Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast keeps popping up with Malicious site URL warning every time I run Explorer


  • This topic is locked This topic is locked
48 replies to this topic

#1 oxygenleaves

oxygenleaves

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 24 June 2013 - 01:10 PM

Hi there,

 

I switched on my computer today and I can't get onto the internet. Every time I run Explorer (my home page is set to Google), a pop up from Avast says that it has blocked the site because it is a malicious URL. I guess that I've probably picked up some virus/trojan, but I have no idea how to start to get rid of it. I have temporarrily disabled Avast so I can get onto the Internet.

 

Any help would be genuinely appreciated,



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 24 June 2013 - 01:36 PM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.
Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 oxygenleaves

oxygenleaves
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 24 June 2013 - 10:10 PM

Hi Marius,

 

Thank you for your reply, I really appreciate your help.

 

Okay, so I tried to download Farbar's Recovery Scan Tool, but each time I try to run the program I get the following message:

 

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

 

So anyway, I then temporarily disabled my Avast Antivirus software and I was then able to run the program.

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01
Ran by Jon (administrator) on 25-06-2013 11:04:29
Running from C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\CN7KXV5E
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware

\NIHardwareService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler

\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon

\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier

\GoogleToolbarNotifier.exe
() C:\Users\Jon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0

Host Controller Driver\Application\nusb3mon.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology

\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central

\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive

\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology

\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine

Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus

\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine

Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-

07-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6486120

2010-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 

[2120808 2010-09-04] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [283240

2010-08-13] (NVIDIA Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon

\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-06] (Intel® Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-

08-05] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics

\AccelerometerP11\FF_Protection.exe [727664 2010-09-25] ()
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[2327952 2010-07-22] (Microsoft Corporation)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe

[924464 2011-08-26] (Avid Technology, Inc.)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup

\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local

Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell

DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell

DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-22] ()
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier

\GoogleToolbarNotifier.exe" [39408 2011-02-07] (Google Inc.)
HKCU\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe"

-quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Jon\AppData\Roaming\Spotify\Data

\SpotifyWebHelper.exe" [932528 2012-06-21] ()
HKCU\...\Run: [Facebook Update] "C:\Users\Jon\AppData\Local\Facebook\Update

\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-16] (Facebook Inc.)
MountPoints2: {34607bf0-badb-11e1-8498-f04da25aca33} - F:\autorun.exe
HKLM-x32\...\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host

Controller Driver\Application\nusb3mon.exe" [113288 2010-04-28] (Renesas Electronics

Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage

Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader

9.0\Reader\Reader_sl.exe" [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell

Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-25] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn

\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update

\realsched.exe" -osboot [273544 2011-02-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -

atboottime [421888 2010-11-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[421160 2011-04-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java

Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

[4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes

\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office

\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [111720 2010-08-13] (NVIDIA

Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [100456 2010-08-13] (NVIDIA

Corporation)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe

(MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} -  No File
URLSearchHook: (No Name) - {a060276a-53be-45ec-8ebe-b94b1e803179} -  No File
SearchScopes: HKCU - {AC847E68-AF13-44A6-B354-52B45A1BE218} URL =

http://search.conduit.com/ResultsExt.aspx?q={searchTerms}

&SearchSource=4&ctid=CT2549263
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil

Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files

(x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:

\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

(Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:

\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:

\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems

Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-

B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:

\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:

\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files

\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:

\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:

\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program

Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:

\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:

\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03}

- C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:

\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program

Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
Toolbar: HKCU - No Name - {A060276A-53BE-45EC-8EBE-B94B1E803179} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000}

http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6}

http://support.euro.dell.com/systemprofiler/SysProExe.CAB
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles

\doylmz6h.default
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

(Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft

Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:

\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director

\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla

Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin

\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:

\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft

Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:

\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:

\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D

Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA

Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real

\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real

\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real

\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks,

Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real

\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files

(x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files

(x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Extension: FoxyProxy Basic - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox

\Profiles\doylmz6h.default\Extensions\foxyproxy@eric.h.jung
FF Extension: Expat Shield  - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles

\doylmz6h.default\Extensions\{a060276a-53be-45ec-8ebe-b94b1e803179}

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013

-05-09] (AVAST Software)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-06]

()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin

\RapportMgmtService.exe [1124632 2013-06-18] (Trusteer Ltd.)

==================== Drivers (Whitelisted) ====================

S3 ak1avs; C:\Windows\System32\Drivers\ak1avs.sys [359784 2012-12-18] (Native

Instruments GmbH)
S3 ak1usb_svc; C:\Windows\System32\Drivers\ak1usb.sys [100712 2012-12-18] (Native

Instruments GmbH)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST

Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST

Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST

Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST

Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
S3 MADFUOZONE; C:\Windows\System32\DRIVERS\MAudioOzone_DFU.sys [47920 2011-08-26]

(M-Audio)
S3 MAUSBOZONE; C:\Windows\System32\DRIVERS\MAudioOzone.sys [189744 2011-08-26] (Avid

Technology, Inc.)
R1 RapportCerberus_53984; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus

\53984\RapportCerberus64_53984.sys [588048 2013-06-23] ()
R1 RapportCerberus_53984; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus

\53984\RapportCerberus64_53984.sys [588048 2013-06-23] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

[229040 2013-06-18] (Trusteer Ltd.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

[229040 2013-06-18] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236688 2013-06-18]

(Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

[357712 2013-06-18] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

[357712 2013-06-18] (Trusteer Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-25 11:02 - 2013-06-25 11:02 - 00000000 ____D C:\FRST
2013-06-25 10:57 - 2013-06-25 10:57 - 01931854 ____A (Farbar) C:\Users\Jon\Desktop

