Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SD card infected with kpcgrhynko.vbs please help


  • Please log in to reply
12 replies to this topic

#1 kaperr

kaperr

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 28 November 2013 - 12:48 AM

hello! my SD card on my mobile phone is infected with the kpcgrhynko.vbs file. i was able to view a post regarding the removal of the said file on the computer and/or SD card. i was able to understand the procedure but there was a point where the fixlist.txt file should be different with the one posted because it was suited to the case of the other person. please help! i will post the requested report logs tonight when i get home.

 

the other post was http://www.bleepingcomputer.com/forums/t/509903/how-to-permanently-remove-kpcgrhynkovbs-file/

 

thank you!!



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:29 PM

Posted 28 November 2013 - 01:14 PM

:welcome: to the BC forums, kaperr!

 

Please do the following...

 

:step1:  Please click on the Windows 7 Start button and then on Control Panel
In Control Panel, select the Folder Options link.
Click on the View tab in the Folder Options window.

 

In the Advanced settings: area, locate the Hidden files and folders category.

Check: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files (Recommended)
Click Apply and OK at the bottom of the Folder Options window.

 

:step2:  Next, download UsbFix:
http://www.en.usbfix.net
Save to the Desktop.

Right-click the downloaded USBFix file and select: Run as Administrator

Connect any problem USB drive!

Press: Research

When done, the program closes on its own, and a report appears.
(The report file is also found at C:\UsbFix.txt)

 

>> Please post the UsbFix.txt (Research Mode) report in your reply.

 

:step3:  Once again, run USBFix as Administrator, but, this time, press: Listing

>> Also post the UsbFix.txt (Listing Mode) report in your reply. 

 

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:

Restart your computer.
 When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu
 Using the arrow keys, select: Safe Mode
 Press the Enter key on your keyboard to boot into the selected mode.

 

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:

Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

When done with USBFix, re-enable your AV!

 

:step4:  Last, please download the Farbar Recovery Scan Tool
Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.

 

Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

 

Press the Scan button.

 

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

>> Please provide the FRST.txt in your reply.

 

The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.

 

 


Old duck...


#3 kaperr

kaperr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 29 November 2013 - 06:25 AM

############################## | UsbFix V 7.152 | [Research]
 
User: User (Administrator) # EARVIN-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 19:15:39 | 29/11/2013
 
 
PC: ASUSTeK Computer INC. (P7H55)
CPU: Intel® Core™ i5 CPU         750  @ 2.67GHz
RAM -> [Total : 4087 | Free : 1732]
Bios: American Megatrends Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7600 64-Bit) 
WB: Windows Internet Explorer : 8.0.7600.16385
WB: Mozilla Firefox : 19.0.2
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Lavasoft Ad-Aware [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 195 Gb (26 Mb free - 13%) [] # NTFS
D:\ -> Fixed drive # 736 Gb (62 Mb free - 8%) [datadrive] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID: 392 |ParentID: 384)
C:\Windows\system32\wininit.exe (ID: 452 |ParentID: 384)
C:\Windows\system32\csrss.exe (ID: 476 |ParentID: 460)
C:\Windows\system32\services.exe (ID: 516 |ParentID: 452)
C:\Windows\system32\lsass.exe (ID: 524 |ParentID: 452)
C:\Windows\system32\lsm.exe (ID: 532 |ParentID: 452)
C:\Windows\system32\winlogon.exe (ID: 632 |ParentID: 460)
C:\Windows\system32\svchost.exe (ID: 676 |ParentID: 516)
C:\Windows\system32\nvvsvc.exe (ID: 792 |ParentID: 516)
C:\Windows\system32\svchost.exe (ID: 836 |ParentID: 516)
C:\Windows\System32\svchost.exe (ID: 932 |ParentID: 516)
C:\Windows\System32\svchost.exe (ID: 964 |ParentID: 516)
C:\Windows\system32\svchost.exe (ID: 996 |ParentID: 516)
C:\Windows\system32\AUDIODG.EXE (ID: 348 |ParentID: 932)
C:\Windows\system32\svchost.exe (ID: 820 |ParentID: 516)
C:\Windows\system32\svchost.exe (ID: 1112 |ParentID: 516)
C:\Windows\system32\nvvsvc.exe (ID: 1232 |ParentID: 792)
C:\Windows\System32\spoolsv.exe (ID: 1324 |ParentID: 516)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ID: 1352 |ParentID: 516)
C:\Windows\system32\svchost.exe (ID: 1388 |ParentID: 516)
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (ID: 1516 |ParentID: 516)
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (ID: 1564 |ParentID: 516)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1588 |ParentID: 516)
C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe (ID: 1620 |ParentID: 516)
C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe (ID: 1664 |ParentID: 516)
C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe (ID: 1688 |ParentID: 1620)
C:\Windows\system32\conhost.exe (ID: 1696 |ParentID: 392)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ID: 1732 |ParentID: 516)
C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe (ID: 1788 |ParentID: 1664)
C:\Windows\system32\conhost.exe (ID: 1800 |ParentID: 392)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1816 |ParentID: 516)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1840 |ParentID: 516)
C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (ID: 2024 |ParentID: 516)
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (ID: 1084 |ParentID: 516)
C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe (ID: 1548 |ParentID: 516)
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (ID: 1880 |ParentID: 516)
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (ID: 1208 |ParentID: 1880)
C:\Windows\system32\sppsvc.exe (ID: 1192 |ParentID: 516)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 2052 |ParentID: 516)
C:\Windows\system32\svchost.exe (ID: 2076 |ParentID: 516)
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (ID: 2140 |ParentID: 516)
C:\Windows\system32\taskhost.exe (ID: 2516 |ParentID: 516)
C:\Windows\system32\Dwm.exe (ID: 2700 |ParentID: 964)
C:\Windows\Explorer.EXE (ID: 2724 |ParentID: 2680)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ID: 3792 |ParentID: 1732)
C:\Windows\system32\svchost.exe (ID: 3232 |ParentID: 516)
C:\PROGRAMS\FGUARD\FGKey64.exe (ID: 4008 |ParentID: 2724)
C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe (ID: 2992 |ParentID: 2724)
C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (ID: 800 |ParentID: 2724)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 304 |ParentID: 2724)
C:\Program Files (x86)\Steam\Steam.exe (ID: 1828 |ParentID: 2724)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (ID: 4104 |ParentID: 2724)
C:\Program Files (x86)\Samsung\Kies\Kies.exe (ID: 4248 |ParentID: 2724)
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (ID: 4328 |ParentID: 2724)
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (ID: 4352 |ParentID: 2724)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (ID: 4496 |ParentID: 2724)
C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID: 4580 |ParentID: 2724)
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 4704 |ParentID: 2724)
C:\Windows\system32\SearchIndexer.exe (ID: 4724 |ParentID: 516)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 3688 |ParentID: 4588)
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (ID: 564 |ParentID: 4588)
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ID: 2404 |ParentID: 4588)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ID: 4176 |ParentID: 4588)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4296 |ParentID: 4588)
C:\PROGRA~2\AD-AWA~1\AdAware.exe (ID: 4444 |ParentID: 1564)
C:\Windows\system32\svchost.exe (ID: 4536 |ParentID: 516)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4744 |ParentID: 516)
C:\Windows\system32\SearchProtocolHost.exe (ID: 4592 |ParentID: 4724)
C:\Windows\system32\SearchFilterHost.exe (ID: 3060 |ParentID: 4724)
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (ID: 5240 |ParentID: 516)
C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID: 5512 |ParentID: 4580)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5532 |ParentID: 2724)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5884 |ParentID: 5532)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6004 |ParentID: 5532)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 812 |ParentID: 676)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2316 |ParentID: 5532)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4968 |ParentID: 5532)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2164 |ParentID: 516)
C:\Program Files (x86)\Common Files\Steam\SteamService.exe (ID: 5464 |ParentID: 516)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4436 |ParentID: 5532)
C:\Windows\system32\WUDFHost.exe (ID: 6620 |ParentID: 964)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 6636 |ParentID: 996)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 6676 |ParentID: 676)
C:\UsbFix\Go.exe (ID: 7100 |ParentID: 7064)
 
