Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Police Central e-crime Unit Ransomware


  • This topic is locked This topic is locked
7 replies to this topic

#1 jamespev

jamespev

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 05 September 2013 - 05:20 AM

Morning

 

I woke up today to find my pc with some nasty ransomware on. Unlike must ive encountered this will not let me start up in safe mode with or without networking or even in cmd. Can someone help me out as it looks like this sites very good for fixing the problem.

 

The PC is running Windows 7 (64 bit)



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 05 September 2013 - 06:14 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 jamespev

jamespev
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 05 September 2013 - 06:29 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by Peverley (administrator) on PEVERLEY-PC on 05-09-2013 12:20:38
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode:

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [x]
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [x]
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: J - J:\Autorun.exe
MountPoints2: {27263380-5d73-11e0-be9a-001f16fceb48} - J:\DPFMate.exe
MountPoints2: {3e044bd8-bdf1-11e2-8fad-001f16fceb48} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {3f65da0e-9667-11e0-b1fa-001f16fceb48} - G:\Startme.exe
MountPoints2: {61075326-ba8e-11df-81e7-001f16fceb48} - I:\Autorun.exe
MountPoints2: {fba15f7f-6413-11e0-aa7b-001f16fceb48} - J:\Startme.exe
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [AVG9_TRAY] - C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [x]
HKU\UpdatusUser\...\Run: [BitTorrent] - "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED [x]
HKU\UpdatusUser\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\UpdatusUser\...\Run: [Video Library] - C:\Windows\system32\rundll32.exe C:\Users\Peverley\AppData\Local\Temp\Rpcqt.dll,Sets [x] <===== ATTENTION
HKU\UpdatusUser\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent [x]
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs: avgrssta.dll [13048 2010-06-22] (AVG Technologies CZ, s.r.o.)
Startup: C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2oofbnr.lnk
ShortcutTarget: 2oofbnr.lnk -> C:\PROGRA~3\rnbfoo2.plz ()
Startup: C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Peverley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=25898b7e-2e75-49cd-944c-85ce37d662fd&searchtype=ds&q={searchTerms}&installDate=26/02/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=25898b7e-2e75-49cd-944c-85ce37d662fd&searchtype=ds&q={searchTerms}&installDate=26/02/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
SearchScopes: HKLM-x32 - DefaultScope {F47507B3-F134-45F0-88CF-1942324CF84C} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=25898b7e-2e75-49cd-944c-85ce37d662fd&searchtype=ds&q={searchTerms}&installDate=26/02/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Peverley\AppData\Roaming\Mozilla\Firefox\Profiles\x6nlwzql.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN24993297658795269&UM=2&sspv=SP_CHNSP08
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN24993297658795269&UM=2&sspv=SP_CHNSP08"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.14.370.25_0\plugins/ConduitChromeApiPlugin.dll (Conduit)
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.14.370.25_0\plugins/np-cwmp.dll (Conduit)
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.14.370.25_0\plugins/ChromeApproveTBPlugin.dll (Conduit)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (entrusted) - C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.14.370.25_0
CHR Extension: (BitTorrentBar) - C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.7.1_0
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Peverley\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Peverley\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Peverley\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx

==================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-06-22] (AVG Technologies CZ, s.r.o.)
R2 avgfws9; C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2331544 2010-11-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5897808 2010-06-22] (AVG Technologies CZ, s.r.o.)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [111680 2012-08-31] (VoiceFive, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2011-11-07] (Trusteer Ltd.)
S2 Winmgmt; C:\PROGRA~3\2oofbnr.pzz [64604 2013-09-05] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\2oofbnr.pzz [64604 2013-09-05] (Microsoft Corporation)
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
S4 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29976 2010-01-02] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriverw7a; C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2010-06-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSDriverw7a; C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2010-06-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSErHrw7a; C:\Windows\System32\Drivers\AVGIDSwa.sys [27216 2010-06-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilterw7a; C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2010-06-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilterw7a; C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2010-06-22] (AVG Technologies CZ, s.r.o. )
R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-17] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-15] (AVG Technologies CZ, s.r.o.)
R0 AvgRkx64; C:\Windows\System32\Drivers\avgrkx64.sys [56008 2010-03-04] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-06] (AVG Technologies CZ, s.r.o.)
S3 ck3pro; C:\Windows\System32\DRIVERS\ck3pro64.sys [97280 2010-07-14] (XECUTER)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
S1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
S1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-11-07] (Trusteer Ltd.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-11-07] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2011-11-07] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-11-07] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-11-07] (Trusteer Ltd.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-13] (Duplex Secure Ltd.)
S1 ASPI32; No ImagePath
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-05 10:05 - 2013-09-05 12:18 - 00000336 _____ C:\Windows\setupact.log
2013-09-05 10:05 - 2013-09-05 10:05 - 00000000 _____ C:\Windows\setuperr.log
2013-09-05 10:02 - 2013-09-05 12:09 - 95025368 ____T C:\ProgramData\2oofbnr.pff
2013-09-05 10:02 - 2013-09-05 12:05 - 00000000 _____ C:\ProgramData\2oofbnr.ctrl
2013-09-05 10:02 - 2013-09-05 10:02 - 00165888 _____ C:\ProgramData\rnbfoo2.plz
2013-09-05 10:02 - 2013-09-05 10:02 - 00064604 ____T (Microsoft Corporation) C:\ProgramData\2oofbnr.pzz
2013-09-02 20:40 - 2013-09-02 20:40 - 00157573 _____ C:\Users\Peverley\Downloads\Dead.or.Alive.5.Ultimate.XBOX360-COMPLEX.torrent
2013-09-01 10:01 - 2013-09-01 10:01 - 00332800 _____ C:\Users\Peverley\Downloads\STAR TREK; INTO DARKNESS (2013) 1080p BRRip [MKV  8ch Dolby TrueHD][RoB].torrent
2013-08-29 09:08 - 2013-08-29 09:08 - 00073478 _____ C:\Users\Peverley\Downloads\29_05_2013
2013-08-28 13:01 - 2013-08-28 13:01 - 00512415 _____ C:\Users\Peverley\Downloads\Skate_3_RF_XBOX360-CCCLX.torrent
2013-08-28 11:42 - 2013-08-28 11:42 - 00021437 _____ C:\Users\Peverley\Downloads\[NO RAR] Rayman Collection-XBOX 360-D0G.torrent
2013-08-21 17:20 - 2013-08-21 17:20 - 00136727 _____ C:\Users\Peverley\Downloads\Disney.Infinity.XBOX360-iMARS.torrent
2013-08-20 10:41 - 2013-08-20 10:41 - 00157311 _____ C:\Users\Peverley\Downloads\Saints.Row.IV.XBOX360-iMARS.torrent
2013-08-17 11:53 - 2013-09-05 12:05 - 00000000 ___RD C:\Users\Peverley\Dropbox
2013-08-17 11:53 - 2013-08-17 11:53 - 00001049 _____ C:\Users\Peverley\Desktop\Dropbox.lnk
2013-08-17 11:51 - 2013-08-17 11:51 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-17 11:49 - 2013-08-17 11:49 - 00002035 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-08-17 11:49 - 2013-08-17 11:49 - 00000000 ____D C:\Users\Peverley\.android
2013-08-17 11:47 - 2013-09-05 12:05 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Dropbox
2013-08-15 19:13 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 19:13 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 19:13 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 19:13 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 19:13 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 19:13 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 19:13 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 19:13 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 19:13 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 19:13 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 19:13 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 19:13 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 19:13 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 19:13 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 19:13 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 19:13 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 19:13 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 19:13 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 19:13 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 19:13 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 19:13 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 19:13 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 18:06 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 18:06 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 18:06 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 18:06 - 2013-07-09 06:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 18:06 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 18:06 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 18:06 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 18:06 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 18:06 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 18:06 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:05 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 18:05 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 18:05 - 2013-07-09 07:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:05 - 2013-07-09 06:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:05 - 2013-07-09 06:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:05 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 18:05 - 2013-07-09 06:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:05 - 2013-07-09 06:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:05 - 2013-07-09 05:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:05 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 18:05 - 2013-07-09 05:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:05 - 2013-07-09 03:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:05 - 2013-07-09 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:05 - 2013-07-09 03:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:05 - 2013-07-09 03:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:05 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 18:04 - 2013-07-06 07:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-07 03:08 - 2013-08-15 19:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-06 12:53 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-06 12:53 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-06 12:53 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-06 12:53 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-06 05:33 - 2013-09-02 21:00 - 00210432 _____ C:\Users\Peverley\Desktop\Shift Plan.xls