\FRST64.exe
2013-06-25 01:42 - 2013-06-25 01:42 - 00000278 ____A C:\Users\Jon\Desktop\Avast popup

Malicious URL Blocked and Malware Blocked from svchost.exe - Virus, Trojan, Spyware,

and Malware Removal Logs.url
2013-06-25 00:50 - 2013-05-09 16:59 - 00189936 ____A C:\Windows\System32\Drivers

\aswVmm.sys
2013-06-25 00:50 - 2013-05-09 16:59 - 00065336 ____A C:\Windows\System32\Drivers

\aswRvrt.sys
2013-06-24 16:39 - 2013-06-24 16:45 - 00000000 ____D C:\Users\Jon\SpeakGoodChinese2
2013-06-24 16:01 - 2013-06-24 16:01 - 05319412 ____A C:\Users\Jon\Desktop

\praat5352_win64.zip
2013-06-20 16:26 - 2013-06-20 16:26 - 00003875 ____A C:\Users\Jon\Desktop\Michele

Thomas Chinese.lnk
2013-06-17 23:38 - 2013-06-25 10:46 - 00000216 ____A C:\Users\Jon\Desktop\How to get

Skritter functionality for free with Anki - EAS.url
2013-06-13 17:07 - 2013-06-13 17:07 - 00000203 ____A C:\Users\Jon\Desktop\the

apprentice uk s09e07 720p hdtv x264 ftp - YouTube.url
2013-06-13 13:29 - 2013-06-13 13:29 - 00000163 ____A C:\Users\Jon\Desktop\National

insurance enquiries for non-UK residents.url
2013-06-12 22:07 - 2013-05-17 12:05 - 17824768 ____A (Microsoft Corporation) C:

\Windows\System32\mshtml.dll
2013-06-12 22:07 - 2013-05-17 11:27 - 10926080 ____A (Microsoft Corporation) C:

\Windows\System32\ieframe.dll
2013-06-12 22:07 - 2013-05-17 11:09 - 02312704 ____A (Microsoft Corporation) C:

\Windows\System32\jscript9.dll
2013-06-12 22:07 - 2013-05-17 11:02 - 01392128 ____A (Microsoft Corporation) C:

\Windows\System32\wininet.dll
2013-06-12 22:07 - 2013-05-17 11:02 - 01346560 ____A (Microsoft Corporation) C:

\Windows\System32\urlmon.dll
2013-06-12 22:07 - 2013-05-17 11:01 - 01494528 ____A (Microsoft Corporation) C:

\Windows\System32\inetcpl.cpl
2013-06-12 22:07 - 2013-05-17 11:00 - 00237056 ____A (Microsoft Corporation) C:

\Windows\System32\url.dll
2013-06-12 22:07 - 2013-05-17 10:58 - 00085504 ____A (Microsoft Corporation) C:

\Windows\System32\jsproxy.dll
2013-06-12 22:07 - 2013-05-17 10:56 - 00599040 ____A (Microsoft Corporation) C:

\Windows\System32\vbscript.dll
2013-06-12 22:07 - 2013-05-17 10:56 - 00173056 ____A (Microsoft Corporation) C:

\Windows\System32\ieUnatt.exe
2013-06-12 22:07 - 2013-05-17 10:55 - 00816640 ____A (Microsoft Corporation) C:

\Windows\System32\jscript.dll
2013-06-12 22:07 - 2013-05-17 10:54 - 00729088 ____A (Microsoft Corporation) C:

\Windows\System32\msfeeds.dll
2013-06-12 22:07 - 2013-05-17 10:53 - 02147840 ____A (Microsoft Corporation) C:

\Windows\System32\iertutil.dll
2013-06-12 22:07 - 2013-05-17 10:51 - 02382848 ____A (Microsoft Corporation) C:

\Windows\System32\mshtml.tlb
2013-06-12 22:07 - 2013-05-17 10:51 - 00096768 ____A (Microsoft Corporation) C:

\Windows\System32\mshtmled.dll
2013-06-12 22:07 - 2013-05-17 10:46 - 00248320 ____A (Microsoft Corporation) C:

\Windows\System32\ieui.dll
2013-06-12 22:07 - 2013-05-17 07:08 - 12329984 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.dll
2013-06-12 22:07 - 2013-05-17 06:49 - 09738752 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ieframe.dll
2013-06-12 22:07 - 2013-05-17 06:39 - 01800704 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\jscript9.dll
2013-06-12 22:07 - 2013-05-17 06:28 - 01129472 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\wininet.dll
2013-06-12 22:07 - 2013-05-17 06:28 - 01104384 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\urlmon.dll
2013-06-12 22:07 - 2013-05-17 06:27 - 01427968 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\inetcpl.cpl
2013-06-12 22:07 - 2013-05-17 06:26 - 00231936 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\url.dll
2013-06-12 22:07 - 2013-05-17 06:23 - 00065024 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\jsproxy.dll
2013-06-12 22:07 - 2013-05-17 06:21 - 00717824 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\jscript.dll
2013-06-12 22:07 - 2013-05-17 06:21 - 00142848 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ieUnatt.exe
2013-06-12 22:07 - 2013-05-17 06:20 - 00420864 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\vbscript.dll
2013-06-12 22:07 - 2013-05-17 06:19 - 00607744 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\msfeeds.dll
2013-06-12 22:07 - 2013-05-17 06:17 - 01796096 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\iertutil.dll
2013-06-12 22:07 - 2013-05-17 06:17 - 00073216 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\mshtmled.dll
2013-06-12 22:07 - 2013-05-17 06:16 - 02382848 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\mshtml.tlb
2013-06-12 22:07 - 2013-05-17 06:12 - 00176640 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\ieui.dll
2013-06-12 19:52 - 2013-05-10 13:49 - 00030720 ____A (Microsoft Corporation) C:

\Windows\System32\cryptdlg.dll
2013-06-12 19:52 - 2013-05-10 11:20 - 00024576 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\cryptdlg.dll
2013-06-12 19:52 - 2013-05-08 14:39 - 01910632 ____A (Microsoft Corporation) C:

\Windows\System32\Drivers\tcpip.sys
2013-06-12 19:52 - 2013-04-26 13:51 - 00751104 ____A (Microsoft Corporation) C:

\Windows\System32\win32spl.dll
2013-06-12 19:52 - 2013-04-26 12:55 - 00492544 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\win32spl.dll
2013-06-12 19:51 - 2013-05-13 13:51 - 01464320 ____A (Microsoft Corporation) C:

\Windows\System32\crypt32.dll
2013-06-12 19:51 - 2013-05-13 13:51 - 00184320 ____A (Microsoft Corporation) C:

\Windows\System32\cryptsvc.dll
2013-06-12 19:51 - 2013-05-13 13:51 - 00139776 ____A (Microsoft Corporation) C:

\Windows\System32\cryptnet.dll
2013-06-12 19:51 - 2013-05-13 13:50 - 00052224 ____A (Microsoft Corporation) C:

\Windows\System32\certenc.dll
2013-06-12 19:51 - 2013-05-13 12:45 - 01160192 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\crypt32.dll
2013-06-12 19:51 - 2013-05-13 12:45 - 00140288 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\cryptsvc.dll
2013-06-12 19:51 - 2013-05-13 12:45 - 00103936 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\cryptnet.dll
2013-06-12 19:51 - 2013-05-13 11:43 - 01192448 ____A (Microsoft Corporation) C:

\Windows\System32\certutil.exe
2013-06-12 19:51 - 2013-05-13 11:08 - 00903168 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\certutil.exe
2013-06-12 19:51 - 2013-05-13 11:08 - 00043008 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\certenc.dll
2013-06-12 19:51 - 2013-04-26 07:30 - 01505280 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\d3d11.dll
2013-06-12 19:51 - 2013-04-17 15:02 - 01230336 ____A (Microsoft Corporation) C:

\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 19:51 - 2013-04-17 14:24 - 01424384 ____A (Microsoft Corporation) C:

\Windows\System32\WindowsCodecs.dll
2013-06-12 19:51 - 2013-04-01 06:52 - 01887232 ____A (Microsoft Corporation) C:

\Windows\System32\d3d11.dll
2013-06-11 17:12 - 2013-06-11 18:30 - 00000000 ____D C:\Users\Jon\Downloads\Japanese

Language Learning Pack
2013-06-11 16:57 - 2009-05-11 21:36 - 20786089 ____A C:\Users\Jon\Desktop\Japanese

for Everyone GAKKEN Ebook.djvu
2013-06-11 16:51 - 2013-06-11 16:56 - 20786192 ____A C:\Users\Jon\Desktop

\Japanese_for_Everyone_GAKKEN_Ebook.rar
2013-06-11 16:39 - 2013-06-11 16:47 - 00000000 ____D C:\Users\Jon\Downloads\Genki I

+II - Integrated Elementary Japanese Course (PDF, MP3)
2013-06-11 15:47 - 2013-06-11 15:47 - 00000000 ____D C:\Users\Jon\Downloads\Adele

Live at the Royal Albert Hall (2011)_720p_BRrip_sujaidr
2013-06-02 23:12 - 2013-06-03 00:08 - 00000000 ____D C:\Users\Jon\Praat
2013-05-28 15:54 - 2013-05-28 18:12 - 00000000 ____D C:\Users\Jon\Desktop\leo and

angel
2013-05-27 23:42 - 2013-05-27 23:42 - 00000203 ____A C:\Users\Jon\Desktop\Mr.

Brightside guitar lesson - Roaming Minstrel - YouTube.url

==================== One Month Modified Files and Folders =======

2013-06-25 11:02 - 2013-06-25 11:02 - 00000000 ____D C:\FRST
2013-06-25 10:57 - 2013-06-25 10:57 - 01931854 ____A (Farbar) C:\Users\Jon\Desktop

\FRST64.exe
2013-06-25 10:56 - 2009-07-14 12:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-25 10:56 - 2009-07-14 12:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-

376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-25 10:47 - 2009-07-14 13:10 - 01435813 ____A C:\Windows\WindowsUpdate.log
2013-06-25 10:46 - 2013-06-17 23:38 - 00000216 ____A C:\Users\Jon\Desktop\How to get

Skritter functionality for free with Anki - EAS.url
2013-06-25 10:44 - 2011-02-04 01:11 - 00000000 ____D C:\Users\Jon\AppData\Local

\SoftThinks
2013-06-25 10:43 - 2011-02-07 03:41 - 00000888 ____A C:\Windows\Tasks

\GoogleUpdateTaskMachineCore.job
2013-06-25 10:43 - 2011-01-06 19:22 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-25 10:43 - 2009-07-14 13:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 10:43 - 2009-07-14 12:51 - 00126445 ____A C:\Windows\setupact.log
2013-06-25 01:42 - 2013-06-25 01:42 - 00000278 ____A C:\Users\Jon\Desktop\Avast popup

Malicious URL Blocked and Malware Blocked from svchost.exe - Virus, Trojan, Spyware,

and Malware Removal Logs.url
2013-06-25 01:33 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 01:30 - 2011-02-07 03:41 - 00000892 ____A C:\Windows\Tasks

