malware has appeared.
  • Click on Update Now >>, then click on the Settings tab >> Detection and Protection.
  • Under the Detection and Protection, ensure the following are selected:-
Use Advanced Heuristics Engine (Shuriken)
Scan for rootkits
Scan within archives
  • Now click on the Scan tab, ensure Threat Scan is selected >> click on Start Scan.
  • If threats are detected, select Remove Selected or Quarantine >> click on the Apply Actions button >> click on Yes at the prompt to reboot.
  • Upon completion of the scan(or after the reboot), click on the History tab.
  • Click on Application Logs >> double-click on Scan Log.
  • Now click on the Export tab >> Copy to Clipboard, paste the log into your next reply for my review.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with aswMBR:

Please download aswMBR to your desktop.
  • Right-click on aswMBR.exe and select Run as Administrator to launch the application.
  • If a prompt stating: The computer supports "Virtualization Technology" appears >> select Yes
  • When prompted with: The application can use the Avast! Free Antivirus for scanning >> select Yes
  • The Avast! virus definitions database will automatically be downloaded. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once it has downloaded >> ensure the option next to AV scan: >> QuickScan is selected only. It should be by default.
  • Now click on the Scan button to start the scan.
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
  • Click on Exit.
  • Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

  • 0

#7
m8dman
Posted 06 June 2016 - 01:06 PM

m8dman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

MBAM logs were clean. Posting them with the aswMBR log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/6/2016
Scan Time: 12:44 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.06.05
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Desktop

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350294
Time Elapsed: 26 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-06-06 13:12:05
-----------------------------
13:12:05.536    OS Version: Windows x64 6.1.7601 Service Pack 1
13:12:05.536    Number of processors: 4 586 0xF0B
13:12:05.536    ComputerName: DESKTOP-PC  UserName: Desktop
13:12:08.656    Initialize success
13:12:09.904    VM: initialized successfully
13:12:09.904    VM: Intel CPU BiosDisabled
13:17:58.812    AVAST engine defs: 16060600
13:19:07.069    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:19:07.069    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
13:19:10.158    Disk 0 statistics 379/0/0 @ 0.79 MB/s
13:19:10.158    Scan stopped
13:20:55.255    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:20:55.255    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
13:20:55.271    Disk 0 MBR read successfully
13:20:55.271    Disk 0 MBR scan
13:20:55.318    Disk 0 Windows 7 default MBR code
13:20:55.333    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
13:20:55.349    Disk 0 default boot code
13:20:55.380    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       953767 MB offset 206848
13:20:55.489    Disk 0 scanning C:\Windows\system32\drivers
13:21:11.589    Service scanning
13:21:18.172    Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
13:21:22.789    Service NTACCESS D:\NTACCESS_64.sys **LOCKED** 21
13:21:27.454    Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21
13:21:37.594    Modules scanning
13:21:37.594    Disk 0 trace - called modules:
13:21:37.625    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:21:37.625    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d83060]
13:21:37.641    3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007765680]
13:21:39.279    AVAST engine scan C:\Windows
13:21:42.617    AVAST engine scan C:\Windows\system32
13:27:04.914    AVAST engine scan C:\Windows\system32\drivers
13:27:36.254    AVAST engine scan C:\Users\Desktop
13:43:51.739    AVAST engine scan C:\ProgramData
14:01:20.420    Disk 0 statistics 9893766/0/0 @ 4.49 MB/s
14:01:20.436    Scan finished successfully
14:03:30.861    Disk 0 MBR has been saved successfully to "C:\Users\Desktop\Desktop\MBR.dat"
14:03:30.907    The log file has been saved successfully to "C:\Users\Desktop\Desktop\aswMBR.txt"

 


  • 0

#8
Dakeyras
Posted 06 June 2016 - 02:20 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

MBAM logs were clean. Posting them with the aswMBR log.

Looking good, lets now see if we can rectify the SFC issues as follows...

Scan with SFCFix:

Please download SFCFix and save your desktop.
  • Close all open windows before proceeding any further, as otherwise may hinder the tools functionality.
  • Right-click on SFCFix.exe and select Run as Administrator to start the program.
  • Follow the on-screen prompts...
  • Upon completion a log file will have been created on the desktop named SFCFix.txt.
  • Post the contents in your next reply please.

  • 0

#9
m8dman
Posted 06 June 2016 - 05:16 PM

m8dman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

Tried Running SFCFix and got an error saying MSVCP100.DLL was not found.

