Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with PUM.UserWLoad and my DDS doesn't generate a log.


  • This topic is locked This topic is locked
25 replies to this topic

#1 Donnerschlag

Donnerschlag

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:09 PM

Posted 22 September 2013 - 08:50 AM

I'm having a problem on removing the malware PUM.UserWLoad. I scanned my laptop yesterday using MBAM (Free) in normal mode and no infections were found but when I booted in safe mode and scanned again, 65 infections came out including PUM.UserWLoad. I scanned again 4x today to ensure my laptop's clean and the only malware left was the PUM.UserWLoad and still persist until the following scans. I tried searching for solutions on google today and I checked on this site. There are lots of guidelines on how to deal with this malware but i'm scared that I might damage the system instead of fixing it. Lurking here the whole afternoon for solutions, I decided to post my problem since i'm kinda sensitive when it comes to my gadgets. Moments ago, I read about the preparation guide on posting before malware removal and downloaded DDS. I executed it and it ran properly but no log was generated after the scan. Added DDS to exceptions on my antivirus and antimalware but still no log generated. By the way, this is the MBAM results of the malware infection: 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.19.01
 
Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Krr & Brr :: DONNERSCHLAG [administrator]
 
9/22/2013 5:08:47 PM
mbam-log-2013-09-22 (17-08-47).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280455
Time elapsed: 10 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\KRR&BR~1\LOCALS~1\Temp\msahgbniz.exe -> Delete on reboot.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Hope you could help me with my problem. Thank you very much!~

Edited by Donnerschlag, 22 September 2013 - 08:52 AM.


BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:09 AM

Posted 22 September 2013 - 03:45 PM

Hi Donnerschlag and Welcome to BleepingComputers.

I am looking into the problem and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:09 AM

Posted 22 September 2013 - 04:01 PM

Hello Donnerschlag

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Step 1

Please Download Farbar Recovery Scan Tool.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Edited by seedy21, 22 September 2013 - 04:29 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 Donnerschlag

Donnerschlag
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:09 PM

Posted 22 September 2013 - 09:55 PM

Hi seedy21, good day!~

Btw, these are the scans logs for FRST.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by Krr & Brr (administrator) on DONNERSCHLAG on 23-09-2013 10:49:44
Running from C:\Users\Krr & Brr\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
() C:\Program Files\INet\BackgroundService\ServiceManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\system32\SupportAppXL\cdrom_mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Windows\system32\ChgService.exe
() C:\ProgramData\DatacardService\DCService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Windows\PLFSetI.exe
(Yahoo! Inc) C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
() C:\Program Files\INet\BackgroundService\ModemListener.exe
() C:\Program Files\Garena Plus\GarenaMessenger.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Alcatel Limo ModemListener] - C:\Program Files\INet\BackgroundService\ModemListener.exe [125504 2012-03-23] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKCU\...\Run: [GarenaPlus] - C:\Program Files\Garena Plus\GarenaMessenger.exe [9846576 2013-09-05] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\KRR&BR~1\LOCALS~1\Temp\msahgbniz.exe <===== ATTENTION
MountPoints2: E - E:\autorun.exe
MountPoints2: F - F:\autorun.exe
MountPoints2: {ac5132b4-958a-11e2-af37-1c7508bba698} - E:\autorun.exe
HKU\Donnerschlag\...\Run: [GarenaPlus] - C:\Program Files\Garena Plus\GarenaMessenger.exe [ 2013-09-05] ()
HKU\Donnerschlag\...\Policies\system: [LogonHoursAction] 2
HKU\Donnerschlag\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Run: [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe"
Startup: C:\Users\aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.b1.org/?bsrc=hmior&chid=c162341
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1269415
SearchScopes: HKCU - DefaultScope {899C5ACD-9224-4220-B7C1-ACCFB5A88EA9} URL = http://www.bing.com/search?q={searchTerms}&r=894
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6C550BE5-EE90-4DCA-94E0-4264DCBF7F16} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKCU - {899C5ACD-9224-4220-B7C1-ACCFB5A88EA9} URL = http://www.bing.com/search?q={searchTerms}&r=894
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: P2PRocket Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\P2P Rocket\RazaWebHook32.dll (P2procket)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - YouTube Free Downloader Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\YouTube Free Downloader Toolbar\tbcore3.dll ()
Toolbar: HKLM -  No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKCU - No Name - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1111E6F4-1F88-4230-AE80-166AE62DD696}: [NameServer]202.138.128.50 202.138.128.54
Tcpip\..\Interfaces\{2D19BDD1-E137-413B-8DEF-D3EB679FA809}: [NameServer]202.138.128.50 202.138.128.54
Tcpip\..\Interfaces\{E51A4B10-05A4-4868-B9DE-9806BC5284BC}: [NameServer]202.138.128.50 202.138.128.54
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com.ph/
CHR RestoreOnStartup: "hxxp://tumblr.com/dashboard", "hxxp://facebook.com/"
CHR Extension: (Google Docs) - C:\Users\KRR&BR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\KRR&BR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\KRR&BR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.0.17_0
CHR Extension: (YouTube) - C:\Users\KRR&BR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\KRR&BR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\KRR&BR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\KRR&BR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [amhlacfinnaffmhfohbpecabbjfhkdji] - C:\Users\aspire\AppData\Local\Temp\amhlacfinnaffmhfohbpecabbjfhkdji.crx
CHR HKLM\...\Chrome\Extension: [hahpjplbmicfkmoccokbjejahjjpnena] - C:\Users\aspire\AppData\Local\B1E\B1Tool.crx
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn11.crx
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files\TornTV.com\torn2_10.crx
 
========================== Services (Whitelisted) =================
 
R2 Alcatel Limo Modem Device Helper; C:\Program Files\INet\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 Autorun CDROM Monitor; C:\Windows\system32\SupportAppXL\cdrom_mon.exe [81920 2008-11-25] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 Change Modem Device Service; C:\Windows\system32\ChgService.exe [135168 2010-02-04] ()
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [118272 2011-06-20] (TCT International Mobile Ltd)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2010-01-20] (QUALCOMM Incorporated)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2011-05-16] (ENE Technology Inc.)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [106112 2011-06-20] (TCT International Mobile Ltd)
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-23 10:46 - 2013-09-23 10:46 - 00000000 ___DC C:\FRST
2013-09-23 10:42 - 2013-09-23 10:42 - 01088367 _____ (Farbar) C:\Users\Krr & Brr\Desktop\FRST.exe
2013-09-22 16:46 - 2013-09-22 16:46 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\Garena
2013-09-22 16:43 - 2013-09-23 10:30 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\GarenaPlus
2013-09-22 15:04 - 2013-09-22 20:57 - 00000690 _____ C:\Users\Donnerschlag\Desktop\bluescreen error.txt
2013-09-22 15:01 - 2013-09-22 15:01 - 00151672 _____ C:\Windows\Minidump\092213-20826-01.dmp
2013-09-22 00:32 - 2013-09-22 00:32 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-21 21:19 - 2013-09-21 21:19 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\Malwarebytes
2013-09-21 20:25 - 2013-09-21 22:40 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\vlc
2013-09-21 20:24 - 2013-09-21 20:24 - 00000635 _____ C:\Users\Donnerschlag\Desktop\Movies.lnk
2013-09-21 11:23 - 2013-09-22 20:51 - 00000898 _____ C:\Users\Donnerschlag\Desktop\AVG 2013.lnk
2013-09-21 11:23 - 2013-09-21 11:23 - 00001526 _____ C:\Users\Donnerschlag\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-21 11:22 - 2013-09-21 11:22 - 00001039 _____ C:\Users\Donnerschlag\Desktop\Garena Plus.lnk
2013-09-21 11:22 - 2013-09-21 11:22 - 00000983 _____ C:\Users\Donnerschlag\Desktop\Celestia.lnk
2013-09-21 11:22 - 2013-09-21 11:22 - 00000945 _____ C:\Users\Donnerschlag\Desktop\o2Mania.lnk
2013-09-21 11:22 - 2013-09-21 11:22 - 00000897 _____ C:\Users\Donnerschlag\Desktop\StarCraft Broadwars.lnk
2013-09-21 10:54 - 2013-09-21 10:55 - 00205824 ____H C:\Users\Donnerschlag\Downloads\photothumb.db
2013-09-21 10:54 - 2013-09-21 10:55 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\PhotoScape
2013-09-21 10:54 - 2013-09-21 10:54 - 00109280 _____ C:\Users\Donnerschlag\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-21 10:54 - 2013-09-21 10:54 - 00001007 _____ C:\Users\Donnerschlag\Desktop\PhotoScape.lnk
2013-09-21 10:49 - 2013-08-28 00:41 - 34363645 _____ (Shatters Software                                           ) C:\Users\Donnerschlag\Downloads\celestia-win32-1.6.1.exe
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\yahoo!
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\AVG2013
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\Apple Computer
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Local\Avg2013
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Local\Apple Computer
2013-09-21 10:43 - 2013-09-21 10:43 - 00001413 _____ C:\Users\Donnerschlag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-21 10:42 - 2013-09-21 22:50 - 00000000 ____D C:\Users\Donnerschlag\AppData\Local\VirtualStore
2013-09-21 10:42 - 2013-09-21 11:33 - 00000000 ____D C:\Users\Donnerschlag\AppData\Local\Google
2013-09-21 10:42 - 2013-09-21 10:43 - 00000000 ____D C:\Users\Donnerschlag
2013-09-21 10:42 - 2013-09-21 10:42 - 00000918 __RSH C:\Users\Donnerschlag\ntuser.pol
2013-09-21 10:42 - 2013-09-21 10:42 - 00000020 ___SH C:\Users\Donnerschlag\ntuser.ini
2013-09-21 10:42 - 2012-02-04 14:39 - 00000000 ____D C:\Users\Donnerschlag\AppData\Local\Microsoft Help
2013-09-21 10:42 - 2009-07-13 20:42 - 00000000 ___RD C:\Users\Donnerschlag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-21 10:42 - 2009-07-13 20:37 - 00000000 ___RD C:\Users\Donnerschlag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-21 10:38 - 2013-09-21 10:38 - 00000632 __RSH C:\Users\Krr & Brr\ntuser.pol
2013-09-19 12:16 - 2013-09-19 20:49 - 00089094 _____ C:\Users\Krr & Brr\Desktop\avgrep.txt
2013-09-19 11:57 - 2013-09-19 11:57 - 00000000 ___DC C:\9c46c00dc7b562b9ec38b275c5
2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2013-09-05 01:43 - 2013-09-05 01:43 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2013-08-28 00:44 - 2013-08-28 00:44 - 00000965 _____ C:\Users\Krr & Brr\Desktop\Celestia.lnk
2013-08-28 00:43 - 2013-08-28 00:44 - 00000000 ____D C:\Program Files\Celestia
2013-08-28 00:34 - 2013-08-28 00:41 - 34363645 _____ (Shatters Software                                           ) C:\Users\Krr & Brr\Downloads\celestia-win32-1.6.1.exe
2013-08-27 20:37 - 2013-09-19 14:28 - 00014986 _____ C:\Windows\PFRO.log
 