\GoogleUpdateTaskMachineUA.job
2013-06-25 00:58 - 2012-06-20 21:05 - 00001115 ____A C:\Users\Public\Desktop

\Malwarebytes Anti-Malware.lnk
2013-06-25 00:58 - 2012-06-20 21:05 - 00000000 ____D C:\Program Files

(x86)\Malwarebytes' Anti-Malware
2013-06-25 00:50 - 2011-02-11 06:19 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-25 00:26 - 2012-07-16 15:21 - 00000920 ____A C:\Windows\Tasks

\FacebookUpdateTaskUserS-1-5-21-3161640724-3680949888-2250039093-1001UA.job
2013-06-24 16:45 - 2013-06-24 16:39 - 00000000 ____D C:\Users\Jon\SpeakGoodChinese2
2013-06-24 16:39 - 2012-06-27 22:01 - 00000000 ____D C:\Users\Jon\Desktop\Learn

chinese
2013-06-24 16:39 - 2011-02-04 01:08 - 00000000 ____D C:\users\Jon
2013-06-24 16:03 - 2012-10-09 22:53 - 00000000 ____D C:\Users\Jon\Desktop\Living in

Taiwan
2013-06-24 16:01 - 2013-06-24 16:01 - 05319412 ____A C:\Users\Jon\Desktop

\praat5352_win64.zip
2013-06-24 15:26 - 2012-07-16 15:21 - 00000898 ____A C:\Windows\Tasks

\FacebookUpdateTaskUserS-1-5-21-3161640724-3680949888-2250039093-1001Core.job
2013-06-24 14:18 - 2011-02-07 03:41 - 00000000 ____D C:\Users\Jon\AppData\Local

\Google
2013-06-24 00:31 - 2009-07-14 13:13 - 00726444 ____A C:\Windows

\System32\PerfStringBackup.INI
2013-06-22 18:11 - 2011-02-27 18:44 - 00000000 ____D C:\Users\Jon\AppData\Roaming

\Skype
2013-06-20 16:44 - 2012-03-18 20:24 - 00000000 ____D C:\Users\Jon\usb recovery
2013-06-20 16:42 - 2012-06-08 18:00 - 00000000 ____D C:\Users\Jon\Documents

\ConvertXToDVD
2013-06-20 16:42 - 2012-06-08 17:56 - 00001189 ____A C:\Users\Jon\AppData\Roaming

\vso_ts_preview.xml
2013-06-20 16:42 - 2012-06-08 17:56 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Vso
2013-06-20 16:26 - 2013-06-20 16:26 - 00003875 ____A C:\Users\Jon\Desktop\Michele

Thomas Chinese.lnk
2013-06-18 16:14 - 2012-05-22 14:53 - 00236688 ____A (Trusteer Ltd.) C:\Windows

\System32\Drivers\RapportKE64.sys
2013-06-14 13:29 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 17:07 - 2013-06-13 17:07 - 00000203 ____A C:\Users\Jon\Desktop\the

apprentice uk s09e07 720p hdtv x264 ftp - YouTube.url
2013-06-13 13:29 - 2013-06-13 13:29 - 00000163 ____A C:\Users\Jon\Desktop\National

insurance enquiries for non-UK residents.url
2013-06-12 22:05 - 2011-02-11 03:25 - 75825640 ____A (Microsoft Corporation) C:

\Windows\System32\MRT.exe
2013-06-11 18:44 - 2012-05-10 02:19 - 00000000 ____D C:\Users\Jon\AppData\Roaming

\uTorrent
2013-06-11 18:30 - 2013-06-11 17:12 - 00000000 ____D C:\Users\Jon\Downloads\Japanese

Language Learning Pack
2013-06-11 16:56 - 2013-06-11 16:51 - 20786192 ____A C:\Users\Jon\Desktop

\Japanese_for_Everyone_GAKKEN_Ebook.rar
2013-06-11 16:47 - 2013-06-11 16:39 - 00000000 ____D C:\Users\Jon\Downloads\Genki I

+II - Integrated Elementary Japanese Course (PDF, MP3)
2013-06-11 15:47 - 2013-06-11 15:47 - 00000000 ____D C:\Users\Jon\Downloads\Adele

Live at the Royal Albert Hall (2011)_720p_BRrip_sujaidr
2013-06-03 00:08 - 2013-06-02 23:12 - 00000000 ____D C:\Users\Jon\Praat
2013-05-30 00:13 - 2012-08-02 20:28 - 00000000 ____D C:\Users\Jon\Desktop\ESL and

teaching writing
2013-05-28 18:12 - 2013-05-28 15:54 - 00000000 ____D C:\Users\Jon\Desktop\leo and

angel
2013-05-27 23:42 - 2013-05-27 23:42 - 00000203 ____A C:\Users\Jon\Desktop\Mr.

Brightside guitar lesson - Roaming Minstrel - YouTube.url

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-14 13:22

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2013 01
Ran by Jon at 2013-06-25 11:06:17
Running from C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\CN7KXV5E
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

µTorrent (x32 Version: 3.1.3)
AccelerometerP11 (x32 Version: 2.00.11.15)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Extra Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Recommended Settings (x32 Version: 1.0)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe Digital Editions (x32)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Photoshop CS3 (x32 Version: 10.0)
Adobe Reader 9.1.2 (x32 Version: 9.1.2)
Adobe Setup (x32 Version: 1.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
Advanced Audio FX Engine (x32 Version: 1.12.05)
AmpliTube2 (x32 Version: 2.0.0)
Anki (x32)
Apple Application Support (x32 Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (x32 Version: 2.1.2.120)
ASIO4ALL (x32 Version: 2.10)
Audacity 1.3.13 (Unicode) (x32)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bonjour (Version: 2.0.5.0)
Chinese Simplified Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0)
Chinese Traditional Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0)
ConvertXtoDVD 4.1.19.365 (x32 Version: 4.1.19.365)
Coupon Printer (x32 Version: 2.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell DataSafe Local Backup - Support Software (x32)
Dell DataSafe Local Backup (x32 Version: 9.4.47)
Dell Edoc Viewer (Version: 1.0.0)
Dell Webcam Central (x32 Version: 1.40.05)
DiskAid 4.62 (x32 Version: 4.62)
DVD Flick 1.3.0.7 (x32 Version: 1.3.0.7)
East West EWQLSO Silver Edition (x32)
EPSON Printer Software
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
GMedia Music impOSCar VSTi v1.0.0.1 (x32)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2189)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
Intel® Wireless Display (Version: 1.2.20.0)
iPhoneBrowser (x32 Version: 1.9.3)
iTunes (Version: 10.2.2.14)
Japanese Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0)
Java Auto Updater (x32 Version: 2.0.7.1)
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
Java™ 6 Update 31 (x32 Version: 6.0.310)
JMicron Flash Media Controller Driver (x32 Version: 1.0.50.2)
LAME v3.98.3 for Audacity (x32)
Lexicon PSP 42 VST DX v1.0 (x32)
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1)
LUXONIX Ravity(S) v1.4 (x32)
MagicDisc 2.7.106 (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
M-Audio Ozone 6.0.4 (x64) (Version: 6.0.4)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version:

14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version:

14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version:

14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version:

9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version:

9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version:

9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version:

9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version:

9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 16.0.2 (x86 en-US) (x32 Version: 16.0.2)
MSVCRT (x32 Version: 15.4.2862.0708)
Native Instruments Absynth 4 (x32)
Native Instruments Audio Kontrol 1 Driver (Version: 3.1.0.761)
Native Instruments Audio Kontrol 1 Driver (x32)
Native Instruments Audio Kontrol 1 Support Files (Version: )
Native Instruments Audio Kontrol 1 Support Files (x32)
Native Instruments Controller Editor (Version: 1.2.5.409)
Native Instruments Controller Editor (x32)
Native Instruments Service Center (Version: 2.2.3.537)
Native Instruments Service Center (x32)
NVIDIA Display Control Panel (Version: 6.14.12.5939)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.5939)
NVIDIA Updatus (x32 Version: 1.0.3)
PDF Settings (x32 Version: 1.0)
PSP 84 v1.0 (x32)
PSP Nitro VST and DX 1.0 (x32)
Quickset64 (Version: 10.8.5)
QuickTime (x32 Version: 7.69.80.9)
Rapport (Version: 3.5.1205.20)
Rapport (x32 Version: 3.5.1208.41)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6194)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Recuva (Version: 1.42)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0)
Rob Papen Albino 3 (x32)
Roxio Burn (x32 Version: 1.01)
Skype Toolbars (x32 Version: 1.0.4051)
Skype™ 6.3 (x32 Version: 6.3.107)
Spotify (HKCU Version: 0.8.3.222.g317ab79d)
Steinberg Cubase 5 (x32 Version: 5.1.0)
Steinberg Drum Loop Expansion 01 (x32 Version: 1.0.0.1)
Steinberg Groove Agent ONE Content (x32 Version: 1.0.0.003)
Steinberg HALionOne (x32 Version: 1.1.0.457)
Steinberg HALionOne Additional Content Set 01 (x32 Version: 1.0.0.001)
Steinberg HALionOne Expression Set (x32 Version: 1.0.1.0)
Steinberg HALionOne GM Drum Set (x32 Version: 1.0.1.457)
Steinberg HALionOne GM Set (x32 Version: 1.0.1.457)
Steinberg HALionOne Pro Set (x32 Version: 1.0.1.457)
Steinberg HALionOne Studio Set (x32 Version: 1.0.1.457)
Steinberg REVerence Content 01 (x32 Version: 1.0.0.006)
StylusRMX (x32)
Sweet Home 3D (HKCU)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.4.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
uTorrentControl2 Toolbar (x32 Version: 6.8.9.0)
VirtualCloneDrive (x32)
VLC media player 1.1.7 (x32 Version: 1.1.7)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinRAR 4.00 beta 6 (64-bit) (Version: 4.00.6)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)

==================== Restore Points  =========================

01-06-2013 12:35:29 Windows Update
08-06-2013 12:02:34 Windows Update
12-06-2013 14:04:06 Windows Update
16-06-2013 18:31:46 Windows Update
22-06-2013 06:31:54 Windows Update
23-06-2013 16:27:01 Installed Rapport

==================== Hosts content: ==========================
127.0.0.1 anchorfree.net
127.0.0.1 rss2search.com
127.0.0.1 techbrowsing.com
127.0.0.1 box.anchorfree.net
127.0.0.2 www.mefeedia.com
127.0.0.3 www.anchorfree.net

==================== Scheduled Tasks (whitelisted) =============

Task: {0074F08E-01E9-4C77-B324-B63B97ADEB17} - System32\Tasks

\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2011-02-07] (Google Inc.)
Task: {21F63A2C-6F8C-4BEA-A165-996914D5BF06} - System32\Tasks\CreateChoiceProcessTask

=> C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {25F22226-6C1F-4683-911B-100F72AC2C36} - System32\Tasks\Microsoft\Windows Live

\SOXE\Extractor Definitions Update Task
Task: {3CFBCF1B-92C4-4F19-9AAE-50EBC78FB40E} - System32\Tasks\IORRT => C:\IORRT

\IORRT.bat [2012-07-17] ()
Task: {411323EF-0428-4D18-9054-917349C4E3C6} - System32\Tasks

\RealUpgradeScheduledTaskS-1-5-21-3161640724-3680949888-2250039093-1001 => C:\Program

Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {481DAD35-7DE0-426B-B07B-E6B8985E928F} - System32\Tasks\avast! Emergency Update

=> C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST

Software)
Task: {5E96FC1E-55B1-4283-A77D-7E326B93FF05} - System32\Tasks

\RealCreateProcessScheduledTask3150455S-1-5-21-3161640724-3680949888-2250039093-1001

=> C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2011-02-07] (RealNetworks,

Inc.)
Task: {7648BDCC-D50B-4B14-8904-D4B336D4C9E1} - System32\Tasks\Microsoft\Windows

Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-

07-14] (Microsoft Corporation)
Task: {7B0467AD-7B5D-4E9C-A172-C0F36AE7D107} - System32\Tasks

\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint

\IPoint.exe [2010-07-22] (Microsoft Corporation)
Task: {9029E6CC-8CF6-4B30-9EEF-962FA71A91CE} - System32\Tasks

\FacebookUpdateTaskUserS-1-5-21-3161640724-3680949888-2250039093-1001UA => C:\Users

\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16] (Facebook Inc.)
Task: {945821F5-377B-4028-82F3-993E4DDB4FC9} - System32\Tasks\Apple

\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update

\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {B43BA197-B0FE-4050-A9CF-5E1CD434C168} - System32\Tasks\Hybrid => C:\IORRT

\IORRT.bat [2012-07-17] ()
Task: {CFDC2834-8062-43D5-9A39-2E9F486280AB} - System32\Tasks\RealUpgradeLogonTaskS-

1-5-21-3161640724-3680949888-2250039093-1001 => C:\Program Files (x86)\Real

\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {D40E4207-31D5-4E51-B154-9A7C472FC315} - System32\Tasks

\FacebookUpdateTaskUserS-1-5-21-3161640724-3680949888-2250039093-1001Core => C:

\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16] (Facebook

Inc.)
Task: {D48D651F-280F-4114-A670-2CFF1F16C942} - System32\Tasks

\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2011-02-07] (Google Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3161640724-3680949888-

2250039093-1001Core.job => C:\Users\Jon\AppData\Local\Facebook\Update

\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3161640724-3680949888-

2250039093-1001UA.job => C:\Users\Jon\AppData\Local\Facebook\Update

\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2013 01:14:13 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16490, time

stamp: 0x51955cca
Faulting module name: jscript.dll, version: 5.8.7601.16990, time stamp: 0x51955be8
Exception code: 0xc0000005
Fault offset: 0x0000af44
Faulting process id: 0x1554
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/13/2013 01:16:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16490, time

stamp: 0x51955cca
Faulting module name: jscript.dll, version: 5.8.7601.16990, time stamp: 0x51955be8
Exception code: 0xc0000005
Fault offset: 0x0000af44
Faulting process id: 0x176c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/11/2013 04:51:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16483, time

stamp: 0x515df825
Faulting module name: jscript.dll, version: 5.8.7601.16984, time stamp: 0x515df773
Exception code: 0xc0000005
Fault offset: 0x0000af44
Faulting process id: 0x12cc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/09/2013 05:32:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16483, time

stamp: 0x515df825
Faulting module name: jscript.dll, version: 5.8.7601.16984, time stamp: 0x515df773
Exception code: 0xc0000005
Fault offset: 0x0000af44
Faulting process id: 0x1794
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/01/2013 08:57:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16483, time

stamp: 0x515df825
Faulting module name: MSHTML.dll, version: 9.0.8112.16484, time stamp: 0x5186b207
Exception code: 0xc0000005
Fault offset: 0x00262bc4
Faulting process id: 0x134c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/29/2013 11:45:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16483, time

stamp: 0x515df825
Faulting module name: jscript.dll, version: 5.8.7601.16984, time stamp: 0x515df773
Exception code: 0xc0000005
Fault offset: 0x0000af44
Faulting process id: 0x155c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/29/2013 11:22:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16483, time

stamp: 0x515df825
Faulting module name: jscript.dll, version: 5.8.7601.16984, time stamp: 0x515df773
Exception code: 0xc0000005
Fault offset: 0x0000af44
Faulting process id: 0x10f0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/29/2013 10:17:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16483, time

stamp: 0x515df825
Faulting module name: jscript.dll, version: 5.8.7601.16984, time stamp: 0x515df773
Exception code: 0xc0000005
Fault offset: 0x0000af44
Faulting process id: 0x1a68
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/20/2013 10:07:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16483, time

stamp: 0x515df825
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x000371a8
Faulting process id: 0xf8c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/15/2013 02:44:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16476, time

stamp: 0x5126e7ac
Faulting module name: jscript.dll, version: 5.8.7601.16982, time stamp: 0x5126e737
Exception code: 0xc0000005
Fault offset: 0x0000af44
Faulting process id: 0xc94
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (06/25/2013 10:43:59 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (06/25/2013 10:43:59 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (06/25/2013 01:50:29 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (06/25/2013 01:50:29 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (06/25/2013 00:52:13 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (06/25/2013 00:52:13 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (06/25/2013 00:51:41 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (06/25/2013 00:51:41 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (06/25/2013 00:46:02 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (06/25/2013 00:46:02 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Microsoft Office Sessions:
=========================
Error: (06/14/2013 01:14:13 AM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.1649051955ccajscript.dll5.8.7601.1699051955be8c00000050000af4415

5401ce68569a771f4eC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\system32\jscript.dllaab94f19-d44c-11e2-b58f-f04da25aca33

Error: (06/13/2013 01:16:47 PM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.1649051955ccajscript.dll5.8.7601.1699051955be8c00000050000af4417

6c01ce67e90bd815d9C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\system32\jscript.dll716bdad3-d3e8-11e2-b089-f04da25aca33

Error: (06/11/2013 04:51:43 PM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.16483515df825jscript.dll5.8.7601.16984515df773c00000050000af4412

cc01ce6675e4a472d7C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\system32\jscript.dll23456e99-d274-11e2-adce-f04da25aca33

Error: (06/09/2013 05:32:12 PM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.16483515df825jscript.dll5.8.7601.16984515df773c00000050000af4417

9401ce64e554d6c463C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\system32\jscript.dll75fe1b2c-d0e7-11e2-acdf-f04da25aca33

Error: (06/01/2013 08:57:04 PM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.16483515df825MSHTML.dll9.0.8112.164845186b207c000000500262bc4134

c01ce5ec4a4fad6ebC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\system32\MSHTML.dllc1d01e35-caba-11e2-b5ec-f04da25aca33

Error: (05/29/2013 11:45:02 PM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.16483515df825jscript.dll5.8.7601.16984515df773c00000050000af4415

5c01ce5c8047fa827cC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\system32\jscript.dllb96db5e3-c876-11e2-af9b-f04da25aca33

Error: (05/29/2013 11:22:03 PM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.16483515df825jscript.dll5.8.7601.16984515df773c00000050000af4410

f001ce5c7742227918C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\system32\jscript.dll83a4e421-c873-11e2-af9b-f04da25aca33

Error: (05/29/2013 10:17:27 PM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.16483515df825jscript.dll5.8.7601.16984515df773c00000050000af441a

6801ce5c7603aa6135C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\system32\jscript.dll7d4eb1ce-c86a-11e2-af9b-f04da25aca33

Error: (05/20/2013 10:07:13 PM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.16483515df825ntdll.dll6.1.7601.177254ec49b8fc0000005000371a8f8c0

1ce55600aabc468C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\SysWOW64\ntdll.dll9117353e-c156-11e2-a48f-f04da25aca33

Error: (05/15/2013 02:44:18 PM) (Source: Application Error)(User: )
Description:

iexplore.exe9.0.8112.164765126e7acjscript.dll5.8.7601.169825126e737c00000050000af44c9

401ce5135fff04b37C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows

\system32\jscript.dlldd3d7dfc-bd2a-11e2-95ab-f04da25aca33

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3828.3 MB
Available physical RAM: 2079.04 MB
Total Pagefile: 7654.78 MB
Available Pagefile: 5716.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:454.36 GB) (Free:88.74 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 259D4594)
Partition 1: (Not Active) - (Size=2 GB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 oxygenleaves

oxygenleaves
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 24 June 2013 - 10:36 PM

I have tried to post the ark.txt log from Gmer, but when I paste it into this window, it says "post_too_long".



#5 oxygenleaves

oxygenleaves
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 24 June 2013 - 10:46 PM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-25 11:21:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465.76GB
Running: tfugthwu.exe; Driver: C:\Users\Jon\AppData\Local\Temp\pwldypow.sys

---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4364:4316]                                                                                                                                                                             000007fefe060168
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4364:1640]                                                                                                                                                                             000007fefbb22a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4364:1736]                                                                                                                                                                             000007fef8ed5124
Thread   C:\Windows\System32\svchost.exe [3664:2532]                                                                                                                                                                                                000007fef5cf9688
---- Processes - GMER 2.1 ----

Library  C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CN7KXV5E\FRST64.exe (*** suspicious ***) @ C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CN7KXV5E\FRST64.exe [5764]  0000000140000000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                                                                                                       2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                                                                                                      2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                                                                                                                aswFsBlk
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                                                                                                      FSFilter Activity Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                                                                                                            FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                                                                                                                avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                                                                                                        2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                                                                                                                  aswFsBlk Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                                                                                       388400
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                                                                                                      2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                                                                                                                     2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                                                                                                                 \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                                                                                                               aswMonFlt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                                                                                                                     FSFilter Anti-Virus
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                                                                                                           FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                                                                                                               avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                                                                                                                 aswMonFlt Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                                                                                     320700
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                                                                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                                                                                                                  aswRdr
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                                                                                                        PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                                                                                                              tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                                                                                                                  avast! WFP Redirect driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                                                                                                                    \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                                                                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                                                                                                nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                                                                                                       0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                                                                                                                 aswRvrt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                                                                                                                 avast! Revert
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                                                                                                      3
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                                                                                                      5832
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                                                                                                       \Device\Harddisk0\Partition3\Windows
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                                                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                                                                                                         2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                                                                                                                

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-25 11:21:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465.76GB
Running: tfugthwu.exe; Driver: C:\Users\Jon\AppData\Local\Temp\pwldypow.sys

---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4364:4316]                                                                                                                                                                             000007fefe060168
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4364:1640]                                                                                                                                                                             000007fefbb22a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4364:1736]                                                                                                                                                                             000007fef8ed5124
Thread   C:\Windows\System32\svchost.exe [3664:2532]                                                                                                                                                                                                000007fef5cf9688
---- Processes - GMER 2.1 ----

Library  C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content



#6 oxygenleaves

oxygenleaves
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 24 June 2013 - 10:48 PM

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                                                                                                       2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                                                                                                      2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                                                                                                                aswFsBlk
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                                                                                                      FSFilter Activity Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                                                                                                            FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                                                                                                                avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                                                                                                        2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                                                                                                                  aswFsBlk Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                                                                                       388400
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                                                                                                      2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                                                                                                                     2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                                                                                                                 \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                                                                                                               aswMonFlt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                                                                                                                     FSFilter Anti-Virus
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                                                                                                           FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                                                                                                               avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                                                                                                                 aswMonFlt Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                                                                                     320700
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                                                                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                                                                                                                  aswRdr
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                                                                                                        PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                                                                                                              tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                                                                                                                  avast! WFP Redirect driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                                                                                                                    \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                                                                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                                                                                                nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                                                                                                       0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                                                                                                                 aswRvrt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                                                                                                                 avast! Revert
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                                                                                                      3
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                                                                                                      5832
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                                                                                                       \Device\Harddisk0\Partition3\Windows
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                                                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                                                                                                         2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                                                                                                                  aswSnx
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                                                                                                                        FSFilter Virtualization
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                                                                                                              FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                                                                                                                  avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                                                                                                                          2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                                                                                                                    aswSnx Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                                                                                           137600
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                                                                                              0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                                                                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                                                                                                                     \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                                                                                                                        \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                                                                                                                          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                                                                                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                                                                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                                                                                                                   aswSP
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                                                                                                                   avast! Self Protection
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                                                                                                                      \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                                                                                                                         \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                                                                                                                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                                                                                                                 \DosDevices\C:\Program Files
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                                                                                                                       \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                                                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                                                                                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                                                                                                                  avast! Network Shield Support
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                                                                                                                        PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                                                                                                              tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                                                                                                                  avast! Network Shield TDI driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                                                                                                                          11
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                                                                                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                                                                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                                                                                                                  aswVmm
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                                                                                                                  avast! VM Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                                                                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                                                                                                               32
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                                                                                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                                                                                                                       1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                                                                                                                          "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                                                                                                                        avast! Antivirus
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                                                                                                              ShellSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                                                                                                                    aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                                                                                                                         LocalSystem
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                                                                                                                        Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                                                                                                                     1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                                                                                                           10632
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                                                                                                           2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                                                                                                                          2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                                                                                                                    aswFsBlk
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                                                                                                                          FSFilter Activity Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                                                                                                                FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                                                                                                                    avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                                                                                                            2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                                                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                                                                                                                      aswFsBlk Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                                                                                           388400
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                                                                                              0
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                                                                                                                          2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                                                                                                                         2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                                                                                                                     \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                                                                                                                   aswMonFlt
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                                                                                                                         FSFilter Anti-Virus
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                                                                                                               FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                                                                                                                   avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                                                                                                            
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                                                                                                                     aswMonFlt Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                                                                                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                                                                                         320700
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                                                                                            0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                                                                                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                                                                                                                     1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                                                                                                                      aswRdr
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                                                                                                            PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                                                                                                                  tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                                                                                                                      avast! WFP Redirect driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                                                                                                                        \SystemRoot\System32\Drivers\aswrdr2.sys



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 25 June 2013 - 10:13 AM

There´s something wrong with the posting - please attach the log files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 oxygenleaves

oxygenleaves
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 25 June 2013 - 11:09 AM

Hi,

 

I can't get online using my computer. Everytime I click on Explorer now, it says Internet Explorer has stopped working. The message keeps popping up now even if I don't click on Explorer. I have copied the logs from my computer and tried to attach to this message.Attached File  Addition.txt   24.37KB   3 downloadsAttached File  ark.txt   54.65KB   1 downloadsAttached File  FRST.txt   32.42KB   1 downloads



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 25 June 2013 - 11:54 AM

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} -  No File
    URLSearchHook: (No Name) - {a060276a-53be-45ec-8ebe-b94b1e803179} -  No File
    SearchScopes: HKCU - {AC847E68-AF13-44A6-B354-52B45A1BE218} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263
    BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
    BHO-x32: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
    Toolbar: HKCU - No Name - {A060276A-53BE-45EC-8EBE-B94B1E803179} -  No File
    
    C:\Program Files (x86)\Expat Shield\HssIE
    C:\Program Files (x86)\uTorrentControl2
    C:\IORRT
     
    127.0.0.1 anchorfree.net
    127.0.0.1 rss2search.com
    127.0.0.1 techbrowsing.com
    127.0.0.1 box.anchorfree.net
    127.0.0.2 www.mefeedia.com
    127.0.0.3 www.anchorfree.net
     
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 oxygenleaves

oxygenleaves
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 25 June 2013 - 12:09 PM

I am sorry. I am confused. I saved the fixlist.txt on my flashdrive. But when I run FRST.exe and then click on the FIX button it says " No fixlist.txt found. The fixlist should be made and saved in the same directory the tool is located."

 

By the way, I have downloaded Google Chrome, so I can access the Internet on the computer at the moment



#11 oxygenleaves

oxygenleaves
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 25 June 2013 - 12:15 PM

Okay... I think I managed to do it. I have attached the fixlog.

Attached Files



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 25 June 2013 - 12:19 PM

are you still facing the internet explorer issue?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 oxygenleaves

oxygenleaves
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 25 June 2013 - 12:25 PM

yes. I can't close the box. Every time I close the box it comes back after a few seconds.

 

The pop up box says:

 

Internet Explorer has stopped working.

 

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 25 June 2013 - 12:42 PM

System File Check

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"
  • Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 oxygenleaves

oxygenleaves
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 25 June 2013 - 12:59 PM

After the scan it said: Windows Resource Protection did not find any integrity violations.

 

Shall I do a reboot yet?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users