==================== One Month Modified Files and Folders =======

2013-09-05 12:21 - 2010-01-02 20:03 - 00000000 ____D C:\Windows\system32\Drivers\Avg
2013-09-05 12:20 - 2013-09-05 12:20 - 00000000 ____D C:\FRST
2013-09-05 12:19 - 2013-05-16 16:35 - 00000000 ____D C:\Users\Peverley\AppData\Local\HTC MediaHub
2013-09-05 12:19 - 2013-02-26 22:29 - 00000424 _____ C:\Windows\SysWOW64\OSSService.log
2013-09-05 12:19 - 2012-09-12 10:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 12:18 - 2013-09-05 10:05 - 00000336 _____ C:\Windows\setupact.log
2013-09-05 12:18 - 2010-01-01 12:53 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-05 12:09 - 2013-09-05 10:02 - 95025368 ____T C:\ProgramData\2oofbnr.pff
2013-09-05 12:09 - 2010-01-01 12:52 - 01802939 _____ C:\Windows\WindowsUpdate.log
2013-09-05 12:05 - 2013-09-05 10:02 - 00000000 _____ C:\ProgramData\2oofbnr.ctrl
2013-09-05 12:05 - 2013-08-17 11:53 - 00000000 ___RD C:\Users\Peverley\Dropbox
2013-09-05 12:05 - 2013-08-17 11:47 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Dropbox
2013-09-05 11:45 - 2012-09-12 10:10 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 11:43 - 2012-04-04 19:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 11:25 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 11:25 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 10:15 - 2010-01-01 21:24 - 00000000 ____D C:\Users\Peverley
2013-09-05 10:05 - 2013-09-05 10:05 - 00000000 _____ C:\Windows\setuperr.log
2013-09-05 10:02 - 2013-09-05 10:02 - 00165888 _____ C:\ProgramData\rnbfoo2.plz
2013-09-05 10:02 - 2013-09-05 10:02 - 00064604 ____T (Microsoft Corporation) C:\ProgramData\2oofbnr.pzz
2013-09-05 10:02 - 2010-01-01 21:27 - 00000000 ___RD C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-04 21:49 - 2012-09-12 10:11 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-04 21:01 - 2013-02-06 17:29 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Skype
2013-09-04 20:56 - 2009-07-14 06:13 - 00006450 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 21:00 - 2013-08-06 05:33 - 00210432 _____ C:\Users\Peverley\Desktop\Shift Plan.xls
2013-09-02 20:40 - 2013-09-02 20:40 - 00157573 _____ C:\Users\Peverley\Downloads\Dead.or.Alive.5.Ultimate.XBOX360-COMPLEX.torrent
2013-09-01 10:01 - 2013-09-01 10:01 - 00332800 _____ C:\Users\Peverley\Downloads\STAR TREK; INTO DARKNESS (2013) 1080p BRRip [MKV  8ch Dolby TrueHD][RoB].torrent
2013-08-29 10:18 - 2010-01-02 18:30 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\abgx360
2013-08-29 09:08 - 2013-08-29 09:08 - 00073478 _____ C:\Users\Peverley\Downloads\29_05_2013
2013-08-28 13:01 - 2013-08-28 13:01 - 00512415 _____ C:\Users\Peverley\Downloads\Skate_3_RF_XBOX360-CCCLX.torrent
2013-08-28 11:42 - 2013-08-28 11:42 - 00021437 _____ C:\Users\Peverley\Downloads\[NO RAR] Rayman Collection-XBOX 360-D0G.torrent
2013-08-27 18:34 - 2013-03-06 10:54 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-27 18:29 - 2010-01-02 20:03 - 00000000 ____D C:\ProgramData\avg9
2013-08-26 15:24 - 2009-07-14 05:45 - 03028192 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-21 21:41 - 2011-10-24 10:37 - 00000000 ____D C:\Users\Peverley\Desktop\CVs and Cover Letters
2013-08-21 17:20 - 2013-08-21 17:20 - 00136727 _____ C:\Users\Peverley\Downloads\Disney.Infinity.XBOX360-iMARS.torrent
2013-08-21 17:19 - 2012-11-13 20:43 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\uTorrent
2013-08-21 02:43 - 2012-04-04 19:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 02:43 - 2012-04-04 19:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 02:43 - 2011-08-09 15:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 10:41 - 2013-08-20 10:41 - 00157311 _____ C:\Users\Peverley\Downloads\Saints.Row.IV.XBOX360-iMARS.torrent
2013-08-17 11:53 - 2013-08-17 11:53 - 00001049 _____ C:\Users\Peverley\Desktop\Dropbox.lnk
2013-08-17 11:51 - 2013-08-17 11:51 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-17 11:49 - 2013-08-17 11:49 - 00002035 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-08-17 11:49 - 2013-08-17 11:49 - 00000000 ____D C:\Users\Peverley\.android
2013-08-17 11:49 - 2010-01-01 21:24 - 00111288 _____ C:\Users\Peverley\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-17 11:45 - 2011-04-11 09:30 - 00000000 ____D C:\Users\Peverley\AppData\Local\Downloaded Installations
2013-08-16 20:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 19:13 - 2009-08-14 19:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 19:07 - 2013-08-07 03:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 19:04 - 2010-01-02 21:34 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-07 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-06 12:43 - 2010-01-01 21:27 - 00001421 _____ C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-06 12:40 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-06 12:40 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-06 12:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-06 12:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-06 12:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-06 12:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-06 12:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\Users\Peverley\vlc-1.1.4-win32.exe
C:\Users\Peverley\AppData\Local\Temp\kyssgkaxwnxgarbfunb.bfg
C:\Users\Peverley\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-01 12:09

==================== End Of Log ============================



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 05 September 2013 - 07:04 AM

You should stop downloading pirated movies or software... :nono:

 

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKU\UpdatusUser\...\Run: [Video Library] - C:\Windows\system32\rundll32.exe C:\Users\Peverley\AppData\Local\Temp\Rpcqt.dll,Sets [x] <===== ATTENTION
    Startup: C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2oofbnr.lnk
    ShortcutTarget: 2oofbnr.lnk -> C:\PROGRA~3\rnbfoo2.plz ()
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=25898b7e-2e75-49cd-944c-85ce37d662fd&searchtype=ds&q={searchTerms}&installDate=26/02/2013
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=25898b7e-2e75-49cd-944c-85ce37d662fd&searchtype=ds&q={searchTerms}&installDate=26/02/2013
    SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=25898b7e-2e75-49cd-944c-85ce37d662fd&searchtype=ds&q={searchTerms}&installDate=26/02/2013
    SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
    Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
    Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
    Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
    Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
    Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
    S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [111680 2012-08-31] (VoiceFive, Inc.)
    S2 Winmgmt; C:\PROGRA~3\2oofbnr.pzz [64604 2013-09-05] (Microsoft Corporation)
    S2 Winmgmt; C:\PROGRA~3\2oofbnr.pzz [64604 2013-09-05] (Microsoft Corporation)
    
    C:\Users\Peverley\AppData\Local\Temp\Rpcqt.dll
    C:\Program Files (x86)\PremierOpinion
    C:\ProgramData\2oofbnr.pff
    C:\ProgramData\2oofbnr.ctrl
    C:\ProgramData\rnbfoo2.plz
    C:\ProgramData\2oofbnr.pzz
    C:\Users\Peverley\vlc-1.1.4-win32.exe
    C:\Users\Peverley\AppData\Local\Temp\kyssgkaxwnxgarbfunb.bfg
    C:\Users\Peverley\AppData\Local\Temp\SkypeSetup.exe
     
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Boot into windows now.

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 jamespev

jamespev
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 05 September 2013 - 07:15 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2013
Ran by Peverley at 2013-09-05 13:10:26 Run:1
Running from F:\
Boot Mode:
==============================================

Content of fixlist:
*****************
HKU\UpdatusUser\...\Run: [Video Library] - C:\Windows\system32\rundll32.exe C:\Users\Peverley\AppData\Local\Temp\Rpcqt.dll,Sets [x] <===== ATTENTION
Startup: C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2oofbnr.lnk
ShortcutTarget: 2oofbnr.lnk -> C:\PROGRA~3\rnbfoo2.plz ()
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=25898b7e-2e75-49cd-944c-85ce37d662fd&searchtype=ds&q={searchTerms}&installDate=26/02/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=25898b7e-2e75-49cd-944c-85ce37d662fd&searchtype=ds&q={searchTerms}&installDate=26/02/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=25898b7e-2e75-49cd-944c-85ce37d662fd&searchtype=ds&q={searchTerms}&installDate=26/02/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [111680 2012-08-31] (VoiceFive, Inc.)
S2 Winmgmt; C:\PROGRA~3\2oofbnr.pzz [64604 2013-09-05] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\2oofbnr.pzz [64604 2013-09-05] (Microsoft Corporation)

C:\Users\Peverley\AppData\Local\Temp\Rpcqt.dll
C:\Program Files (x86)\PremierOpinion
C:\ProgramData\2oofbnr.pff
C:\ProgramData\2oofbnr.ctrl
C:\ProgramData\rnbfoo2.plz
C:\ProgramData\2oofbnr.pzz
C:\Users\Peverley\vlc-1.1.4-win32.exe
C:\Users\Peverley\AppData\Local\Temp\kyssgkaxwnxgarbfunb.bfg
C:\Users\Peverley\AppData\Local\Temp\SkypeSetup.exe

*****************

HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\Video Library => Value deleted successfully.
C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2oofbnr.lnk => Moved successfully.
C:\PROGRA~3\rnbfoo2.plz => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} => Value deleted successfully.
HKCR\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} => Value deleted successfully.
HKCR\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Value deleted successfully.
HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Value deleted successfully.
HKCR\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Key not found.
PremierOpinion => Service deleted successfully.
Winmgmt => Service restored successfully.
Winmgmt => Service restored successfully.
"C:\Users\Peverley\AppData\Local\Temp\Rpcqt.dll" => File/Directory not found.
C:\Program Files (x86)\PremierOpinion => Moved successfully.
C:\ProgramData\2oofbnr.pff => Moved successfully.
C:\ProgramData\2oofbnr.ctrl => Moved successfully.
"C:\ProgramData\rnbfoo2.plz" => File/Directory not found.
C:\ProgramData\2oofbnr.pzz => Moved successfully.
C:\Users\Peverley\vlc-1.1.4-win32.exe => Moved successfully.

 

 

but I got an error

 

line 15749 (file "F:\FRST64.exe"):

error: subscript used with non-array variables

 

 

ill try to restart the computer now



#6 jamespev

jamespev
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 05 September 2013 - 07:22 AM

computer has started up ok, is there any other scans or things I need to do now?



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 05 September 2013 - 08:14 AM

Read and follow the rest of my instructions, please.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 12 September 2013 - 03:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users