 

*Woops* looks like I don't have  Microsoft visual c++ 2010 installed. want me to download it?

 

Edited by m8dman, 06 June 2016 - 05:20 PM.

  • 0

#10
Dakeyras
Posted 07 June 2016 - 05:20 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

*Woops* looks like I don't have Microsoft visual c++ 2010 installed. want me to download it?

Aye no harm doing so...

Download from here, you will also need this version as well. As the 64 bit version of Windows 7 requires both to be installed etc.
  • 0

Advertisements

#11
m8dman
Posted 07 June 2016 - 05:57 PM

m8dman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

Thanks for the reply. I was able to run SFCFix after downloading those . Heres the log.

 

SFCFix version 3.0.0.0 by niemiro.
Start time: 2016-06-07 18:24:26.780
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.




AutoAnalysis::
FIXED: Successfully repaired missing store directory C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7600.16820_none_8bfd43e78e28498a.
FIXED: Successfully repaired missing store directory C:\Windows\winsxs\amd64_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7601.21924_none_19b3ce5d25eff59b.
FIXED: Successfully repaired missing store directory C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916.
FIXED: Successfully repaired missing store directory C:\Windows\winsxs\amd64_system.printing_31bf3856ad364e35_6.1.7601.17777_none_d1288d4e8ce9c5e1.
FIXED: Successfully repaired missing store directory C:\Windows\winsxs\x86_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.21855_es-es_85a77a0af96cb383.
FIXED: Successfully repaired missing store directory C:\Windows\winsxs\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_8.0.7600.17051_none_85c59f615f9bfd0b.
FIXED: Successfully repaired missing store directory C:\Windows\winsxs\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_8.0.7600.17197_none_85a063535fb70200.


CORRUPT: C:\Windows\winsxs\amd64_infocard_b77a5c561934e089_6.1.7601.18523_none_583ba558c0b2027e\infocard.exe
CORRUPT: C:\Windows\winsxs\x86_infocard_b77a5c561934e089_6.1.7601.18523_none_9fe8dc2fd52e2b84\infocard.exe
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_6.1.7601.17514_none_64be3a8d04208144\QCLIPROV.DLL
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-shimgvw_31bf3856ad364e35_6.1.7601.17514_none_754be820df4777a8\shimgvw.dll
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d\djoin.exe


SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
   CBS & SFC total detected corruption count:     42
   CBS & SFC total unimportant corruption count:  0
   CBS & SFC total fixed corruption count:        7
   SURT total detected corruption count:          0
   SURT total unimportant corruption count:       0
   SURT total fixed corruption count:             0
AutoAnalysis:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 1 datablocks.
Finish time: 2016-06-07 18:54:21.516
----------------------EOF-----------------------


Edited by m8dman, 07 June 2016 - 06:14 PM.

  • 0

#12
Dakeyras
Posted 08 June 2016 - 04:29 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)
 

Thanks for the reply. I was able to run SFCFix after downloading those

You're welcome! The unrepaired files are not that major in the great scheme of things and what exactly they are was explained prior here by phillpower2. However we may be able to do something about those.

So lets proceed as follows shall we...

Run Windows 7 SRD:

Use the repair disc you have created for the below and actually boot from the Windows 7 SRD disc etc.
  • If not sure how to, a very good tutorial can be read here.
  • You will have to answer a few basic questions then select the option Repair your computer
  • At the System Recovery Options screen click Windows 7 to highlight then Next>
  • Now click on/select Startup Repair
  • If prompted to use System Restore, select Cancel.
  • The same if prompted to Send information about this problem (recommended), select Don't send.
  • Click Finish when Startup Repair has completed, rerun a further two times. It is very important you run the repair three times consecutively, even if appears nothing was repaired and or reported unable to repair something etc. As often things may have actually been repaired after three runs.
  • After the third and final run has completed, remove the SRD disc and then click on Restart
Check Hard Disk For Errors:

Since your machines Hard-Drive as been put through the mill so to speak lets perform a final check on it as follows...

Download the attached hddcheck.bat below and save to your Desktop:-

Attached File  hddcheck.bat   95bytes   291 downloads

Now right-click on hddcheck.bat and select Run as Administrator to run the batch file. A blank command window will open on your desktop, then close in a few minutes. This is normal and the batch file itself will self-delete when completed.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file in your next reply.
  • 0

#13
m8dman
Posted 08 June 2016 - 07:12 PM

m8dman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

Ran start up repair and it didn't detect any problems (on all three runs). Here's the checkhd log.