################## | Regedit Run |
 
04 - HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE | Run : [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
04 - HKLM\SOFTWARE\wow6432Node | Run : [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [Google Update] - "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [Rim.DesktopHelper.exe] - "C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe"
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
04 - HKU\S-1-5-21-534387042-2677290573-1437742574-1000\SOFTWARE | Run : [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Generic Research |
 
Found ! C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
Found ! C:\ProgramData\SUPERAntiSpyware.com
Found ! C:\Users\User\AppData\Local\Temp\bonjourfw.vbs
Found ! C:\Users\User\AppData\Local\Temp\Drives.vbs
Found ! C:\Users\User\AppData\Local\Temp\avgnt.exe
 
################## | Reference of comparison MD5 |
 
Md5 : 117FC8583F3D1FD1D9B8017D23F39DD5 -> C:\Users\User\AppData\Local\Temp\bonjourfw.vbs
Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:\Users\User\AppData\Local\Temp\Drives.vbs
 
################## | Comparison MD5 |
 
Found ! Md5 : 117FC8583F3D1FD1D9B8017D23F39DD5 -> C:\Users\User\AppData\Local\Temp\bonjourfw.vbs
Found ! Md5 : AC8F18C5C595A5685FCEA46E61B6B5AF -> C:\Users\User\AppData\Local\Temp\Drives.vbs
 
################## | Registry |
 
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Found ! HKU\S-1-5-21-534387042-2677290573-1437742574-1000\Software\Microsoft\Windows\CurrentVersion\Run|SUPERAntiSpyware
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SUPERAntiSpyware
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |


#4 kaperr

kaperr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 29 November 2013 - 06:27 AM

############################## | UsbFix V 7.152 | [Listing]
 
User: User (Administrator) # EARVIN-PC
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 19:26:21 | 29/11/2013
 
 
PC: ASUSTeK Computer INC. (P7H55)
CPU: Intel® Core™ i5 CPU         750  @ 2.67GHz
RAM -> [Total : 4087 | Free : 2359]
Bios: American Megatrends Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7600 64-Bit) 
WB: Windows Internet Explorer : 8.0.7600.16385
WB: Mozilla Firefox : 19.0.2
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Lavasoft Ad-Aware [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
 
C:\ (%systemdrive%) -> Fixed drive # 195 Gb (26 Mb free - 13%) [] # NTFS
D:\ -> Fixed drive # 736 Gb (62 Mb free - 8%) [datadrive] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
 
################## | Listing |
 
[10/04/2012 - 00:16:44 | SHD ] C:\$Recycle.Bin
[29/09/2012 - 20:57:13 | A | 23004] C:\archer.JPG.CROP.rectangle3-large.JPG
[03/10/2012 - 10:38:19 | A | 3945] C:\black.jpg
[17/09/2012 - 19:47:08 | D ] C:\CCProxy
[01/09/2010 - 00:23:23 | D ] C:\CFLog
[14/07/2009 - 13:08:56 | SHD ] C:\Documents and Settings
[08/07/2010 - 18:15:57 | D ] C:\driver
[25/10/2012 - 04:07:40 | A | 10253] C:\forward.jpg
[28/11/2013 - 01:22:31 | D ] C:\FRST
[13/03/2013 - 22:06:01 | D ] C:\Games
[29/11/2013 - 19:10:54 | ASH | 3214188544] C:\hiberfil.sys
[08/07/2010 - 17:56:14 | D ] C:\Intel
[08/07/2010 - 18:01:53 | RHD ] C:\MSOCache
[27/11/2011 - 22:45:19 | D ] C:\NEOWIZ
[11/04/2013 - 10:07:46 | D ] C:\Nexon
[08/07/2010 - 17:58:02 | D ] C:\NVIDIA
[15/08/2012 - 00:40:10 | D ] C:\output media
[29/11/2013 - 19:10:53 | ASH | 4285587456] C:\pagefile.sys
[22/11/2012 - 14:53:59 | D ] C:\PCShareManagerUpload
[15/04/2013 - 07:33:34 | D ] C:\Perfect World Entertainment
[14/07/2009 - 11:20:08 | D ] C:\PerfLogs
[28/11/2013 - 00:08:01 | RD ] C:\Program Files
[18/11/2013 - 09:28:12 | RD ] C:\Program Files (x86)
[20/10/2013 - 23:32:35 | HD ] C:\ProgramData
[31/01/2012 - 13:30:28 | D ] C:\PROGRAMS
[21/03/2013 - 17:02:10 | D ] C:\PSS
[08/07/2010 - 17:38:59 | SHD ] C:\Recovery
[25/07/2013 - 15:01:46 | D ] C:\Rogue Legacy
[02/03/2011 - 00:20:57 | A | 42] C:\selog.txt
[31/01/2012 - 14:58:55 | D ] C:\Softland
[28/11/2013 - 01:03:00 | SHD ] C:\System Volume Information
[03/10/2012 - 10:32:32 | A | 29776] C:\Tito-Sotto.jpg
[27/09/2013 - 00:43:26 | D ] C:\Upload
[29/11/2013 - 19:26:23 | D ] C:\UsbFix
[28/11/2013 - 01:19:50 | A | 6816] C:\UsbFix [Listing 1 ] EARVIN-PC.txt
[29/11/2013 - 19:26:23 | A | 2876] C:\UsbFix [Listing 2 ] EARVIN-PC.txt
[28/11/2013 - 01:18:11 | A | 13755] C:\UsbFix [Scan 1] EARVIN-PC.txt
[29/11/2013 - 19:07:39 | A | 11558] C:\UsbFix [Scan 2] EARVIN-PC.txt
[29/11/2013 - 19:22:11 | A | 13143] C:\UsbFix [Scan 3] EARVIN-PC.txt
[08/11/2012 - 23:07:01 | RD ] C:\Users
[28/11/2013 - 01:23:52 | D ] C:\Windows
[25/09/2010 - 14:25:20 | HD ] C:\XecureSSL
[10/04/2012 - 00:16:44 | SHD ] D:\$RECYCLE.BIN
[27/01/2012 - 00:57:09 | D ] D:\1? 21? ?? ???? TOP100
[11/04/2013 - 20:06:37 | D ] D:\Anti HShield
[02/07/2013 - 02:38:53 | D ] D:\Baldur's Gate II - SoA + ToB expansion
[05/11/2011 - 15:09:19 | D ] D:\BGM
[19/12/2011 - 02:33:42 | SHD ] D:\Config.Msi
[16/07/2013 - 20:10:38 | D ] D:\Deus Ex - Human Revolution
[16/07/2013 - 20:11:23 | D ] D:\Downloaded Games
[21/01/2013 - 14:43:22 | D ] D:\Dragon Age 2.v 1.04 + 16 DLC.(Electronic Arts).(2011).Repack
[11/01/2013 - 11:41:52 | D ] D:\Dragon.Age.Origins.True.Ultimate.Edition-Reece56364
[04/01/2012 - 02:24:58 | D ] D:\Drivers
[22/06/2013 - 16:09:38 | D ] D:\Dropbox
[17/08/2013 - 19:34:24 | D ] D:\DVD to mp4
[05/04/2011 - 15:06:49 | D ] D:\EADM
[25/02/2007 - 00:00:00 | A | 108616] D:\Folder Guard - Emergency Recovery Utility.exe
[27/11/2013 - 10:08:06 | D ] D:\KickassTorrents App version 1.1.5 No Ads Apk
[18/10/2012 - 00:45:02 | D ] D:\Magicka
[02/11/2011 - 16:28:38 | HD ] D:\msdownld.tmp
[24/03/2013 - 15:26:38 | D ] D:\My Music
[24/11/2013 - 22:26:11 | D ] D:\My Videos
[07/01/2013 - 08:05:49 | D ] D:\OPM
[25/07/2013 - 14:55:10 | D ] D:\Rogue.Legacy-WaLMaRT
[13/06/2013 - 19:35:21 | D ] D:\s4 Photos
[27/11/2013 - 23:19:14 | D ] D:\S4 sd card backup
[27/09/2013 - 02:20:08 | D ] D:\Samsung Link
[19/12/2011 - 02:35:10 | D ] D:\Skyrim
[24/08/2012 - 17:29:27 | D ] D:\StarCraft II
[24/06/2013 - 17:39:30 | D ] D:\Suspicious Download
[28/11/2013 - 23:22:13 | SHD ] D:\System Volume Information
[21/03/2013 - 02:31:53 | D ] D:\The Elder Scrolls V Skyrim 1.7
[07/12/2012 - 18:25:11 | D ] D:\The Elder Scrolls V Skyrim Hearthfire DLC
[13/03/2013 - 07:56:23 | D ] D:\Tomb Raider 2013 PC full game + DLC ^^nosTEAM^^
[26/04/2013 - 09:31:13 | D ] D:\uTorrent
[30/12/2011 - 17:39:37 | D ] D:\VA - YouTube Top 100 Music Hits (15th Nov 2011)
[11/04/2013 - 20:04:50 | D ] D:\Vindictus HShield
[02/09/2011 - 18:38:33 | D ] D:\VLC
[10/07/2010 - 05:34:08 | D ] D:\Warcraft III
[15/07/2010 - 05:11:56 | D ] D:\Windows Applications
[30/12/2011 - 17:39:41 | D ] D:\?? 11? 3?  ?? TOP 100 +?????
 
################## | E.O.F |


#5 kaperr

kaperr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 29 November 2013 - 06:28 AM

something is wrong because 2 nights before tonight... whenever i plug in the SD card via a card reader... i wasnt getting any prompts saying the drive is not formatted. tonight it is saying that it cannot be read because it needs to be formatted



#6 kaperr

kaperr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 29 November 2013 - 06:33 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by User (administrator) on EARVIN-PC on 29-11-2013 19:31:28
Running from C:\Users\User\Downloads
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [FG_Monitor] - C:\PROGRAMS\FGUARD\FGKey64.exe [144456 2007-02-25] (WinAbility® Software Corporation)
HKLM\...\Run: [ProxyCap] - C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe [2565120 2013-04-06] (Proxy Labs)
HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-11-05] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Runonce: [] -  [x]
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-07-08] (Google Inc.)
HKCU\...\Run: [Rim.DesktopHelper.exe] - "C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe"
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-31] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-19] (Samsung)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-15] (SUPERAntiSpyware.com)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
MountPoints2: {c6422525-8017-11e1-ac87-e0cb4ed4241c} - I:\autorun.exe
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Guest\...\Run: [Facebook Update] - C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-30] (Facebook Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKCU - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - {2E7D6AAD-9298-4E77-BE8B-79A16EC1DCC1} URL = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {91FC4E50-626A-4528-9B8A-C940D554B4F9} URL = http://www.mysearchresults.com/search?c=2408&t=14&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: IPlusB Class - {0BAB0BFA-D4FA-4965-94E2-5269BB66CB6B} - C:\Program Files\iplus\IPlus.dll ()
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38} 
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} http://192.168.1.131/webrec.cab
DPF: HKLM-x32 {62076E39-043C-4A5A-BF17-D8A2128ACD93} http://pib.wooribank.com/com/installer/interezen/WRebw.cab
DPF: HKLM-x32 {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} http://dl.pmang.com/common/pmangctl/pmangax.cab
Winsock: Catalog5 08 pcapwsp.dll File Not found ()
Winsock: Catalog9 01 pcapwsp.dll File Not found ()
Winsock: Catalog9 02 pcapwsp.dll File Not found ()
Winsock: Catalog9 03 pcapwsp.dll File Not found ()
Winsock: Catalog9 04 pcapwsp.dll File Not found ()
Winsock: Catalog9 15 pcapwsp.dll File Not found ()
Winsock: Catalog5-x64 08 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 01 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 02 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 03 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 04 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 15 pcapwsp.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 124.106.7.2 124.106.5.2 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bi6x168j.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=BD23B55E562C1F29C072F65159C8BB31
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @interezen.co.kr/npi3gmanager - C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll (Interezen © Interezen.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @pmang.com/npPMangFX - C:\Windows\system32\npPMangFX.dll No File
FF Plugin-x32: @softcamp.co.kr/SecureKeyStroke4.0 - C:\Program Files (x86)\SoftCamp\Secure KeyStroke Mozilla\NPSCSKXUL.dll (SoftCamp Co., Ltd)
FF Plugin-x32: @softforum.com/npKeyPro - C:\Windows\system32\npKeyPro.dll No File
FF Plugin-x32: @softforum.com/npxwebplugins - C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file - C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bi6x168j.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Lavasoft Search Plugin - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bi6x168j.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: Ad-Aware Security Add-on - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bi6x168j.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: uTorrentBar Community Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bi6x168j.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF Extension: addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bi6x168j.default\Extensions\addon@defaulttab.com.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: XecureWeb Client PP for Window FireFox - C:\Program Files (x86)\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://facebook.com/", "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=BD23B55E562C1F29C072F65159C8BB31"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (HP Product Detection Plugin for Mozilla) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll (Hewlett-Packard)
CHR Plugin: (HP Active Check Plugin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll (Hewlett-Packard)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (XecureWeb Plugin for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npxecure.dll (SoftForum Co., Ltd.)
CHR Plugin: (XecureWeb File Plugin for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npxwfile.dll (SoftForum Co., Ltd.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File
CHR Plugin: (NPI3GManager © Interezen. plugin) - C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll (Interezen © Interezen.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (SoftCamp Secure KeyStorke Plugin) - C:\Program Files (x86)\SoftCamp\Secure KeyStroke Mozilla\NPSCSKXUL.dll (SoftCamp Co., Ltd)
CHR Plugin: (SoftForum XecureWeb Control Plug-in) - C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
CHR Plugin: (SoftForum XecureWeb File Control Plug-in) - C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
CHR Plugin: (Wizvera Mozilla Browser Control) - C:\Program Files (x86)\Wizvera\Verain\npverain.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (TouchEn Key for Multi-Browser) - C:\Windows\system32\npKeyPro.dll No File
CHR Plugin: (Mozilla PMangFX Session Plugin_1.0.0.7) - C:\Windows\system32\npPMangFX.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Fast save) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\clikkpikfpbnoocmfjjoofcdoaaloaef\1.1_0
CHR Extension: (AT_PeterBjornJohn) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmemmjoiahegfgfcenggecfhoedchfdl\3
CHR Extension: (DefaultTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0
CHR Extension: (SecureSearch) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0
CHR Extension: (Poppit) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (HP Product Detection Plugin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx
CHR StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-24] (SUPERAntiSpyware.com)
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
S2 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] ()
S2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe [404360 2013-10-11] (Samsung)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [573952 2013-08-27] ()
S2 DefaultTabUpdate; C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-08-17] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4771880 2013-03-29] (INCA Internet Co., Ltd.)
S2 pcapsvc; C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2261504 2013-04-06] (Proxy Labs)
S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-11-05] (Copyright 2013 SAMSUNG)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 FGUARD64; C:\PROGRAMS\FGUARD\FGUARD64.SYS [72064 2007-02-25] (WinAbility® Software Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-02] (GFI Software)
S3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [19016 2012-03-22] (Soft Security Corporation)
S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2012-03-22] (Kings Information & Network)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NPIDS; C:\Windows\system32\NpIdsVt64.sys [55904 2010-05-13] (INCA Internet Co., Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 scskusbf; C:\Windows\SysWow64\drivers\scskusbf.sys [16600 2011-03-28] (SoftCamp)
S3 scskusbs; C:\Windows\SysWow64\drivers\scskusbs.sys [38104 2011-03-28] (SoftCamp)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-11-13] (Duplex Secure Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
U3 al9biknk; C:\Windows\System32\Drivers\al9biknk.sys [0 ] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 GGSAFERDriver; \??\D:\HON\Garena Messenger\Room\safedrv.sys [x]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [x]
S3 X6va002; \??\C:\Users\User\AppData\Local\Temp\002E57E.tmp [x]
S3 X6va003; \??\C:\Users\User\AppData\Local\Temp\0038E3D.tmp [x]
S3 X6va005; \??\C:\Users\User\AppData\Local\Temp\0057F01.tmp [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-29 19:30 - 2013-11-29 19:30 - 01959024 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-11-29 19:26 - 2013-11-29 19:26 - 00005481 _____ C:\UsbFix [Listing 2 ] EARVIN-PC.txt
2013-11-29 19:15 - 2013-11-29 19:22 - 00013143 _____ C:\UsbFix [Scan 3] EARVIN-PC.txt
2013-11-29 19:07 - 2013-11-29 19:07 - 00011558 _____ C:\UsbFix [Scan 2] EARVIN-PC.txt
2013-11-28 01:43 - 2013-11-28 01:43 - 00000585 _____ C:\Users\User\Desktop\fixlist.txt
2013-11-28 01:41 - 2013-11-28 01:41 - 00000243 _____ C:\Users\User\Downloads\Search.txt
2013-11-28 01:23 - 2013-11-28 01:24 - 00022327 _____ C:\Users\User\Downloads\Addition.txt
2013-11-28 01:22 - 2013-11-29 19:31 - 00024518 _____ C:\Users\User\Downloads\FRST.txt
2013-11-28 01:22 - 2013-11-28 01:22 - 00000000 ____D C:\FRST
2013-11-28 01:19 - 2013-11-28 01:19 - 00006816 _____ C:\UsbFix [Listing 1 ] EARVIN-PC.txt
2013-11-28 01:18 - 2013-11-29 19:22 - 00002146 _____ C:\Users\User\Desktop\UsbFix Donate.lnk
2013-11-28 01:11 - 2013-11-28 01:18 - 00013755 _____ C:\UsbFix [Scan 1] EARVIN-PC.txt
2013-11-28 01:10 - 2013-11-29 19:26 - 00000000 ____D C:\UsbFix
2013-11-28 01:07 - 2013-11-28 01:08 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\User\Downloads\UsbFix.exe
2013-11-28 01:02 - 2013-11-28 01:02 - 00655360 _____ C:\Users\User\Downloads\MicrosoftFixit50471.msi
2013-11-28 00:22 - 2013-11-28 00:22 - 00040657 _____ C:\Users\User\Downloads\[kickass.to]the.walking.dead.season.4.episode.7.720p.hdtv.glowgaze.torrent
2013-11-28 00:08 - 2013-11-28 00:08 - 00000000 ____D C:\Users\User\AppData\Roaming\LockHunter
2013-11-28 00:08 - 2013-11-28 00:08 - 00000000 ____D C:\Program Files\LockHunter
2013-11-28 00:07 - 2013-11-28 00:07 - 03029032 _____ (Crystal Rich Ltd                                            ) C:\Users\User\Downloads\lockhuntersetup_3-1-1.exe
2013-11-27 22:28 - 2013-11-27 22:28 - 00003138 _____ C:\Windows\System32\Tasks\{9F65B43D-1590-46C8-97CD-B18C903B4A27}
2013-11-27 22:27 - 2013-11-27 22:27 - 00132597 _____ C:\Users\User\Downloads\Flash_Disinfector.exe
2013-11-27 10:05 - 2013-11-27 10:05 - 00004451 _____ C:\Users\User\Downloads\[kickass.to]kickasstorrents.app.version.1.1.5.no.ads.apk.cm.torrent
2013-11-18 09:28 - 2013-11-18 09:28 - 00002133 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-11-18 09:28 - 2013-11-18 09:28 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2013-11-18 09:26 - 2013-11-18 09:26 - 07401472 _____ C:\Users\User\Downloads\PathOfExileInstaller.msi
2013-11-17 12:16 - 2013-11-17 12:16 - 00649054 _____ C:\Users\User\Desktop\SCAN 3.jpeg
2013-11-11 21:43 - 2013-11-11 21:43 - 00448588 _____ C:\Users\User\Desktop\SCAN2.jpeg
2013-11-11 21:42 - 2013-11-11 21:41 - 00292871 _____ C:\Users\User\Desktop\SCAN1.jpeg
2013-11-07 17:02 - 2013-11-07 17:02 - 00000000 ____D C:\Users\User\Documents\Wizards of the Coast
2013-11-07 13:37 - 2013-11-07 13:37 - 00159232 _____ C:\Users\User\Downloads\Pricelist - Nov 5, 2013.xls
2013-11-03 10:33 - 2013-11-03 10:33 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-11-03 10:31 - 2013-11-03 10:32 - 06952512 _____ (TeamViewer GmbH) C:\Users\User\Downloads\TeamViewer_Setup-ckq.exe
 
==================== One Month Modified Files and Folders =======
 
2013-11-29 19:31 - 2013-11-28 01:22 - 00024518 _____ C:\Users\User\Downloads\FRST.txt
2013-11-29 19:30 - 2013-11-29 19:30 - 01959024 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-11-29 19:26 - 2013-11-29 19:26 - 00005481 _____ C:\UsbFix [Listing 2 ] EARVIN-PC.txt
2013-11-29 19:26 - 2013-11-28 01:10 - 00000000 ____D C:\UsbFix
2013-11-29 19:24 - 2009-07-14 12:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 19:24 - 2009-07-14 12:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 19:22 - 2013-11-29 19:15 - 00013143 _____ C:\UsbFix [Scan 3] EARVIN-PC.txt
2013-11-29 19:22 - 2013-11-28 01:18 - 00002146 _____ C:\Users\User\Desktop\UsbFix Donate.lnk
2013-11-29 19:13 - 2013-10-24 23:55 - 00000000 ___RD C:\Users\User\Google Drive
2013-11-29 19:13 - 2013-06-22 16:01 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2013-11-29 19:13 - 2013-04-02 01:50 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-11-29 19:13 - 2012-04-24 11:51 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-29 19:11 - 2012-11-22 14:53 - 198200689 _____ C:\Windows\SysWOW64\http_ss.log
2013-11-29 19:11 - 2012-11-22 14:53 - 00000074 _____ C:\Windows\SysWOW64\log.log
2013-11-29 19:11 - 2010-07-08 17:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-29 19:10 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-29 19:10 - 2009-07-14 12:51 - 00195351 _____ C:\Windows\setupact.log
2013-11-29 19:07 - 2013-11-29 19:07 - 00011558 _____ C:\UsbFix [Scan 2] EARVIN-PC.txt
2013-11-29 19:07 - 2010-07-08 20:06 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2013-11-29 18:59 - 2012-08-23 01:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-29 18:43 - 2010-07-08 19:49 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000UA.job
2013-11-29 11:43 - 2010-07-08 19:49 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000Core.job
2013-11-28 23:46 - 2010-07-08 17:38 - 01592775 _____ C:\Windows\WindowsUpdate.log
2013-11-28 16:55 - 2009-07-14 13:13 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-28 01:43 - 2013-11-28 01:43 - 00000585 _____ C:\Users\User\Desktop\fixlist.txt
2013-11-28 01:41 - 2013-11-28 01:41 - 00000243 _____ C:\Users\User\Downloads\Search.txt
2013-11-28 01:24 - 2013-11-28 01:23 - 00022327 _____ C:\Users\User\Downloads\Addition.txt
2013-11-28 01:22 - 2013-11-28 01:22 - 00000000 ____D C:\FRST
2013-11-28 01:19 - 2013-11-28 01:19 - 00006816 _____ C:\UsbFix [Listing 1 ] EARVIN-PC.txt
2013-11-28 01:18 - 2013-11-28 01:11 - 00013755 _____ C:\UsbFix [Scan 1] EARVIN-PC.txt
2013-11-28 01:08 - 2013-11-28 01:07 - 01204601 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\User\Downloads\UsbFix.exe
2013-11-28 01:02 - 2013-11-28 01:02 - 00655360 _____ C:\Users\User\Downloads\MicrosoftFixit50471.msi
2013-11-28 00:22 - 2013-11-28 00:22 - 00040657 _____ C:\Users\User\Downloads\[kickass.to]the.walking.dead.season.4.episode.7.720p.hdtv.glowgaze.torrent
2013-11-28 00:08 - 2013-11-28 00:08 - 00000000 ____D C:\Users\User\AppData\Roaming\LockHunter
2013-11-28 00:08 - 2013-11-28 00:08 - 00000000 ____D C:\Program Files\LockHunter
2013-11-28 00:07 - 2013-11-28 00:07 - 03029032 _____ (Crystal Rich Ltd                                            ) C:\Users\User\Downloads\lockhuntersetup_3-1-1.exe
2013-11-27 23:54 - 2010-07-08 18:00 - 00127220 _____ C:\Windows\PFRO.log
2013-11-27 23:20 - 2013-07-11 13:02 - 00000000 ____D C:\Users\User\Desktop\S4 sd card backup
2013-11-27 22:28 - 2013-11-27 22:28 - 00003138 _____ C:\Windows\System32\Tasks\{9F65B43D-1590-46C8-97CD-B18C903B4A27}
2013-11-27 22:27 - 2013-11-27 22:27 - 00132597 _____ C:\Users\User\Downloads\Flash_Disinfector.exe
2013-11-27 10:05 - 2013-11-27 10:05 - 00004451 _____ C:\Users\User\Downloads\[kickass.to]kickasstorrents.app.version.1.1.5.no.ads.apk.cm.torrent
2013-11-21 23:41 - 2013-08-17 18:28 - 00000884 __RSH C:\Users\User\ntuser.pol
2013-11-20 22:01 - 2010-12-02 15:06 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-11-19 21:36 - 2013-05-20 22:57 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-19 21:36 - 2013-05-20 22:57 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-18 09:28 - 2013-11-18 09:28 - 00002133 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-11-18 09:28 - 2013-11-18 09:28 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2013-11-18 09:28 - 2011-11-06 15:08 - 00000000 ____D C:\Users\User\Documents\My Games
2013-11-18 09:26 - 2013-11-18 09:26 - 07401472 _____ C:\Users\User\Downloads\PathOfExileInstaller.msi
2013-11-17 12:16 - 2013-11-17 12:16 - 00649054 _____ C:\Users\User\Desktop\SCAN 3.jpeg
2013-11-11 21:43 - 2013-11-11 21:43 - 00448588 _____ C:\Users\User\Desktop\SCAN2.jpeg
2013-11-11 21:41 - 2013-11-11 21:42 - 00292871 _____ C:\Users\User\Desktop\SCAN1.jpeg
2013-11-10 23:40 - 2009-07-14 12:45 - 00416112 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-09 12:41 - 2010-07-08 19:35 - 00109312 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-07 17:02 - 2013-11-07 17:02 - 00000000 ____D C:\Users\User\Documents\Wizards of the Coast
2013-11-07 13:37 - 2013-11-07 13:37 - 00159232 _____ C:\Users\User\Downloads\Pricelist - Nov 5, 2013.xls
2013-11-07 02:32 - 2013-10-22 22:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2013-11-03 10:33 - 2013-11-03 10:33 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-11-03 10:32 - 2013-11-03 10:31 - 06952512 _____ (TeamViewer GmbH) C:\Users\User\Downloads\TeamViewer_Setup-ckq.exe
 
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\6776a5bb-32e5-4148-b5cc-14515591072d.exe
C:\Users\User\AppData\Local\Temp\7z.dll
C:\Users\User\AppData\Local\Temp\7z.exe
C:\Users\User\AppData\Local\Temp\ainjectr (1).exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\bdfilters.dll
C:\Users\User\AppData\Local\Temp\dtkill.exe
C:\Users\User\AppData\Local\Temp\Executor.exe
C:\Users\User\AppData\Local\Temp\i4jdel0.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\User\AppData\Local\Temp\msvcr80.dll
C:\Users\User\AppData\Local\Temp\NGM.exe
C:\Users\User\AppData\Local\Temp\NGMDll.dll
C:\Users\User\AppData\Local\Temp\NGMResource.dll
C:\Users\User\AppData\Local\Temp\NGMSetup.exe
C:\Users\User\AppData\Local\Temp\nircmd.exe
C:\Users\User\AppData\Local\Temp\pv.exe
C:\Users\User\AppData\Local\Temp\rootsupd.exe
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1382409122038.exe
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1383296248699.exe
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1383761699498.exe
C:\Users\User\AppData\Local\Temp\SimPack.exe
C:\Users\User\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\User\AppData\Local\Temp\tbuTor.dll
C:\Users\User\AppData\Local\Temp\unicows.dll
C:\Users\User\AppData\Local\Temp\vfind.exe
C:\Users\User\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\User\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\User\AppData\Local\Temp\zlib1.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-20 00:02
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2013
Ran by User at 2013-11-28 01:23:45
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Lavasoft Ad-Aware (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
 
==================== Installed Programs ======================
 
µTorrent (x32 Version: 3.1.3)
Ad-Aware Antivirus (x32 Version: 10.5.2.4379)
Ad-Aware Security Add-on (x32 Version: 2.5.0.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
AllShare Framework DMS (Version: 1.3.21)
Android Injector 2.23 (x32)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 14.0.1.749)
Baldur's Gate™ II - Throne of Bhaal ™ (x32)
Bandisoft MPEG-1 Decoder (x32)
Bonjour (Version: 3.0.0.10)
Crysis® 2 (x32 Version: 1.0.0.0)
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
DefaultTab (x32 Version: 2.2.8.0)
DefaultTab Chrome (x32 Version: 1.1.25)
Deus Ex - Human Revolution version 1.0 (x32 Version: 1.0)
Deus Ex Human Revolution - The Missing Link (x32)
Diablo III (x32)
Dragon Age: Origins (x32 Version: 1.04)
Dropbox (HKCU Version: 2.2.3)
EA Download Manager (x32 Version: 7.3.7.4)
EntraWorks Control (x32)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Folder Guard (Version: 7.91)
Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8 (x32)
Free Mouse Auto Clicker 3.0 (x32)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Gunpoint (x32 Version: 2.0.0.0)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0)
HP Product Detection (x32 Version: 11.14.0001)
ImagXpress (x32 Version: 7.0.74.0)
ImgBurn (x32 Version: 2.5.7.0)
IPlus (x32)
iTunes (Version: 10.6.0.40)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
K-Lite Codec Pack 9.3.0 (Basic) (x32 Version: 9.3.0)
LockHunter 3.1, 32/64 bit
Magic 2014 Demo (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.0.0)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014)
Microsoft Silverlight (x32 Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mozilla Firefox 19.0.2 (x86 en-US) (x32 Version: 19.0.2)
Mozilla Maintenance Service (x32 Version: 19.0.2)
MSXML 4.0 SP2 파서 및 SDK (x32 Version: 4.20.9818.0)
Nero 9 Essentials (x32)
neroxml (x32 Version: 1.0.0)
NVIDIA Display Control Panel (Version: 6.14.12.5721)
NVIDIA Drivers (Version: 1.10.61.39)
NVIDIA PhysX (x32 Version: 9.12.0613)
NVIDIA Stereoscopic 3D Driver (x32 Version: 1.0)
Path of Exile (x32 Version: 1.0.1.29560)
ProxyCap (Version: 5.2.13)
QUBE CCTV SYSTEM (x32 Version: 4.0.0)
QuickTime (x32 Version: 7.71.80.42)
Rogue Legacy version 0.0.0.9 (x32 Version: 0.0.0.9)
Samsung Kies (x32 Version: 2.5.3.13043_14)
Samsung Link 1.7.0.1311052230 (Version: 1.7.0.1311052230)
SAMSUNG PC Share Manager (x32 Version: 4.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)
SoftCamp Secure KeyStroke 4.0 (x32)
Star Wars®: Knights of the Old Republic ™ (x32)
StarCraft II (x32 Version: )
Steam (x32 Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.6.1020)
TeamViewer 8 (x32 Version: 8.0.22298)
The KMPlayer (remove only) (x32 Version: 3.4.0.59)
TouchEn Key with E2E for 32bit (x32)
Unity Web Player (HKCU Version: )
UsbFix By El Desaparecido (x32)
Ventrilo Client (x32 Version: 3.0.8)
VLC media player 2.0.8 (x32 Version: 2.0.8)
WebCube (x32)
Windows Internet Explorer KoreanKeyword V.2.2.1.1 (x32)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR archiver (x32)
XecureWeb Control (x32)
YTD Video Downloader 4.3 (x32 Version: 4.3)
 
==================== Restore Points  =========================
 
27-11-2013 17:02:46 Installed Microsoft Fix it 50471
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {4F64336B-C062-4FDA-96F5-1F780FF76E57} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-03-18] (Lavasoft Limited)
Task: {598E04D2-8ECE-4D0C-A6B6-A80EA1D36ABE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-08] (Google Inc.)
Task: {C5EDB74B-AE2F-4025-8B03-2BC3C43A6DEA} - System32\Tasks\IPlusUpdate => C:\Program Files\iplus\IPlusUpdate.exe
Task: {DD5B57A5-B274-4BAE-8FA0-6923A3523620} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {F8F17A5E-8779-4F57-8935-92D500523D3F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-20 22:57 - 2013-05-20 22:49 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-15 06:45 - 2013-11-14 19:28 - 00702416 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-15 06:45 - 2013-11-14 19:28 - 00099792 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-15 06:45 - 2013-11-14 19:29 - 04055504 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-15 06:45 - 2013-11-14 19:29 - 00399312 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-15 06:45 - 2013-11-14 19:28 - 01619408 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-15 06:45 - 2013-11-14 19:29 - 13582800 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\User\Desktop\SCAN 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\User\Desktop\SCAN 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\User\Desktop\SCAN1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\User\Desktop\SCAN1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\User\Desktop\SCAN2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\User\Desktop\SCAN2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/28/2013 01:08:05 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (11/28/2013 01:05:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x521c1792
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x521c1792
Exception code: 0xc0000005
Fault offset: 0x00002db0
Faulting process id: 0x4c8
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3
 
Error: (11/28/2013 01:03:51 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{E7D7D823-4EBE-4021-8F71-D73178574781}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}WLP_SENS_EVENT_LOGOFF
 
Error: (11/27/2013 11:56:04 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (11/27/2013 11:54:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x521c1792
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x521c1792
Exception code: 0xc0000005
Fault offset: 0x00002db0
Faulting process id: 0x754
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3
 
Error: (11/27/2013 11:52:46 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{E7D7D823-4EBE-4021-8F71-D73178574781}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}WLP_SENS_EVENT_LOGOFF
 
Error: (11/27/2013 11:49:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc9bb
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5be02b
Exception code: 0xc000041d
Fault offset: 0x0000000000051da0
Faulting process id: 0x25a54
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (11/27/2013 11:34:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc9bb
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5be02b
Exception code: 0xc000041d
Fault offset: 0x0000000000051da0
Faulting process id: 0x808
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (11/27/2013 10:59:14 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (11/27/2013 03:17:41 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (11/28/2013 01:12:18 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Ad-Aware service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Samsung Link Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The ProxyCap Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2010-08-31 02:01:02.756
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\VGBF392.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-31 02:01:02.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\VGBF392.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-11 17:32:00.814
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\PBX941B.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-11 17:32:00.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\PBX941B.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-11 17:31:29.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\IWPE59.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-11 17:31:29.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\IWPE59.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-07 13:55:58.082
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\LSP1D7.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-07 13:55:58.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\LSP1D7.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-07 13:55:03.451
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\HTJ22EE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-07 13:55:03.439
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\HTJ22EE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 4087.05 MB
Available physical RAM: 2325.5 MB
Total Pagefile: 8172.26 MB
Available Pagefile: 5953.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:195.21 GB) (Free:28.07 GB) NTFS
Drive d: (datadrive) (Fixed) (Total:736.2 GB) (Free:61.95 GB) NTFS
Drive j: (New Volume) (Removable) (Total:59.47 GB) (Free:32.6 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CE5BC065)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=736 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 59 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 kaperr

kaperr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 29 November 2013 - 06:36 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2013
Ran by User at 2013-11-28 01:23:45
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Lavasoft Ad-Aware (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
 
==================== Installed Programs ======================
 
µTorrent (x32 Version: 3.1.3)
Ad-Aware Antivirus (x32 Version: 10.5.2.4379)
Ad-Aware Security Add-on (x32 Version: 2.5.0.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
AllShare Framework DMS (Version: 1.3.21)
Android Injector 2.23 (x32)
Apple Application Support (x32 Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 14.0.1.749)
Baldur's Gate™ II - Throne of Bhaal ™ (x32)
Bandisoft MPEG-1 Decoder (x32)
Bonjour (Version: 3.0.0.10)
Crysis® 2 (x32 Version: 1.0.0.0)
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
DefaultTab (x32 Version: 2.2.8.0)
DefaultTab Chrome (x32 Version: 1.1.25)
Deus Ex - Human Revolution version 1.0 (x32 Version: 1.0)
Deus Ex Human Revolution - The Missing Link (x32)
Diablo III (x32)
Dragon Age: Origins (x32 Version: 1.04)
Dropbox (HKCU Version: 2.2.3)
EA Download Manager (x32 Version: 7.3.7.4)
EntraWorks Control (x32)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Folder Guard (Version: 7.91)
Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8 (x32)
Free Mouse Auto Clicker 3.0 (x32)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Gunpoint (x32 Version: 2.0.0.0)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0)
HP Product Detection (x32 Version: 11.14.0001)
ImagXpress (x32 Version: 7.0.74.0)
ImgBurn (x32 Version: 2.5.7.0)
IPlus (x32)
iTunes (Version: 10.6.0.40)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
K-Lite Codec Pack 9.3.0 (Basic) (x32 Version: 9.3.0)
LockHunter 3.1, 32/64 bit
Magic 2014 Demo (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.0.0)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014)
Microsoft Silverlight (x32 Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mozilla Firefox 19.0.2 (x86 en-US) (x32 Version: 19.0.2)
Mozilla Maintenance Service (x32 Version: 19.0.2)
MSXML 4.0 SP2 파서 및 SDK (x32 Version: 4.20.9818.0)
Nero 9 Essentials (x32)
neroxml (x32 Version: 1.0.0)
NVIDIA Display Control Panel (Version: 6.14.12.5721)
NVIDIA Drivers (Version: 1.10.61.39)
NVIDIA PhysX (x32 Version: 9.12.0613)
NVIDIA Stereoscopic 3D Driver (x32 Version: 1.0)
Path of Exile (x32 Version: 1.0.1.29560)
ProxyCap (Version: 5.2.13)
QUBE CCTV SYSTEM (x32 Version: 4.0.0)
QuickTime (x32 Version: 7.71.80.42)
Rogue Legacy version 0.0.0.9 (x32 Version: 0.0.0.9)
Samsung Kies (x32 Version: 2.5.3.13043_14)
Samsung Link 1.7.0.1311052230 (Version: 1.7.0.1311052230)
SAMSUNG PC Share Manager (x32 Version: 4.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)
SoftCamp Secure KeyStroke 4.0 (x32)
Star Wars®: Knights of the Old Republic ™ (x32)
StarCraft II (x32 Version: )
Steam (x32 Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.6.1020)
TeamViewer 8 (x32 Version: 8.0.22298)
The KMPlayer (remove only) (x32 Version: 3.4.0.59)
TouchEn Key with E2E for 32bit (x32)
Unity Web Player (HKCU Version: )
UsbFix By El Desaparecido (x32)
Ventrilo Client (x32 Version: 3.0.8)
VLC media player 2.0.8 (x32 Version: 2.0.8)
WebCube (x32)
Windows Internet Explorer KoreanKeyword V.2.2.1.1 (x32)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR archiver (x32)
XecureWeb Control (x32)
YTD Video Downloader 4.3 (x32 Version: 4.3)
 
==================== Restore Points  =========================
 
27-11-2013 17:02:46 Installed Microsoft Fix it 50471
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {4F64336B-C062-4FDA-96F5-1F780FF76E57} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-03-18] (Lavasoft Limited)
Task: {598E04D2-8ECE-4D0C-A6B6-A80EA1D36ABE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-08] (Google Inc.)
Task: {C5EDB74B-AE2F-4025-8B03-2BC3C43A6DEA} - System32\Tasks\IPlusUpdate => C:\Program Files\iplus\IPlusUpdate.exe
Task: {DD5B57A5-B274-4BAE-8FA0-6923A3523620} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {F8F17A5E-8779-4F57-8935-92D500523D3F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534387042-2677290573-1437742574-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-20 22:57 - 2013-05-20 22:49 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-15 06:45 - 2013-11-14 19:28 - 00702416 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-15 06:45 - 2013-11-14 19:28 - 00099792 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-15 06:45 - 2013-11-14 19:29 - 04055504 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-15 06:45 - 2013-11-14 19:29 - 00399312 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-15 06:45 - 2013-11-14 19:28 - 01619408 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-15 06:45 - 2013-11-14 19:29 - 13582800 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\User\Desktop\SCAN 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\User\Desktop\SCAN 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\User\Desktop\SCAN1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\User\Desktop\SCAN1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\User\Desktop\SCAN2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\User\Desktop\SCAN2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/28/2013 01:08:05 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (11/28/2013 01:05:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x521c1792
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x521c1792
Exception code: 0xc0000005
Fault offset: 0x00002db0
Faulting process id: 0x4c8
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3
 
Error: (11/28/2013 01:03:51 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{E7D7D823-4EBE-4021-8F71-D73178574781}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}WLP_SENS_EVENT_LOGOFF
 
Error: (11/27/2013 11:56:04 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (11/27/2013 11:54:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x521c1792
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x521c1792
Exception code: 0xc0000005
Fault offset: 0x00002db0
Faulting process id: 0x754
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3
 
Error: (11/27/2013 11:52:46 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{E7D7D823-4EBE-4021-8F71-D73178574781}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}WLP_SENS_EVENT_LOGOFF
 
Error: (11/27/2013 11:49:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc9bb
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5be02b
Exception code: 0xc000041d
Fault offset: 0x0000000000051da0
Faulting process id: 0x25a54
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (11/27/2013 11:34:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc9bb
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5be02b
Exception code: 0xc000041d
Fault offset: 0x0000000000051da0
Faulting process id: 0x808
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (11/27/2013 10:59:14 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (11/27/2013 03:17:41 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (11/28/2013 01:12:18 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Ad-Aware service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The Samsung Link Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2013 01:11:48 AM) (Source: Service Control Manager) (User: )
Description: The ProxyCap Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2010-08-31 02:01:02.756
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\VGBF392.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-31 02:01:02.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\VGBF392.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-11 17:32:00.814
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\PBX941B.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-11 17:32:00.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\PBX941B.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-11 17:31:29.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\IWPE59.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-11 17:31:29.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\IWPE59.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-07 13:55:58.082
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\LSP1D7.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-07 13:55:58.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\LSP1D7.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-07 13:55:03.451
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\HTJ22EE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-07 13:55:03.439
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\User\AppData\Local\Temp\HTJ22EE.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 4087.05 MB
Available physical RAM: 2325.5 MB
Total Pagefile: 8172.26 MB
Available Pagefile: 5953.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:195.21 GB) (Free:28.07 GB) NTFS
Drive d: (datadrive) (Fixed) (Total:736.2 GB) (Free:61.95 GB) NTFS
Drive j: (New Volume) (Removable) (Total:59.47 GB) (Free:32.6 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CE5BC065)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=736 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 59 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:29 PM

Posted 29 November 2013 - 02:00 PM

Thanks for the reports.

On:

something is wrong because 2 nights before tonight... whenever i plug in the SD card via a card reader... i wasnt getting any prompts saying the drive is not formatted. tonight it is saying that it cannot be read because it needs to be formatted

All we have done so far is run diagnostics. There has been no action to remove any files yet.
That is what we about to do now.

You need to have FRST on the Desktop, please. This is where it is at now: Running from C:\Users\User\Downloads
Otherwise, the following will not work.


:step1: Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the Desktop, and name it: fixlist.txt
 
start
HKLM-x32\...\Runonce: [] -  [x]
MountPoints2: {c6422525-8017-11e1-ac87-e0cb4ed4241c} - I:\autorun.exe
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Winsock: Catalog5 08 pcapwsp.dll File Not found ()
Winsock: Catalog9 01 pcapwsp.dll File Not found ()
Winsock: Catalog9 02 pcapwsp.dll File Not found ()
Winsock: Catalog9 03 pcapwsp.dll File Not found ()
Winsock: Catalog9 04 pcapwsp.dll File Not found ()
Winsock: Catalog9 15 pcapwsp.dll File Not found ()
Winsock: Catalog5-x64 08 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 01 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 02 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 03 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 04 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 15 pcapwsp.dll File Not found ()
C:\Users\Guest\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\6776a5bb-32e5-4148-b5cc-14515591072d.exe
C:\Users\User\AppData\Local\Temp\7z.dll
C:\Users\User\AppData\Local\Temp\7z.exe
C:\Users\User\AppData\Local\Temp\ainjectr (1).exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\bdfilters.dll
C:\Users\User\AppData\Local\Temp\dtkill.exe
C:\Users\User\AppData\Local\Temp\Executor.exe
C:\Users\User\AppData\Local\Temp\i4jdel0.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\User\AppData\Local\Temp\msvcr80.dll
C:\Users\User\AppData\Local\Temp\NGM.exe
C:\Users\User\AppData\Local\Temp\NGMDll.dll
C:\Users\User\AppData\Local\Temp\NGMResource.dll
C:\Users\User\AppData\Local\Temp\NGMSetup.exe
C:\Users\User\AppData\Local\Temp\nircmd.exe
C:\Users\User\AppData\Local\Temp\pv.exe
C:\Users\User\AppData\Local\Temp\rootsupd.exe
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1382409122038.exe
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1383296248699.exe
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1383761699498.exe
C:\Users\User\AppData\Local\Temp\SimPack.exe
C:\Users\User\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\User\AppData\Local\Temp\tbuTor.dll
C:\Users\User\AppData\Local\Temp\unicows.dll
C:\Users\User\AppData\Local\Temp\vfind.exe
C:\Users\User\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\User\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\User\AppData\Local\Temp\zlib1.dll
end
Once again, double-click FRST to run it.
When the tool opens click Yes to disclaimer.

Press the Fix button just once, and wait.

When done, FRST produces Fixlog.txt on the Desktop.
>> Please provide the Fixlog.txt on your reply.


:step2: Now, please run USBFix once again

Press: Deletion

[i]When done, the program closes on its own, and a report appears.

>> Please post the UsbFix.txt (Deletion) report in your reply.

Note: As before, if your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program.

Check the SD drive and see if the .vbs file is gone.

Edited by Aaflac, 07 December 2013 - 11:46 PM.

Old duck...


#9 kaperr

kaperr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 29 November 2013 - 08:15 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-11-2013
Ran by User at 2013-11-30 09:14:42 Run:2
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Runonce: [] -  [x]
MountPoints2: {c6422525-8017-11e1-ac87-e0cb4ed4241c} - I:\autorun.exe
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Winsock: Catalog5 08 pcapwsp.dll File Not found ()
Winsock: Catalog9 01 pcapwsp.dll File Not found ()
Winsock: Catalog9 02 pcapwsp.dll File Not found ()
Winsock: Catalog9 03 pcapwsp.dll File Not found ()
Winsock: Catalog9 04 pcapwsp.dll File Not found ()
Winsock: Catalog9 15 pcapwsp.dll File Not found ()
Winsock: Catalog5-x64 08 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 01 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 02 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 03 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 04 pcapwsp.dll File Not found ()
Winsock: Catalog9-x64 15 pcapwsp.dll File Not found ()
C:\Users\Guest\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\6776a5bb-32e5-4148-b5cc-14515591072d.exe
C:\Users\User\AppData\Local\Temp\7z.dll
C:\Users\User\AppData\Local\Temp\7z.exe
C:\Users\User\AppData\Local\Temp\ainjectr (1).exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\bdfilters.dll
C:\Users\User\AppData\Local\Temp\dtkill.exe
C:\Users\User\AppData\Local\Temp\Executor.exe
C:\Users\User\AppData\Local\Temp\i4jdel0.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\User\AppData\Local\Temp\msvcr80.dll
C:\Users\User\AppData\Local\Temp\NGM.exe
C:\Users\User\AppData\Local\Temp\NGMDll.dll
C:\Users\User\AppData\Local\Temp\NGMResource.dll
C:\Users\User\AppData\Local\Temp\NGMSetup.exe
C:\Users\User\AppData\Local\Temp\nircmd.exe
C:\Users\User\AppData\Local\Temp\pv.exe
C:\Users\User\AppData\Local\Temp\rootsupd.exe
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1382409122038.exe
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1383296248699.exe
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1383761699498.exe
C:\Users\User\AppData\Local\Temp\SimPack.exe
C:\Users\User\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\User\AppData\Local\Temp\tbuTor.dll
C:\Users\User\AppData\Local\Temp\unicows.dll
C:\Users\User\AppData\Local\Temp\vfind.exe
C:\Users\User\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\User\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\User\AppData\Local\Temp\zlib1.dll
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6422525-8017-11e1-ac87-e0cb4ed4241c} => Key deleted successfully.
HKCR\CLSID\{c6422525-8017-11e1-ac87-e0cb4ed4241c} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value deleted successfully.
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
Winsock: Catalog entry 000000000008 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
Winsock: Catalog entry 000000000008 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
C:\Users\Guest\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\6776a5bb-32e5-4148-b5cc-14515591072d.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\7z.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\7z.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\ainjectr (1).exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\bdfilters.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\dtkill.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\Executor.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\msvcr80.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\NGM.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\NGMResource.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\NGMSetup.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\nircmd.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\pv.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\rootsupd.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1382409122038.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1383296248699.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\SamsungAPInstaller_1383761699498.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\SimPack.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\tbuTor.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\unicows.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\vfind.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\vlc-2.0.7-win32.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\zlib1.dll => Moved successfully.
 
==== End of Fixlog ====


#10 kaperr

kaperr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 29 November 2013 - 08:43 PM

After the deletion process my computer cant surf anymore. iam connected to the internet but any form of browser surfing doesnt work. Also the drive where the sd card is connected is still not accesible. It still says the drive needs to be formated but whenever I try it cant

#11 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:29 PM

Posted 29 November 2013 - 10:52 PM

:exclame:  Can you connect with your browsers in Safe Mode with Networking?

As the computer is boots, tap the F8 key

When the Windows Advanced Options Menu appears, use arrow keys to select: Safe Mode with Networking 

Press the Enter key.

Try your browsers.

 

:exclame:  If you can connect, there is an issue of concern here. Are you running two Antivirus programs at the same time: AdAware AV and Avira Antivir?

That may be a factor in the reason for not connecting with your browsers. You may need to temporarily uninstall them, and see if the browsers work. If they do, then install only one AV program, and try the browsers again.

 

:exclame:  If the above does not resolve the browser issue, please do the following:

Please go to Start > All Programs > Accessories, right click on Command Prompt, and select: Run as administrator
At the Command Prompt, type, or copy/paste (with mouse), the following command, and press: Enter

netsh winsock reset

The following message appears: "Successfully reset the Winsock Catalog. You must restart the computer in order to complete the reset."

As requested, restart the computer.

Can you use your browsers?

 

 

:exclame:  On:

Also the drive where the sd card is connected is still not accessible. It still says the drive needs to be formatted but whenever I try it cant          

 

Does the same happen if you connect the SD card to a different computer?

 

:exclame:  Also, please post a screen capture of your Disk Management window:

http://www.sevenforums.com/tutorials/274797-disk-management-post-screen-capture-image.html
 


Old duck...


#12 kaperr

kaperr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 29 November 2013 - 11:10 PM

Yes there 2 antivirus programs. I sort of panicked so now im on my way to my friend so he can reformat my computer. I will once again try the steps above when my computer is back. Also... I think there is something wrong with my sd card reader.. the same thing happens when I use a different SD card

#13 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:29 PM

Posted 29 November 2013 - 11:21 PM

sort of panicked so now im on my way to my friend so he can reformat my computer. I will once again try the steps above when my computer is back

 

There is no point in doing so, if you are having the Operating System re-installed.

 

 

On the SD card, do you have access to a computer where you can directly plug in the card, and check it out that way?

You may also have some data corruption in the SD card...


Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users