==================== One Month Modified Files and Folders =======
 
2013-09-23 10:50 - 2013-02-02 15:51 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-09-23 10:49 - 2013-04-23 19:46 - 00000000 ____D C:\Users\Krr & Brr\AppData\Roaming\GarenaPlus
2013-09-23 10:46 - 2013-09-23 10:46 - 00000000 ___DC C:\FRST
2013-09-23 10:45 - 2012-03-10 00:27 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-23 10:45 - 2011-03-03 13:55 - 01660213 _____ C:\Windows\WindowsUpdate.log
2013-09-23 10:42 - 2013-09-23 10:42 - 01088367 _____ (Farbar) C:\Users\Krr & Brr\Desktop\FRST.exe
2013-09-23 10:39 - 2012-03-11 02:57 - 00000000 ____D C:\ProgramData\MFAData
2013-09-23 10:32 - 2009-07-13 20:34 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 10:32 - 2009-07-13 20:34 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 10:31 - 2013-02-23 16:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-23 10:30 - 2013-09-22 16:43 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\GarenaPlus
2013-09-23 10:28 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\tracing
2013-09-23 10:24 - 2013-08-19 19:02 - 00006292 _____ C:\Windows\setupact.log
2013-09-23 10:24 - 2013-03-25 20:36 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-09-23 10:24 - 2012-03-11 03:44 - 00016384 _____ C:\Windows\system32\Ikeext.etl
2013-09-23 10:24 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 01:07 - 2012-03-10 00:27 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-23 01:05 - 2011-03-11 17:26 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000UA.job
2013-09-22 23:01 - 2011-10-02 11:16 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000UA.job
2013-09-22 20:57 - 2013-09-22 15:04 - 00000690 _____ C:\Users\Donnerschlag\Desktop\bluescreen error.txt
2013-09-22 20:51 - 2013-09-21 11:23 - 00000898 _____ C:\Users\Donnerschlag\Desktop\AVG 2013.lnk
2013-09-22 20:01 - 2011-10-02 11:16 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000Core.job
2013-09-22 18:05 - 2011-03-11 17:26 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000Core.job
2013-09-22 16:46 - 2013-09-22 16:46 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\Garena
2013-09-22 15:01 - 2013-09-22 15:01 - 00151672 _____ C:\Windows\Minidump\092213-20826-01.dmp
2013-09-22 15:01 - 2013-08-19 23:14 - 126081550 _____ C:\Windows\MEMORY.DMP
2013-09-22 15:01 - 2013-06-10 22:30 - 00000000 ____D C:\Windows\Minidump
2013-09-22 00:32 - 2013-09-22 00:32 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-21 22:53 - 2011-03-03 14:09 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 22:50 - 2013-09-21 10:42 - 00000000 ____D C:\Users\Donnerschlag\AppData\Local\VirtualStore
2013-09-21 22:40 - 2013-09-21 20:25 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\vlc
2013-09-21 21:19 - 2013-09-21 21:19 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\Malwarebytes
2013-09-21 20:24 - 2013-09-21 20:24 - 00000635 _____ C:\Users\Donnerschlag\Desktop\Movies.lnk
2013-09-21 11:33 - 2013-09-21 10:42 - 00000000 ____D C:\Users\Donnerschlag\AppData\Local\Google
2013-09-21 11:23 - 2013-09-21 11:23 - 00001526 _____ C:\Users\Donnerschlag\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-21 11:22 - 2013-09-21 11:22 - 00001039 _____ C:\Users\Donnerschlag\Desktop\Garena Plus.lnk
2013-09-21 11:22 - 2013-09-21 11:22 - 00000983 _____ C:\Users\Donnerschlag\Desktop\Celestia.lnk
2013-09-21 11:22 - 2013-09-21 11:22 - 00000945 _____ C:\Users\Donnerschlag\Desktop\o2Mania.lnk
2013-09-21 11:22 - 2013-09-21 11:22 - 00000897 _____ C:\Users\Donnerschlag\Desktop\StarCraft Broadwars.lnk
2013-09-21 10:55 - 2013-09-21 10:54 - 00205824 ____H C:\Users\Donnerschlag\Downloads\photothumb.db
2013-09-21 10:55 - 2013-09-21 10:54 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\PhotoScape
2013-09-21 10:54 - 2013-09-21 10:54 - 00109280 _____ C:\Users\Donnerschlag\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-21 10:54 - 2013-09-21 10:54 - 00001007 _____ C:\Users\Donnerschlag\Desktop\PhotoScape.lnk
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\yahoo!
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\AVG2013
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Roaming\Apple Computer
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Local\Avg2013
2013-09-21 10:44 - 2013-09-21 10:44 - 00000000 ____D C:\Users\Donnerschlag\AppData\Local\Apple Computer
2013-09-21 10:43 - 2013-09-21 10:43 - 00001413 _____ C:\Users\Donnerschlag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-21 10:43 - 2013-09-21 10:42 - 00000000 ____D C:\Users\Donnerschlag
2013-09-21 10:42 - 2013-09-21 10:42 - 00000918 __RSH C:\Users\Donnerschlag\ntuser.pol
2013-09-21 10:42 - 2013-09-21 10:42 - 00000020 ___SH C:\Users\Donnerschlag\ntuser.ini
2013-09-21 10:38 - 2013-09-21 10:38 - 00000632 __RSH C:\Users\Krr & Brr\ntuser.pol
2013-09-21 10:38 - 2013-02-13 14:23 - 00000000 ____D C:\Users\Krr & Brr
2013-09-21 10:38 - 2009-07-13 18:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-09-21 01:32 - 2013-02-23 16:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-21 01:32 - 2011-05-29 19:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 20:49 - 2013-09-19 12:16 - 00089094 _____ C:\Users\Krr & Brr\Desktop\avgrep.txt
2013-09-19 14:28 - 2013-08-27 20:37 - 00014986 _____ C:\Windows\PFRO.log
2013-09-19 14:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\security
2013-09-19 13:27 - 2013-08-05 00:51 - 00010240 ____H C:\Users\Krr & Brr\Desktop\photothumb.db
2013-09-19 13:27 - 2013-02-24 23:31 - 00000000 ____D C:\Users\Krr & Brr\AppData\Roaming\PhotoScape
2013-09-19 12:14 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\SchCache
2013-09-19 11:57 - 2013-09-19 11:57 - 00000000 ___DC C:\9c46c00dc7b562b9ec38b275c5
2013-09-14 02:13 - 2011-03-06 15:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 02:56 - 2013-08-07 02:12 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 02:50 - 2012-02-18 17:58 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 00:18 - 2013-04-30 00:59 - 00196608 ____H C:\Users\Krr & Brr\Downloads\photothumb.db
2013-09-10 01:34 - 2013-09-10 01:34 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2013-09-07 23:18 - 2013-02-02 15:51 - 00000000 ____D C:\Program Files\Garena Plus
2013-09-05 01:43 - 2013-09-05 01:43 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2013-09-05 00:26 - 2013-06-29 22:55 - 00002048 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-28 00:44 - 2013-08-28 00:44 - 00000965 _____ C:\Users\Krr & Brr\Desktop\Celestia.lnk
2013-08-28 00:44 - 2013-08-28 00:43 - 00000000 ____D C:\Program Files\Celestia
2013-08-28 00:41 - 2013-09-21 10:49 - 34363645 _____ (Shatters Software                                           ) C:\Users\Donnerschlag\Downloads\celestia-win32-1.6.1.exe
2013-08-28 00:41 - 2013-08-28 00:34 - 34363645 _____ (Shatters Software                                           ) C:\Users\Krr & Brr\Downloads\celestia-win32-1.6.1.exe
2013-08-26 23:28 - 2012-04-22 06:33 - 00000000 ____D C:\Users\aspire\AppData\Local\Conduit
2013-08-26 23:26 - 2011-05-04 11:40 - 00000000 ____D C:\Program Files\Google
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-01-04 13:49
 
==================== End Of Log ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-09-2013
Ran by Krr & Brr at 2013-09-23 10:57:11
Running from C:\Users\Krr & Brr\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acer Crystal Eye Webcam (Version: 5.3.26.1)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.35)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Network Adapter (Version: 5.100.249.2)
Celestia 1.6.1
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ENE USB Card Reader Driver (Version: 5.89.0.70)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
GameHouse Games Collection: Adventure Inlay - Safari Edition
GameHouse Games Collection: Air Strike 3D
GameHouse Games Collection: Alien Sky
GameHouse Games Collection: Aloha Solitaire
GameHouse Games Collection: Aloha TriPeaks
GameHouse Games Collection: Ancient Tri-Jong
GameHouse Games Collection: Ancient Tripeaks
GameHouse Games Collection: Astrobatics
GameHouse Games Collection: Atlantis
GameHouse Games Collection: Atomaders
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Bewitched
GameHouse Games Collection: Big Kahuna Reef
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Bounce Out Blitz
GameHouse Games Collection: Casino Island To Go
GameHouse Games Collection: Chainz
GameHouse Games Collection: Chainz 2 - Relinked
GameHouse Games Collection: Charm Solitaire
GameHouse Games Collection: Charm Tale
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Chuzzle Deluxe
GameHouse Games Collection: Collapse! Crunch
GameHouse Games Collection: Combo Chaos!
GameHouse Games Collection: Crystal Path
GameHouse Games Collection: Cubis Gold 2
GameHouse Games Collection: Digby's Donuts
GameHouse Games Collection: Diner Dash
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Fiber Twig
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Flying Leo
GameHouse Games Collection: Fortune Tiles Gold
GameHouse Games Collection: Fresco Wizard
GameHouse Games Collection: GameHouse Sudoku
GameHouse Games Collection: Gearz
GameHouse Games Collection: Granny in Paradise
GameHouse Games Collection: Gutterball
GameHouse Games Collection: Gutterball 2
GameHouse Games Collection: Hamsterball
GameHouse Games Collection: Hello!
GameHouse Games Collection: Holiday Express
GameHouse Games Collection: Iggle Pop!
GameHouse Games Collection: Incadia
GameHouse Games Collection: Incredible Ink
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Inspector Parker
GameHouse Games Collection: Invadazoid
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Lemonade Tycoon
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mad Caps
GameHouse Games Collection: Magic Ball 2
GameHouse Games Collection: Magic Ball 2 - New Worlds
GameHouse Games Collection: Magic Inlay
GameHouse Games Collection: Magic Vines
GameHouse Games Collection: Mah Jong Medley
GameHouse Games Collection: Mah Jong Quest
GameHouse Games Collection: Mahjong Garden To Go
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Phlinx To Go
GameHouse Games Collection: Pin High Country Club Golf
GameHouse Games Collection: Pizza Frenzy
GameHouse Games Collection: Platypus
GameHouse Games Collection: Poker Superstars
GameHouse Games Collection: Puzzle Express
GameHouse Games Collection: Puzzle Inlay
GameHouse Games Collection: Puzzle Solitaire
GameHouse Games Collection: QBz
GameHouse Games Collection: Ricochet
GameHouse Games Collection: Ricochet Lost Worlds
GameHouse Games Collection: Ricochet Lost Worlds - Recharged
GameHouse Games Collection: Roller Rush
GameHouse Games Collection: Saints & Sinners Bingo
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Spelvin
GameHouse Games Collection: Splash
GameHouse Games Collection: Spring Sprang Sprung
GameHouse Games Collection: Super 5-Line Slots
GameHouse Games Collection: Super Blackjack!
GameHouse Games Collection: Super Bounce Out!
GameHouse Games Collection: Super Candy Cruncher
GameHouse Games Collection: Super Collapse!
GameHouse Games Collection: Super Collapse! II
GameHouse Games Collection: Super Collapse! II Platinum
GameHouse Games Collection: Super Fruit Frolic
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
GameHouse Games Collection: Super Gem Drop
GameHouse Games Collection: Super Glinx!
GameHouse Games Collection: Super Letter Linker
GameHouse Games Collection: Super Mah Jong Solitaire
GameHouse Games Collection: Super Nisqually
GameHouse Games Collection: Super PileUp!
GameHouse Games Collection: Super Pool
GameHouse Games Collection: Super Pop & Drop!
GameHouse Games Collection: Super Rumble Cube
GameHouse Games Collection: Super SpongeBob Collapse!
GameHouse Games Collection: Super TextTwist
GameHouse Games Collection: Super WHATword
GameHouse Games Collection: Super Wild Wild Words
GameHouse Games Collection: Tap a Jam
GameHouse Games Collection: Ten Pin Championship Bowling Pro
GameHouse Games Collection: Tennis Titans
GameHouse Games Collection: Tradewinds 2
GameHouse Games Collection: Trivia Machine
GameHouse Games Collection: Tropical Swaps
GameHouse Games Collection: Tumblebugs
GameHouse Games Collection: Turtle Bay
GameHouse Games Collection: Twistingo
GameHouse Games Collection: Ultimate Dominoes
GameHouse Games Collection: Varmintz Deluxe
GameHouse Games Collection: Walls of Jericho, The
GameHouse Games Collection: Word Jolt
GameHouse Games Collection: Word Slinger
GameHouse Games Collection: WordJong To Go
GameHouse Games Collection: Zuma Deluxe
Garena Plus (Version: 2011)
Globe Broadband (Version: 11.300.05.01.158)
Google Chrome (Version: 29.0.1547.66)
Google Drive (Version: 1.11.4865.2530)
Google Earth Pro (Version: 5.1.3535.3218)
Google Update Helper (Version: 1.3.21.153)
INet
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2117)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.6.0)
P2P Rocket (Version: 2.7.0.0)
PhotoScape
Popcap Game Collection (Version: 1.00.0000)
Qtrax Player (Version: 01.001.0001)
QuickTime (Version: 7.74.80.86)
Safari (Version: 5.34.57.2)
Sandlot Games Client Services
Skype Toolbars (Version: 5.2.4160)
Skype™ 6.3 (Version: 6.3.105)
SMART BRO (Version: 1.0.0.0)
Smart Bro (Version: 11.300.05.03.238)
SmartBRO version 5.244
Sun Broadband Wireless (Version: 16.001.06.04.256)
swMSM (Version: 12.0.0.1)
Theme Manager v 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
VLC media player 1.1.11 (Version: 1.1.11)
Vuze (Version: 4.7)
WIDCOMM Bluetooth Software (Version: 6.3.0.5500)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Messenger
Yahoo! Toolbar
YouTube Free Downloader Toolbar
 
==================== Restore Points  =========================
 
23-09-2013 09:54:54 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {046CDCB3-C60B-4136-B698-735ABDB12AD8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {084EB6ED-61B5-46B3-B415-59233BAC38E5} - System32\Tasks\Hoolapp For Android => C:\Users\aspire\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE
Task: {1BBA4DB5-D3AB-498E-92A0-CFBAE26C9314} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {3B560809-2D5B-42AB-B6D8-0629D8C56B68} - System32\Tasks\{6EDCE312-AC8F-4D8F-A0EF-25D45A32F8D1} => C:\Program Files\SmartBRO\USB Modem.exe [2010-02-04] ()
Task: {490C4221-97A9-4666-BA1D-B263B7D1B5C0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000Core => C:\Users\aspire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11] (Google Inc.)
Task: {536EBE29-C9BF-4EDE-A2AA-E931E6816020} - System32\Tasks\{5A8D7993-9602-45B2-BAB8-11D2365867D5} => C:\Program Files\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {573BF84A-55C9-4C9D-A27D-93CA48ED478D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000UA => C:\Users\aspire\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-01] (Facebook Inc.)
Task: {606EC4B3-1E4C-403D-95F8-4F205E2DEC1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-10] (Google Inc.)
Task: {660F56B5-87AD-4CB3-98E0-172E418F97E7} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6837E8AC-93DF-4993-A45D-4CF6AB250265} - System32\Tasks\EPUpdater => C:\Users\aspire\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {748B8CBE-48AD-4B90-89C6-259D98424F3E} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {790B5E0B-F394-4759-BE68-4359CA1963B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {900D45AC-B346-4367-A006-6F3F193A1000} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-10] (Google Inc.)
Task: {98DCAE44-FE18-4CEF-99B8-02050E6E8EB3} - System32\Tasks\Hoolapp Init => C:\Users\aspire\AppData\Roaming\HOOLAP~1\Hoolapp.exe
Task: {A5FF90A6-37A3-459E-BF23-B25A7E4EF621} - System32\Tasks\User_Feed_Synchronization-{A2507110-6A60-473D-A43F-27B5B358D0EF} => C:\Windows\system32\msfeedssync.exe [2012-02-17] (Microsoft Corporation)
Task: {A8E073AC-FEDC-41EE-BAE2-33C60F1ED06B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000UA => C:\Users\aspire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11] (Google Inc.)
Task: {AB75CC1F-9B75-4D17-9A11-2FDCF32A13BF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2098024337-2399665789-239898311-1007
Task: {C1BF58D5-D25C-46E4-A9AA-1AA2259BB68B} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {C22E33F4-B9B6-42D5-BCA0-8B9676454450} - System32\Tasks\gg_uac_daemon_Krr & Brr => C:\Program Files\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {CB56B5AA-2D47-491E-A5BD-714509E82620} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated)
Task: {CB783067-1CB1-48DE-90B4-6AF7A09153BA} - System32\Tasks\gg_uac_daemon_aspire => C:\Program Files\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {F870B97D-38BA-4B28-BA9B-CC8F53CE407C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000Core => C:\Users\aspire\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-01] (Facebook Inc.)
Task: {FC29A40A-3FAA-4450-9710-0EC2B5DE84B7} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000Core.job => C:\Users\aspire\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000UA.job => C:\Users\aspire\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000Core.job => C:\Users\aspire\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000UA.job => C:\Users\aspire\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-13 16:07 - 2009-07-13 17:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2011-03-03 14:37 - 2010-04-18 16:52 - 00275968 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2010-05-21 13:42 - 2010-05-21 13:42 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-02-23 05:05 - 2009-02-23 05:05 - 00350960 _____ (Yahoo! Inc.) C:\Program Files\Yahoo!\Search Protection\fdload.dll
2012-02-22 00:52 - 2013-01-30 00:26 - 00104752 _____ () C:\Program Files\Garena Plus\CommonLib.dll
2012-10-31 03:22 - 2013-08-23 01:10 - 00553776 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2012-07-11 21:40 - 2013-02-07 01:11 - 00033584 _____ () C:\Program Files\Garena Plus\DibModule.dll
2012-11-05 18:35 - 2013-09-05 01:11 - 00027952 _____ () C:\Program Files\Garena Plus\VersionModule.dll
2012-08-13 01:09 - 2013-02-07 01:11 - 00051504 _____ () C:\Program Files\Garena Plus\FileLoader.dll
2012-07-26 23:41 - 2013-02-07 01:11 - 00087344 _____ () C:\Program Files\Garena Plus\PluginKernel.dll
2012-09-13 01:25 - 2013-03-06 18:10 - 00487216 _____ () C:\Program Files\Garena Plus\CxImage.dll
2012-10-19 00:58 - 2013-02-07 01:11 - 00025392 _____ () C:\Program Files\Garena Plus\PluginModule.dll
2012-07-26 22:59 - 2013-04-10 01:23 - 00170800 _____ () C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2012-10-19 00:58 - 2013-03-13 02:05 - 00374064 _____ () C:\Program Files\Garena Plus\lib\Http.dll
2012-02-22 00:52 - 2012-02-22 00:52 - 00178176 _____ () C:\Program Files\Garena Plus\lib\MP3Module.dll
2012-02-22 00:52 - 2012-02-22 00:52 - 00162304 _____ () C:\Program Files\Garena Plus\lame_enc.DLL
2012-02-22 00:52 - 2013-01-14 03:57 - 00219952 _____ () C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2012-09-12 22:19 - 2013-03-06 18:10 - 00106288 _____ () C:\Program Files\Garena Plus\lib\UILayout.dll
2012-11-01 01:36 - 2013-07-25 22:18 - 00957232 _____ () C:\Program Files\Garena Plus\lib\XLL.dll
2012-09-12 22:19 - 2012-09-12 22:19 - 00048640 _____ () C:\Program Files\Garena Plus\lib\XmlUIModule.dll
2012-02-22 00:52 - 2012-02-22 00:52 - 00573100 _____ () C:\Program Files\Garena Plus\sqlite3.dll
2012-10-30 02:20 - 2013-03-06 18:10 - 00224560 _____ () C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2012-11-01 02:21 - 2013-09-05 01:11 - 00868144 _____ () C:\Program Files\Garena Plus\Plugins\ggplugin.dll
2012-06-21 04:35 - 2013-02-07 01:11 - 00192816 _____ () C:\Program Files\Garena Plus\ImageModule.dll
2013-04-23 19:50 - 2013-04-10 01:22 - 00155440 _____ () C:\Program Files\Garena Plus\libmpg123.dll
2012-08-30 05:43 - 2013-01-30 00:26 - 02941232 _____ () C:\Program Files\Garena Plus\ggdownloader.dll
2012-04-12 19:12 - 2012-04-12 19:12 - 00059392 _____ () C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2012-07-26 22:59 - 2012-07-26 22:59 - 00010240 _____ () C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2012-11-06 18:58 - 2013-07-15 06:29 - 01545520 _____ () C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2012-08-03 00:31 - 2012-08-03 00:31 - 00228864 _____ (The cURL library, http://curl.haxx.se/) C:\Program Files\Garena Plus\libcurl.dll
2012-07-31 02:38 - 2013-01-31 21:42 - 00153088 _____ () C:\Program Files\Garena Plus\libzmq.dll
2012-08-30 02:49 - 2013-01-14 03:57 - 01092912 _____ () C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2012-05-14 18:11 - 2012-05-14 18:11 - 00190976 _____ (Garena Online Pte Ltd) C:\Program Files\Garena Plus\lib\delay_load\GaVoiceGroup.dll
2012-04-23 17:19 - 2012-04-23 17:19 - 00238592 _____ () C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2012-04-12 19:12 - 2012-04-12 19:12 - 00019968 _____ () C:\Program Files\Garena Plus\ServerMemAlloc.dll
2012-03-08 00:56 - 2012-03-08 00:56 - 00510464 _____ () C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2012-07-26 22:59 - 2012-07-26 22:59 - 00061952 _____ () C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2013-09-05 00:26 - 2013-09-02 12:35 - 00709584 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-05 00:26 - 2013-09-02 12:35 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-05 00:26 - 2013-09-02 12:35 - 04053456 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-05 00:26 - 2013-09-02 12:35 - 00410576 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-05 00:26 - 2013-09-02 12:35 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\aspire\Downloads:P2PRocket.GUID
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
Description: Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/23/2013 01:54:57 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2098024337-2399665789-239898311-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {27ddbc05-54dd-45b7-97c6-53e91fdcfbb5}
 
Error: (09/23/2013 00:15:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37846
 
Error: (09/23/2013 00:15:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37846
 
Error: (09/23/2013 00:15:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/23/2013 00:15:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36785
 
Error: (09/23/2013 00:15:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36785
 
Error: (09/23/2013 00:15:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/23/2013 00:15:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 35787
 
Error: (09/23/2013 00:15:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 35787
 
Error: (09/23/2013 00:15:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/23/2013 10:44:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
 
Error: (09/23/2013 10:27:43 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (09/23/2013 10:24:41 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (09/23/2013 01:58:18 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (09/23/2013 01:58:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 (KB976932).
 
Error: (09/23/2013 01:58:06 AM) (Source: Microsoft-Windows-Service Pack Installer) (User: NT AUTHORITY)
Description: Service Pack installation failed with error code 0x800f0829.
 
Error: (09/23/2013 01:58:06 AM) (Source: Microsoft-Windows-Service Pack Installer) (User: NT AUTHORITY)
Description: The Service Pack cannot be installed when the computer is running on battery power.
 
Error: (09/22/2013 09:20:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
 
Error: (09/22/2013 08:52:02 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (09/22/2013 08:34:24 PM) (Source: ipnathlp) (User: )
Description: 0
 
 
Microsoft Office Sessions:
=========================
Error: (09/10/2011 01:12:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 44 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/21/2011 01:06:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 87%
Total physical RAM: 1013.09 MB
Available physical RAM: 125.14 MB
Total Pagefile: 2037.09 MB
Available Pagefile: 920.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:56.16 GB) NTFS
Drive d: () (Fixed) (Total:135.23 GB) (Free:67.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 78AF63CC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=135 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:09 AM

Posted 23 September 2013 - 12:43 PM

Hi Donnerschlag


Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case P2P Rocket) . These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

This program will need to be un-installed to stop re-infection.


Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt

HKCU\...\CurrentVersion\Windows: [Load] C:\Users\KRR&BR~1\LOCALS~1\Temp\msahgbniz.exe <===== ATTENTION
Toolbar: HKLM -  No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKCU - No Name - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
C:\Users\KRR&BR~1\LOCALS~1\Temp\msahgbniz.exe 
C:\Users\aspire\AppData\Local\Conduit
Folder: C:\9c46c00dc7b562b9ec38b275c5
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop(Fixlog.txt) please post it to your reply.

Step 2

We need to see some additional information about what is happening in your machine.
Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    DDS.jpg
  • Instead of attaching, please copy/paste both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 Donnerschlag

Donnerschlag
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:09 PM

Posted 24 September 2013 - 10:26 AM

Hi there seedy21!~

I think my younger brother's the culprit why my laptop got sick since he told me that he was downloading lot of stuffs from the internet  especially music and movies before when we we're still sharing with my laptop. Btw, this is the log from FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-09-2013
Ran by Krr & Brr at 2013-09-24 23:20:24 Run:1
Running from C:\Users\Krr & Brr\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\KRR&BR~1\LOCALS~1\Temp\msahgbniz.exe <===== ATTENTION
Toolbar: HKLM -  No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKCU - No Name - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
C:\Users\KRR&BR~1\LOCALS~1\Temp\msahgbniz.exe 
C:\Users\aspire\AppData\Local\Conduit
Folder: C:\9c46c00dc7b562b9ec38b275c5
*****************
 
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => Value deleted successfully.
HKCR\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} => Value deleted successfully.
HKCR\CLSID\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value deleted successfully.
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
"C:\Users\KRR&BR~1\LOCALS~1\Temp\msahgbniz.exe " => File/Directory not found.
C:\Users\aspire\AppData\Local\Conduit => Moved successfully.
 
========================= Folder: C:\9c46c00dc7b562b9ec38b275c5 ========================
 
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ar-sa
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\bg-bg
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\cs-cz
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\da-dk
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\de-de
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\el-gr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\en-us
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\es-es
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\et-ee
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fi-fi
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fr-fr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\he-il
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hr-hr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hu-hu
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\it-it
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ja-jp
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ko-kr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lt-lt
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lv-lv
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nb-no
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nl-nl
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pl-pl
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-br
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-pt
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ro-ro
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ru-ru
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sk-sk
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sl-si
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sr-latn-cs
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sv-se
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\th-th
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\tr-tr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\uk-ua
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-cn
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-hk
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-tw
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ar-sa
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\bg-bg
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\cs-cz
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\da-dk
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\de-de
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\el-gr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\en-us
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\es-es
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\et-ee
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\fi-fi
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\fr-fr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\he-il
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\hr-hr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\hu-hu
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\it-it
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ja-jp
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ko-kr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\lt-lt
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\lv-lv
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\nb-no
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\nl-nl
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\pl-pl
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\pt-br
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\pt-pt
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ro-ro
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ru-ru
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\sk-sk
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\sl-si
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\sr-latn-cs
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\sv-se
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\th-th
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\tr-tr
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\uk-ua
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\zh-cn
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\zh-hk
2013-09-19 11:57 - 2013-09-19 11:57 - 0000000 ___DC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\zh-tw
2013-09-19 11:57 - 2013-09-19 11:57 - 0463120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\spinstall.exe
2013-09-19 11:57 - 2013-09-19 11:57 - 0002560 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\acres.dll
2013-09-19 11:57 - 2013-09-19 11:57 - 0151630 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\drvmain.sdb
2013-09-19 11:57 - 2013-09-19 11:57 - 0103424 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sdbapiu.dll
2013-09-19 11:57 - 2013-09-19 11:57 - 0010052 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\spc.cat
2013-09-19 11:57 - 2013-09-19 11:57 - 0003721 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\spc.xml
2013-09-19 11:57 - 2013-09-19 11:57 - 0008280 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\spcinstrumentation.man
2013-09-19 11:57 - 2013-09-19 11:57 - 0012288 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\spcmsg.dll
2013-09-19 11:57 - 2013-09-19 11:57 - 0190464 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sperror.dll
2013-09-19 11:57 - 2013-09-19 11:57 - 0280576 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\spreview.exe
2013-09-19 11:57 - 2013-09-19 11:57 - 0253952 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\spwizui.dll
2013-09-19 11:57 - 2013-09-19 11:57 - 4075336 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sysmain.sdb
2013-09-19 11:57 - 2013-09-19 11:57 - 0160256 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-tw\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003072 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-tw\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003584 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-tw\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0012800 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-tw\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0160256 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-hk\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003072 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-hk\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003584 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-hk\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0012800 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-hk\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0161280 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-cn\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003072 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-cn\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003584 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-cn\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0012288 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\zh-cn\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\uk-ua\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\uk-ua\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\uk-ua\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0021504 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\uk-ua\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0303616 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\tr-tr\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\tr-tr\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\tr-tr\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0020480 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\tr-tr\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\th-th\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\th-th\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004608 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\th-th\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0019968 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\th-th\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0316928 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sv-se\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sv-se\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sv-se\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0020992 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sv-se\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sr-latn-cs\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sr-latn-cs\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sr-latn-cs\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0021504 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sr-latn-cs\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sl-si\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sl-si\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sl-si\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022016 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sl-si\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sk-sk\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sk-sk\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sk-sk\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0021504 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\sk-sk\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0321536 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ru-ru\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ru-ru\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ru-ru\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0021504 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ru-ru\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ro-ro\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ro-ro\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005632 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ro-ro\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0021504 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ro-ro\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0326144 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-pt\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-pt\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-pt\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022016 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-pt\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0323584 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-br\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-br\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-br\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0021504 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pt-br\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0348160 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pl-pl\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pl-pl\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pl-pl\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022528 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\pl-pl\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0347648 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nl-nl\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nl-nl\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nl-nl\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022016 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nl-nl\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0307712 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nb-no\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nb-no\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nb-no\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0020992 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\nb-no\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lv-lv\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lv-lv\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lv-lv\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0021504 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lv-lv\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lt-lt\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lt-lt\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lt-lt\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0020992 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\lt-lt\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0199680 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ko-kr\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003584 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ko-kr\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003584 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ko-kr\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0014336 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ko-kr\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0210944 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ja-jp\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003584 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ja-jp\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ja-jp\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0015360 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ja-jp\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0342528 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\it-it\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\it-it\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\it-it\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022016 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\it-it\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0335872 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hu-hu\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hu-hu\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hu-hu\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022016 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hu-hu\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hr-hr\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hr-hr\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hr-hr\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022016 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\hr-hr\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0258560 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\he-il\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0003584 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\he-il\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004608 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\he-il\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0018432 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\he-il\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0340992 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fr-fr\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004608 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fr-fr\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fr-fr\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022528 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fr-fr\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0309248 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fi-fi\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fi-fi\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fi-fi\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0020992 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\fi-fi\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0002089 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\zh-tw\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0002089 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\zh-hk\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0002234 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\zh-cn\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0002999 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\uk-ua\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001367 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\tr-tr\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0003025 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\th-th\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001285 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\sv-se\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001277 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\sr-latn-cs\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001211 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\sl-si\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001338 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\sk-sk\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0003441 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ru-ru\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001512 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ro-ro\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001261 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\pt-pt\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001286 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\pt-br\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001499 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\pl-pl\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001235 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\nl-nl\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001124 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\nb-no\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001696 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\lv-lv\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001604 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\lt-lt\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0004164 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ko-kr\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0003349 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ja-jp\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001383 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\it-it\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001285 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\hu-hu\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001357 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\hr-hr\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0035066 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\he-il\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001398 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\fr-fr\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001315 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\fi-fi\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001199 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\et-ee\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001322 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\es-es\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001055 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\en-us\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0002771 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\el-gr\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001380 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\de-de\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001136 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\da-dk\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0001399 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\cs-cz\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0002479 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\bg-bg\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0034885 ___AC () C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\eula\ar-sa\server_license_addendum_1.rtf
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\et-ee\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\et-ee\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\et-ee\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0020992 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\et-ee\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0338432 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\es-es\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004608 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\es-es\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\es-es\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022016 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\es-es\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\en-us\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\en-us\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004608 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\en-us\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0019968 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\en-us\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0359424 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\el-gr\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004608 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\el-gr\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005632 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\el-gr\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0023552 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\el-gr\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0343040 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\de-de\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004608 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\de-de\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005632 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\de-de\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0023040 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\de-de\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0306688 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\da-dk\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\da-dk\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\da-dk\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0020992 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\da-dk\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0314368 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\cs-cz\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\cs-cz\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\cs-cz\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0020992 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\cs-cz\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0292352 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\bg-bg\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\bg-bg\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0005120 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\bg-bg\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0022016 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\bg-bg\spwizui.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0271360 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ar-sa\acres.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004096 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ar-sa\spcmsg.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0004608 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ar-sa\sperror.dll.mui
2013-09-19 11:57 - 2013-09-19 11:57 - 0126464 ___AC (Microsoft Corporation) C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\ar-sa\spwizui.dll.mui
 
====== End of Folder: ======
 
 
==== End of Fixlog ====

 

 

 

 

 

 

By the way again, I tried running DDS on my laptop but it still didn't generate any logs. I switched off the connection, disabled my AntiVirus and even my firewall. Still no log after the scan. Any solutions with this?



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:09 AM

Posted 24 September 2013 - 03:44 PM

Hi Donnerschlag

Step 1

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Image10.png

Post those two logs in your reply.

Step 2

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Unzip the folder (Right Click > Extract all > Next > Next > Make sure Show Extracted Files is tick and Click Finish ).
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    Conduit;ff
    standardsearch;
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply


     

Edited by seedy21, 24 September 2013 - 03:51 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 Donnerschlag

Donnerschlag
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:09 PM

Posted 25 September 2013 - 10:39 AM

Hi seedy21!~ 

 

Here's the log for the Malwarebytes Anti-Rootkit:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
 
Database version: v2013.09.25.04
 
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Krr & Brr :: DONNERSCHLAG [administrator]
 
9/25/2013 10:22:26 PM
mbar-log-2013-09-25 (22-22-26).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 279653
Time elapsed: 1 hour(s), 3 minute(s), 19 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x86
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.662000 GHz
Memory total: 1062305792, free: 317833216
 
No address found
Downloaded database version: v2013.09.25.04
Downloaded database version: v2013.09.23.01
=======================================
------------ Kernel report ------------
     09/25/2013 22:22:05
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\jrdusbser.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff848b9030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xffffffff84b258d0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84f4b648
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff84e57908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84f4b648, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84f4b280, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84f4b648, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84e59918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84e57908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 78AF63CC
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 204595200
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204802048  Numsec = 283592704
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff848b9030, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84a7e488, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff848b9030, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84b258d0, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File:  File "c:\programdata\avg2013\chjw\1a64aaaf64aa8cd7.dat:b7516137-4730-4620-9d98-1d17b840c868" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 

 

 

 

 

 

 

Here's the log for zoek.exe:

 

 
Zoek.exe Version 4.0.0.4 Updated 14-September-2013
Microsoft Windows 7 Home Premium  6.1.7600  x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Krr & Brr\Desktop\zoek\zoek.exe [Script inserted] 
 
==== System Restore Info ======================
 
9/25/2013 11:29:58 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Running Processes ======================
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\INet\BackgroundService\ServiceManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\SupportAppXL\cdrom_mon.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\ChgService.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\Yahoo\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Garena Plus\ggdllhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Yahoo\Search Protection\SearchProtection.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\INet\BackgroundService\ModemListener.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Users\Krr & Brr\Desktop\zoek\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default
 
---- Lines Conduit removed from prefs.js ----
 
user_pref("CT2786678.HomepageBeforeUnload", "http://search.conduit.com/?ctid=CT2786678&SearchSource=13");
 
 
user_pref("CT2786678.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2786678&SearchSource=13");
 
user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2786678&SearchSource=13");
 
user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar Customized Web Search");
 
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"a3751d2f852f2555c80228aa65e4f0b83\"");
 
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"7cd772776b023143b03ef993ec0e8f32\"");
 
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\aspire\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\kj7ao33k.default\\conduitCommon\\modules\\3.18.0.7");
 
user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
 
user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
 
user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
 
user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
 
 
 
 
---- Lines Conduit modified from prefs.js ----
 
 
---- Lines Conduit removed from user.js ----
 
 
---- FireFox user.js and prefs.js backups ---- 
 
user_20130925_1130_.backup
prefs_20130925_1130_.backup
 
==== Deleting Files \ Folders ======================
 
"C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\conduit.xml" deleted
"C:\Windows\system32\appdata" deleted
"C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\conduit" deleted
"C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\conduitCommon" deleted
"C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\ConduitEngine" deleted
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2013-09-10 09:34:48 2717EBC35166B8793DBFFB4390B8F2E7 22328 ----a-w- C:\Windows\System32\drivers\avgidsshimx.sys
2013-09-05 09:43:42 CBCE8ED318DB8EA431F9D25AC9B7FF41 39224 ----a-w- C:\Windows\System32\drivers\avgrkx86.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-08-28 08:43:51 -------- d-----w- C:\Program Files\Celestia
======= C: =====
2013-09-25 20:11:09 BA0B55E462D2CC07762004C8515D7FB2 3560 ------w- C:\bootsqm.dat
2013-09-23 00:46:31 -------- d-----w- C:\Users\Donnerschlag\AppData\Roaming\Garena
2013-09-23 00:43:14 -------- d-----w- C:\Users\Donnerschlag\AppData\Roaming\GarenaPlus
2013-09-22 08:54:13 02B985E15C1E2BCBE1929DF355BD4683 514772 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache-S-1-5-21-2098024337-2399665789-239898311-1010-8192.dat
2013-09-22 04:25:08 -------- d-----w- C:\Users\Donnerschlag\AppData\Roaming\vlc
2013-09-21 19:42:36 -------- d-s---w- C:\Users\Donnerschlag\AppData\Locallow\Microsoft
2013-09-21 18:54:27 72D6BF85B258FC1E43D95A62186DBD60 109280 ----a-w- C:\Users\Donnerschlag\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-21 18:54:26 -------- d-----w- C:\Users\Donnerschlag\AppData\Roaming\PhotoScape
2013-09-21 18:44:12 -------- d-----w- C:\Users\Donnerschlag\AppData\Roaming\AVG2013
2013-09-21 18:44:07 -------- d-----w- C:\Users\Donnerschlag\AppData\Local\Avg2013
2013-09-21 18:44:05 -------- d-----w- C:\Users\Donnerschlag\AppData\Roaming\Apple Computer
2013-09-21 18:44:05 -------- d-----w- C:\Users\Donnerschlag\AppData\Local\Apple Computer
2013-09-21 18:44:00 -------- d-----w- C:\Users\Donnerschlag\AppData\Roaming\yahoo!
2013-09-21 18:43:28 -------- d-----r- C:\Users\Donnerschlag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-21 18:43:28 -------- d-----r- C:\Users\Donnerschlag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-21 18:43:12 -------- d-----w- C:\Users\Donnerschlag\AppData\Roaming\Identities
2013-09-21 18:42:12 -------- d-----w- C:\Users\Donnerschlag\AppData\Local\VirtualStore
2013-09-21 18:42:06 -------- d-sh--we C:\Users\Donnerschlag\AppData\Local\Temporary Internet Files
2013-09-21 18:42:06 -------- d-sh--we C:\Users\Donnerschlag\AppData\Local\History
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\AppData\Local\Application Data
2013-09-21 18:42:04 -------- d-----w- C:\Users\Donnerschlag\AppData\Roaming\Media Center Programs
2013-09-21 18:42:04 -------- d-----w- C:\Users\Donnerschlag\AppData\Local\Temp
2013-09-21 18:42:04 -------- d-----w- C:\Users\Donnerschlag\AppData\Local\Microsoft Help
2013-09-21 18:42:04 -------- d-----w- C:\Users\Donnerschlag\AppData\Local\Microsoft
2013-09-21 18:42:04 -------- d-----w- C:\Users\Donnerschlag\AppData\Local\Google
2013-09-21 18:42:03 -------- d-s---w- C:\Users\Donnerschlag\AppData\Roaming\Microsoft
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-26 05:17:06 E6F3BBBCD31AB4CE97782C66551903FB 12907592 ----a-w- C:\Users\Krr & Brr\Desktop\mbar-1.07.0.1005.exe
2013-09-21 18:49:01 787803CFE80A1EB1C763BC43FAF3B686 34363645 ----a-w- C:\Users\Donnerschlag\Downloads\celestia-win32-1.6.1.exe
2013-09-21 18:43:28 -------- d-----r- C:\Users\Donnerschlag\Searches
2013-09-21 18:43:04 -------- d-----r- C:\Users\Donnerschlag\Contacts
2013-09-21 18:42:12 680B7C82DD61A526C9A18D39A003434D 918 --sha-r- C:\Users\Donnerschlag\ntuser.pol
2013-09-21 18:42:06 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Donnerschlag\ntuser.ini
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\Templates
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\Start Menu
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\SendTo
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\Recent
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\PrintHood
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\NetHood
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\My Documents
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\Local Settings
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\Cookies
2013-09-21 18:42:05 -------- d-sh--we C:\Users\Donnerschlag\Application Data
2013-09-21 18:42:03 -------- d--h--w- C:\Users\Donnerschlag\AppData
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\Videos
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\Saved Games
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\Pictures
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\Music
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\Links
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\Favorites
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\Downloads
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\Documents
2013-09-21 18:42:03 -------- d-----r- C:\Users\Donnerschlag\Desktop
2013-09-21 18:38:10 7B9D4F33E329C1D41B234B069698B057 632 --sha-r- C:\Users\Krr & Brr\ntuser.pol
2013-09-15 22:55:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2013-08-28 08:44:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celestia
 
====== C: exe-files ==
2013-09-25 06:49:49 DA8A43A64F9F7D029C398EAE960A02BA 275449 ----a-w- C:\ProgramData\GarenaMessenger\update\12281\GaTransfer.exe
2013-09-25 06:49:06 DB74ABC43A52A31655129AE1FB6924BF 1662026 ----a-w- C:\ProgramData\GarenaMessenger\update\12281\GarenaMessenger.exe
2013-09-25 06:47:11 5C76FF0B8C157B2B29185B3448E01B52 1043929 ----a-w- C:\ProgramData\GarenaMessenger\update\12281\bbtalk\BBTalk.exe
2013-09-24 08:09:48 0B1CD71CE29E8123A664A5B40153D2FE 1915744 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.76\29.0.1547.76_29.0.1547.66_chrome_updater.exe
2013-09-19 19:57:53 D0804290B30C58652724344365C89D12 280576 -c--a-w- C:\9c46c00dc7b562b9ec38b275c5\a06e8c2aa2c54dfe4b\spreview.exe
2013-09-19 19:57:45 2053B810B81AEC43E0463AE8C38DE661 463120 -c--a-w- C:\9c46c00dc7b562b9ec38b275c5\spinstall.exe
=== C: other files ==
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Windows\CurrentVersion\Run]
"GarenaPlus"="C:\Program Files\Garena Plus\GarenaMessenger.exe -autolaunch"
 
[HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-501\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"PLFSetI"="C:\Windows\PLFSetI.exe"
"YSearchProtection"="C:\Program Files\Yahoo\Search Protection\SearchProtection.exe"
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY"
"Alcatel Limo ModemListener"="C:\Program Files\INet\BackgroundService\ModemListener.exe start"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GarenaPlus"="C:\Program Files\Garena Plus\GarenaMessenger.exe -autolaunch"
 
==== Startup Registry Disabled ======================
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
 
 
==== Startup Folders ======================
 
2011-08-07 04:31:08 1236 ----a-w- C:\Users\aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2011-03-07 00:12:35 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/21/2013 01:32 AM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000Core.job --a------ C:\Users\aspire\AppData\Local\Facebook\Update\FacebookUpdate.exe [08/01/2012 06:56 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000UA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03/10/2012 12:26 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03/10/2012 12:26 AM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2098024337-2399665789-239898311-1000UA.job --a------ C:\Users\aspire\AppData\Local\Google\Update\GoogleUpdate.exe [03/11/2011 05:26 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default
- Undetermined - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
- Babylon Toolbar - %ProfilePath%\extensions\ffxtlbr@babylon.com
- Delta Toolbar - %ProfilePath%\extensions\ffxtlbr@delta.com
- SpamFreeSearch - %ProfilePath%\extensions\ffxtlbr@spamfreesearch.com
- BurrowsEE2siave - %ProfilePath%\extensions\oicmdm_ox2n@yuueu-apnrrc.com
- Free Lunch Design TB Community Toolbar - %ProfilePath%\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}
- uTorrentBar Community Toolbar - %ProfilePath%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
- GoPhotoIt - %ProfilePath%\extensions\gophoto@gophoto.it.xpi
- Torntv 2 - %ProfilePath%\extensions\torntv2@torntv.com.xpi
- Torntv - %ProfilePath%\extensions\torntv@torntv.com.xpi
 
==== Firefox Plugins ======================
 
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
amhlacfinnaffmhfohbpecabbjfhkdji - C:\Users\aspire\AppData\Local\Temp\amhlacfinnaffmhfohbpecabbjfhkdji.crx[]
hahpjplbmicfkmoccokbjejahjjpnena - C:\Users\aspire\AppData\Local\B1E\B1Tool.crx[02/23/2013 04:10 PM]
jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files\TornTV.com\torn11.crx[]
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[03/19/2012 08:40 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[01/28/2011 05:31 PM]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[]
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://au.yahoo.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{899C5ACD-9224-4220-B7C1-ACCFB5A88EA9}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Unknown  Url="Not_Found"
{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown  Url="Not_Found"
{6C550BE5-EE90-4DCA-94E0-4264DCBF7F16} Yahoo//au.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7"
{899C5ACD-9224-4220-B7C1-ACCFB5A88EA9} Bing  Url="http://www.bing.com/search?q={searchTerms}&r=894"
{afdbddaa-5d3f-42ee-b79c-185a7020515b} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-501\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-501\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-501\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_USERS\S-1-5-21-2098024337-2399665789-239898311-501\Software\Microsoft\Internet Explorer\URLSearchHooks\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
 
==== HijackThis Entries ======================
 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: YouTube Free Downloader Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\YouTube Free Downloader Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Alcatel Limo ModemListener] C:\Program Files\INet\BackgroundService\ModemListener.exe start
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2098024337-2399665789-239898311-501\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Guest')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1111E6F4-1F88-4230-AE80-166AE62DD696}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D19BDD1-E137-413B-8DEF-D3EB679FA809}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{E51A4B10-05A4-4868-B9DE-9806BC5284BC}: NameServer = 202.138.128.50 202.138.128.54
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Alcatel Limo Modem Device Helper - Unknown owner - C:\Program Files\INet\BackgroundService\ServiceManager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\Windows\system32\ChgService.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
==== EOF on Wed 09/25/2013 at 23:39:53.17 ======================
 

 

 

 

 

Looks like my pc getting fine once again. Scanned using MBAM to ensure and no malwares or infection appeared.

Thank you for the help seedy21!~

 

Next. What do I do with the logs and the softwares used to clean my laptop (zoek.exe/Malwarebytes Anti-Rootkit and FRST folder)? Waiting for your confirmations. Thanks. :)


Edited by Donnerschlag, 25 September 2013 - 10:46 AM.


#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:09 AM

Posted 25 September 2013 - 01:12 PM

Hi Donnerschlag

 

Glad to see that you are getting clean Malwarebytes logs.

I can see some adware that we better delete.

 

Step 1

 

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

 

Step 2

 

  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
    [list]
  • If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
  • When you see a console window, press any key to continue scanning.
  • Wait while it scans.
  • If your firewall alerts you of Security Check, please press 'Allow' or similar.

 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 Donnerschlag

Donnerschlag
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:09 PM

Posted 26 September 2013 - 09:00 AM

Hello seedy21!~ How's the day?

 

This is the first log of AdwCleaner   (AdwCleaner[R0].txt)

 

# AdwCleaner v3.005 - Report created 26/09/2013 at 21:33:59
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : Krr & Brr - DONNERSCHLAG
# Running from : C:\Users\Krr & Brr\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
File Found : C:\Users\aspire\AppData\Roaming\BabMaint.exe
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\\invalidprefs.js
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\bProtector_extensions.rdf
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\bprotector_extensions.sqlite
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\bprotector_prefs.js
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\gophoto@gophoto.it.xpi
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\torntv2@torntv.com.xpi
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\browsemngr.xml
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\BrowserProtect.xml
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\delta.xml
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\funmoods.xml
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\SearchquWebSearch.xml
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\spamfreesearch.xml
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\SweetIm.xml
File Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\user.js
File Found : C:\Windows\System32\Tasks\EPUpdater
Folder Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
Folder Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniccpekdpknmeeflffbmegfnaeadbei
Folder Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Folder Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Folder Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj
Folder Found : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\ffxtlbr@delta.com
Folder Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\ffxtlbr@spamfreesearch.com
Folder Found : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\oicmdm_ox2n@yuueu-apnrrc.com
Folder Found C:\ProgramData\BurrowsEE2siave
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurrowsEE2siave
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurrowsEE2siave
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Found C:\ProgramData\SoftSafe
Folder Found C:\Users\aspire\AppData\Local\B1E
Folder Found C:\Users\aspire\AppData\Local\OpenCandy
Folder Found C:\Users\aspire\AppData\Local\TempDir
Folder Found C:\Users\aspire\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\aspire\AppData\LocalLow\blekko
Folder Found C:\Users\aspire\AppData\LocalLow\Conduit
Folder Found C:\Users\aspire\AppData\LocalLow\ConduitEngine
Folder Found C:\Users\aspire\AppData\LocalLow\PriceGong
Folder Found C:\Users\aspire\AppData\LocalLow\searchquband
Folder Found C:\Users\aspire\AppData\LocalLow\Searchqutoolbar
Folder Found C:\Users\aspire\AppData\LocalLow\SweetIM
Folder Found C:\Users\aspire\AppData\Roaming\B1Toolbar
Folder Found C:\Users\aspire\AppData\Roaming\dvdvideosoftiehelpers
Folder Found C:\Users\aspire\AppData\Roaming\eType
Folder Found C:\Users\aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax
Folder Found C:\Users\aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\jetpack
Folder Found C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Searchqutoolbar
Folder Found C:\Users\aspire\AppData\Roaming\optimizer pro
Folder Found C:\Users\aspire\AppData\Roaming\Systweak
Folder Found C:\Users\aspire\AppData\Roaming\yourfiledownloader
Folder Found C:\Users\Krr & Brr\AppData\LocalLow\Conduit
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\5d28f88bc6fb846
Key Found : HKCU\Software\AppDataLow\Software\RewardsArcade
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\5d28f88bc6fb846
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1269415
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1708250
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\dlQUE
Key Found : HKLM\Software\Funmoods
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_angry-birds-rio_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_angry-birds-rio_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\EPUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\EPUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : HKLM\Software\YourFileDownloader
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [oicmdm_ox2n@yuueu-apnrrc.com]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
Found : icon_url
Found : search_url
Found : keyword
 
[ File : C:\Users\Krr & Brr\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Donnerschlag\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [13526 octets] - [26/09/2013 21:33:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13587 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
 
And this is the second log of AdwCleaner   (AdwCleaner[S0].txt)
 
 
 
 
# AdwCleaner v3.005 - Report created 26/09/2013 at 21:39:49
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : Krr & Brr - DONNERSCHLAG
# Running from : C:\Users\Krr & Brr\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\BurrowsEE2siave
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurrowsEE2siave
Folder Deleted : C:\Users\aspire\AppData\Local\B1E
Folder Deleted : C:\Users\aspire\AppData\Local\OpenCandy
Folder Deleted : C:\Users\aspire\AppData\Local\TempDir
Folder Deleted : C:\Users\aspire\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\aspire\AppData\LocalLow\blekko
Folder Deleted : C:\Users\aspire\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\aspire\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\aspire\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\aspire\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\aspire\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\aspire\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\aspire\AppData\Roaming\B1Toolbar
Folder Deleted : C:\Users\aspire\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\aspire\AppData\Roaming\eType
Folder Deleted : C:\Users\aspire\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\aspire\AppData\Roaming\Systweak
Folder Deleted : C:\Users\aspire\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax
Folder Deleted : C:\Users\aspire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Krr & Brr\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\jetpack
Folder Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Searchqutoolbar
Folder Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\ffxtlbr@spamfreesearch.com
Folder Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\oicmdm_ox2n@yuueu-apnrrc.com
Folder Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Folder Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Folder Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj
Folder Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniccpekdpknmeeflffbmegfnaeadbei
Folder Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\gophoto@gophoto.it.xpi
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\Extensions\torntv2@torntv.com.xpi
File Deleted : C:\Users\aspire\AppData\Roaming\BabMaint.exe
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\\invalidprefs.js
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\bProtector_extensions.rdf
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\bprotector_extensions.sqlite
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\bprotector_prefs.js
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\browsemngr.xml
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\delta.xml
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\funmoods.xml
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\SearchquWebSearch.xml
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\spamfreesearch.xml
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\aspire\AppData\Roaming\Mozilla\Firefox\Profiles\kj7ao33k.default\user.js
File Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\EPUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [oicmdm_ox2n@yuueu-apnrrc.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6837E8AC-93DF-4993-A45D-4CF6AB250265}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6837E8AC-93DF-4993-A45D-4CF6AB250265}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKCU\Software\5d28f88bc6fb846
Key Deleted : HKLM\SOFTWARE\5d28f88bc6fb846
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1269415
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1708250
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_angry-birds-rio_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_angry-birds-rio_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\AppDataLow\Software\RewardsArcade
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\dlQUE
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\aspire\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
 
[ File : C:\Users\Krr & Brr\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Donnerschlag\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [13668 octets] - [26/09/2013 21:33:59]
AdwCleaner[S0].txt - [13813 octets] - [26/09/2013 21:39:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13874 octets] ##########
 
 
 
 
 
 
I ran the SecurityCheck.exe. The scan was finished and a notepad opened but there was nothing inside the log.


#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:09 AM

Posted 26 September 2013 - 04:08 PM

Hi Donnerschlag

Step 1

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on FINISH (Selecting Uninstall application on close if you so wish)
Step 2

How is that machine running now?

Are you having any other issues?

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 Donnerschlag

Donnerschlag
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:09 PM

Posted 27 September 2013 - 09:59 PM

Hi there seedy21!~

 

Sorry I might be delayed in replying about the logs since I still study and work. last night I scanned using the online scanner and found some infections but my brother stopped it in the middle of scanning so I need to start it over again when I get home later. Bout computer issues, my laptop seems pretty fine and a bit faster than before. I might do some extra scanning from AVG and MBAM just to be sure.

 

Thanks. :)



#13 Donnerschlag

Donnerschlag
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:09 PM

Posted 28 September 2013 - 11:06 AM

Hi seedy21~ How's your day? :)

 

Btw, I ran the ESET online scanner the whole day I was away. Started it by morning, when I reached home, the scan ended but the only thing the scan log's content is:

 

 

ESETSmartInstaller@High as downloader log:
all ok
 
 
 
No other log. After the scan, are there other options? I'm so confused on how the scanner generates log after scan.


#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:09 AM

Posted 29 September 2013 - 02:31 PM

Hi Donnerschlag

No other log. After the scan, are there other options? I'm so confused on how the scanner generates log after scan.

Thats fine, I would be worried if they was anything more in that log :)

Step 1

We need to re-run Zoek
  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Unzip the folder (Right Click > Extract all > Next > Next > Make sure Show Extracted Files is tick and Click Finish ).
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    emptyclsid;
    firefoxlook;
    autoclean;
    iedefaults;
    filesrcm;
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 Donnerschlag

Donnerschlag
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:02:09 PM

Posted 01 October 2013 - 11:59 AM

Hi seedy21!~

 

I will be posting the logs tomorrow after class since i'm kinda busy today for finals. :) btw, ESET online scan found 8 infections that MBAM and AVG didn't detect. I scanned twice but i really don't know how to clean it up. After scan it only directs me to "Additional Info" page and nothing more. No buttons, no options. That's why I didn't have the log. And also, scanned using Zoek last night. Started 9pm and woke up by 6am and the scan wasn't done. I checked the processes and zoek.exe wasn't there anymore. Tried it again awhile ago before I left home and after I came back, same story. Even tho my antivirus is off still took long or i don't know. Hmmmm, i'm re-donwloading Zoek today and scan tomorrow before I leave for class. I'm kinda confused since i'm not really a troubleshooting knowledgable.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users