 

The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
  1568 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  61 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
  37499 data files processed.                                           

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

 976657407 KB total disk space.
 128759236 KB in 204979 files.
    131404 KB in 37500 indexes.
         0 KB in bad sectors.
    417371 KB in use by the system.
     65536 KB occupied by the log file.
 847349396 KB available on disk.

      4096 bytes in each allocation unit.
 244164351 total allocation units on disk.
 211837349 allocation units available on disk.
 


  • 0

#14
Dakeyras
Posted 09 June 2016 - 12:31 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Slow Computer/browser?

Also so is this:

What to do if your Computer is running slowly

Clean-Up with DelFix:

Please download DelFix to your desktop.
  • Right-click on delfix.exe and select Run as Administrator to launch the application.
  • Referring to the image below, select the three options denoted:
DF2.gif
  • Then click on Run.
  • Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
  • After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.
Note: The above application/overall process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

As is this: Computer Security - a short guide to staying safer online

And these are worth reading also: Understanding Windows Firewall settings & Securing Your Router

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:
  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Plus check Automatic Updates is enabled.

Update to Internet Explorer v11:

IE8 has been superseded by IE11 for Windows 7 and above. I strongly advise you download and install the new browser from here. (you will probably need to install IE 10 first before IE 11 etc) This will increase overall security whist browsing online.

This web-page is worth bookmarking/reading for future reference:-

Securing Your Web Browser

Check your third party software is up to date:

Ceratin software such as Adobe related for example can be exploited by malware if it is not up-to date. I advise you consider downloading and installing Heimdal Free. Further infomation about this application can be read on the download page.

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo or MajorGeeks

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

#15
m8dman
Posted 09 June 2016 - 04:35 PM

m8dman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

Thanks for the help my woolly friend!  :spoton: I'm glad we were able to clean my system. This rig is 7 years old but I still need her running until I can get my replacement built (Don't have the funds for it right not but I'm saving up for it).

 

One last question for you. Do I need to worry about those 4 files that SFC couldn't fix? The way Phillpower2 described them it sounded like they weren't overall that important.

 

Here's the Delfix log you requested.

 

# DelFix v1.013 - Logfile created 09/06/2016 at 17:16:52
# Updated 17/04/2016 by Xplode
# Username : Desktop - DESKTOP-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Desktop\Desktop\Addition.txt
Deleted : C:\Users\Desktop\Desktop\AdwCleaner.exe
Deleted : C:\Users\Desktop\Desktop\aswmbr.exe
Deleted : C:\Users\Desktop\Desktop\aswMBR.txt
Deleted : C:\Users\Desktop\Desktop\Fixlog.txt
Deleted : C:\Users\Desktop\Desktop\FRST.txt
Deleted : C:\Users\Desktop\Desktop\FRST64.exe
Deleted : C:\Users\Desktop\Desktop\MBR.dat
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #681 [Windows Update | 05/26/2016 14:41:51]
Deleted : RP #682 [Restore Operation | 05/28/2016 14:43:34]
Deleted : RP #683 [Windows Update | 05/28/2016 15:05:15]
Deleted : RP #684 [Windows Update | 05/31/2016 20:42:16]
Deleted : RP #685 [before windows repair | 06/01/2016 17:33:53]
Deleted : RP #686 [Tweaking.com - Windows Repair | 06/01/2016 18:04:16]
Deleted : RP #687 [Installed Windows 7 USB/DVD Download Tool | 06/03/2016 19:21:20]
Deleted : RP #688 [after boot | 06/03/2016 20:00:13]
Deleted : RP #689 [Removed Windows 7 USB/DVD Download Tool | 06/03/2016 20:55:01]
Deleted : RP #690 [Windows Update | 06/05/2016 00:56:38]
Deleted : RP #691 [before fix | 06/05/2016 18:41:53]
Deleted : RP #692 [Restore Operation | 06/05/2016 20:15:59]
Deleted : RP #693 [Restore Point Created by FRST | 06/06/2016 00:11:08]
Deleted : RP #694 [Windows Update | 06/09/2016 01:13:49]
Deleted : RP #695 [Windows Update | 06/09/2016 01:22:36]

New restore point created !

########## - EOF - ##########
 


Edited by m8dman, 09 June 2016 - 04:38 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP