Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advertisements playing in the background


  • This topic is locked This topic is locked
19 replies to this topic

#1 stoppolees

stoppolees

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 02 January 2014 - 07:04 PM

Hi starting yesterday I've been having random advertisements playing in the background with no running processes. I ran scans with Malwarebytes and Microsoft Security Essentials, but both came clean. The ads are still playing, and I have no idea why.



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 PM

Posted 03 January 2014 - 10:00 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 stoppolees

stoppolees
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 03 January 2014 - 12:01 PM

Hi Georgi, thanks.

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by Keefe (administrator) on KEEFE-PC on 03-01-2014 11:56:29
Running from C:\Users\Keefe\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Flux Software LLC) C:\Users\Keefe\AppData\Local\FluxSoftware\Flux\flux.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] - H:\Keefe\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [F.lux] - C:\Users\Keefe\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7892864 2013-09-02] (Binary Fortress Software)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-19] (SUPERAntiSpyware)
MountPoints2: G - G:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {654a6d38-2ddb-11e2-85b1-5404a608ac0f} - I:\setup.exe -a
MountPoints2: {9cd87fae-a6bd-11e2-9d3c-5404a608ac0f} - G:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {d6c5a034-bda7-11e2-b108-5404a608ac0f} - G:\VZW_Software_upgrade_assistant_installer.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {6888F413-0BF4-4297-AC80-6B4D7E98AEDD} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKCU - {6888F413-0BF4-4297-AC80-6B4D7E98AEDD} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKCU - {CD3EA438-D4C5-4830-96DF-1EDF984EF5B5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12

FireFox:
========
FF ProfilePath: C:\Users\Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\ybpcu9qo.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://nfl.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Reddit Enhancement Suite - C:\Users\Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\ybpcu9qo.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF Extension: Adblock Plus - C:\Users\Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\ybpcu9qo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1315728 2013-09-02] (Binary Fortress Software)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [121616 2013-11-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-12] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWow64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWow64\EuGdiDrv.sys [9160 2013-03-07] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2014-01-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-03 11:56 - 2014-01-03 11:56 - 00014235 _____ C:\Users\Keefe\Desktop\FRST.txt
2014-01-03 11:53 - 2014-01-03 11:53 - 00000000 ____D C:\FRST
2014-01-03 11:52 - 2014-01-03 11:53 - 01931750 _____ (Farbar) C:\Users\Keefe\Desktop\FRST64.exe
2014-01-03 00:16 - 2014-01-03 00:16 - 00000000 ____S C:\Windows\system32\vbzkm.gbp
2014-01-02 20:15 - 2014-01-02 20:15 - 00000676 _____ C:\Windows\PFRO.log
2014-01-02 18:44 - 2014-01-02 18:44 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 18:38 - 2014-01-02 18:38 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-02 15:47 - 2014-01-03 02:00 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560.job
2014-01-02 15:47 - 2014-01-02 23:47 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3.job
2014-01-02 15:47 - 2014-01-02 15:47 - 00003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560
2014-01-02 15:47 - 2014-01-02 15:47 - 00003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-02 15:39 - 2014-01-03 11:45 - 00001176 _____ C:\Windows\setupact.log
2014-01-02 15:39 - 2014-01-02 15:39 - 00000000 _____ C:\Windows\setuperr.log
2014-01-02 00:37 - 2014-01-02 00:37 - 00037376 _____ C:\Windows\system32\fbahdh.ywi
2014-01-02 00:27 - 2014-01-03 11:47 - 00000082 _____ C:\Windows\system32\orkvp.zgi
2014-01-02 00:27 - 2014-01-02 00:37 - 00000100 _____ C:\Windows\system32\ldlgrww.jxt
2014-01-02 00:27 - 2014-01-02 00:27 - 00000064 _____ C:\Windows\system32\iniouan.hkq
2014-01-02 00:11 - 2014-01-02 00:11 - 00219314 ____S C:\Windows\system32\jclawb.jof
2013-12-30 17:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-30 17:21 - 2013-12-30 17:21 - 00000221 _____ C:\Users\Keefe\Desktop\LIMBO.url
2013-12-30 13:52 - 2013-12-30 13:52 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-30 13:49 - 2013-12-30 13:53 - 00000222 _____ C:\Users\Keefe\Desktop\Risk of Rain.url
2013-12-30 03:12 - 2014-01-03 11:44 - 00003316 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Keefe
2013-12-28 20:36 - 2013-12-28 20:36 - 00000222 _____ C:\Users\Keefe\Desktop\Dust An Elysian Tail.url
2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\InstallShield
2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\ILLUSION
2013-12-24 13:32 - 2013-12-24 13:32 - 00001745 _____ C:\Users\Public\Desktop\Long Live the Queen.lnk
2013-12-24 13:32 - 2013-12-24 13:32 - 00000000 ____D C:\GOG Games
2013-12-24 13:27 - 2013-12-24 13:27 - 46107376 _____ (GOG.com                                                     ) C:\Users\Keefe\Downloads\setup_long_live_the_queen_2.0.0.3.exe
2013-12-17 23:25 - 2013-12-17 23:42 - 00000000 ____D C:\Users\Keefe\Downloads\Fate.Hollow.Ataraxia
2013-12-11 02:02 - 2013-12-11 02:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-03 11:56 - 2014-01-03 11:56 - 00014235 _____ C:\Users\Keefe\Desktop\FRST.txt
2014-01-03 11:53 - 2014-01-03 11:53 - 00000000 ____D C:\FRST
2014-01-03 11:53 - 2014-01-03 11:52 - 01931750 _____ (Farbar) C:\Users\Keefe\Desktop\FRST64.exe
2014-01-03 11:51 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 11:51 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 11:47 - 2014-01-02 00:27 - 00000082 _____ C:\Windows\system32\orkvp.zgi
2014-01-03 11:47 - 2012-11-11 08:04 - 01908318 _____ C:\Windows\WindowsUpdate.log
2014-01-03 11:45 - 2014-01-02 15:39 - 00001176 _____ C:\Windows\setupact.log
2014-01-03 11:44 - 2013-12-30 03:12 - 00003316 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Keefe
2014-01-03 11:44 - 2012-11-14 22:13 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-03 11:44 - 2012-11-10 23:54 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-03 11:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 02:00 - 2014-01-02 15:47 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560.job
2014-01-03 01:31 - 2012-12-23 21:55 - 00006656 _____ C:\Users\Keefe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-03 00:16 - 2014-01-03 00:16 - 00000000 ____S C:\Windows\system32\vbzkm.gbp
2014-01-03 00:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2014-01-02 23:47 - 2014-01-02 15:47 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3.job
2014-01-02 21:20 - 2012-11-11 12:35 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-02 20:15 - 2014-01-02 20:15 - 00000676 _____ C:\Windows\PFRO.log
2014-01-02 18:44 - 2014-01-02 18:44 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 18:38 - 2014-01-02 18:38 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-02 16:45 - 2012-11-11 08:19 - 00002296 _____ C:\Windows\system32\AutoRunFilter.ini
2014-01-02 16:45 - 2012-11-11 08:19 - 00001262 _____ C:\Windows\system32\ServiceFilter.ini
2014-01-02 15:47 - 2014-01-02 15:47 - 00003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560
2014-01-02 15:47 - 2014-01-02 15:47 - 00003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-02 15:39 - 2014-01-02 15:39 - 00000000 _____ C:\Windows\setuperr.log
2014-01-02 15:21 - 2012-11-12 21:10 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\DAEMON Tools Lite
2014-01-02 15:21 - 2012-11-11 12:49 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\BitTorrent
2014-01-02 00:37 - 2014-01-02 00:37 - 00037376 _____ C:\Windows\system32\fbahdh.ywi
2014-01-02 00:37 - 2014-01-02 00:27 - 00000100 _____ C:\Windows\system32\ldlgrww.jxt
2014-01-02 00:27 - 2014-01-02 00:27 - 00000064 _____ C:\Windows\system32\iniouan.hkq
2014-01-02 00:11 - 2014-01-02 00:11 - 00219314 ____S C:\Windows\system32\jclawb.jof
2014-01-01 22:44 - 2012-11-11 12:21 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\vlc
2013-12-30 17:21 - 2013-12-30 17:21 - 00000221 _____ C:\Users\Keefe\Desktop\LIMBO.url
2013-12-30 13:53 - 2013-12-30 13:49 - 00000222 _____ C:\Users\Keefe\Desktop\Risk of Rain.url
2013-12-30 13:52 - 2013-12-30 13:52 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-28 20:36 - 2013-12-28 20:36 - 00000222 _____ C:\Users\Keefe\Desktop\Dust An Elysian Tail.url
2013-12-26 13:14 - 2013-11-25 15:44 - 00000000 ____D C:\Users\Keefe\Desktop\desmume-0.9.9-win64
2013-12-24 15:19 - 2013-08-02 12:38 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\RenPy
2013-12-24 13:35 - 2012-11-11 08:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\InstallShield
2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\ILLUSION
2013-12-24 13:32 - 2013-12-24 13:32 - 00001745 _____ C:\Users\Public\Desktop\Long Live the Queen.lnk
2013-12-24 13:32 - 2013-12-24 13:32 - 00000000 ____D C:\GOG Games
2013-12-24 13:27 - 2013-12-24 13:27 - 46107376 _____ (GOG.com                                                     ) C:\Users\Keefe\Downloads\setup_long_live_the_queen_2.0.0.3.exe
2013-12-24 00:42 - 2013-01-17 02:28 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\Skype
2013-12-18 01:05 - 2013-04-12 13:10 - 00000000 ____D C:\Users\Keefe\AppData\Local\Black_Tree_Gaming
2013-12-17 23:47 - 2013-09-03 00:51 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\DisplayFusion
2013-12-17 23:42 - 2013-12-17 23:25 - 00000000 ____D C:\Users\Keefe\Downloads\Fate.Hollow.Ataraxia
2013-12-17 22:48 - 2013-11-07 02:35 - 00000008 _____ C:\Users\Keefe\Desktop\cunyfirst.txt
2013-12-11 14:46 - 2012-12-06 04:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-11 02:02 - 2013-12-11 02:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-08 01:43 - 2013-01-17 02:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-08 01:43 - 2013-01-17 02:27 - 00000000 ____D C:\ProgramData\Skype

Files to move or delete:
====================
C:\Users\Keefe\jagex_cl_loginapplet_LIVE.dat
C:\Users\Keefe\jagex_cl_oldschool_LIVE.dat
C:\Users\Keefe\jagex_cl_runescape_LIVE.dat
C:\Users\Keefe\random.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 20:15

==================== End Of Log ============================

 

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2014
Ran by Keefe at 2014-01-03 11:56:59
Running from C:\Users\Keefe\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AIM 7 (x32 Version:  - )
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (x32 Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (x32 Version: 1.0.24 - ASUS)
ASUS FaceLogon (x32 Version: 1.0.0013 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.0.28 - ASUS)
ASUS Power4Gear Hybrid (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (x32 Version: 1.0.26 - ASUS)
ASUS WebStorage (x32 Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (x32 Version: 1.0.0001 - ASUS)
AsusVibe2.0 (x32 Version: 2.0.4.617 - ASUSTEK)
ATK Package (x32 Version: 1.0.0008 - ASUS)
Bastion (x32 Version:  - Supergiant Games)
BioShock (x32 Version:  - 2K Boston)
BitTorrent (HKCU Version: 7.8.2.30332 - BitTorrent Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 4.08 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (x32 Version: 4.46.1.0327 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
DisplayFusion 5.1 (x32 Version: 5.1.0.0 - Binary Fortress Software)
Dust: An Elysian Tail (x32 Version:  - Humble Hearts LLC)
ETDWare PS/2-X64 8.0.5.1_WHQL (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
f.lux (HKCU Version:  - )
Fast Boot (Version: 1.0.9 - ASUS)
FTL: Faster Than Light (x32 Version:  - Subset Games)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garena Plus (x32 Version: 2011 - Garena Online Pte Ltd.)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2462 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (Version: 1.0.400.4 - Intel)
iTunes (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Katawa Shoujo (x32 Version:  - )
League of Legends (x32 Version: 1.3 - Riot Games)
LIMBO (x32 Version:  - Playdead)
Long Live the Queen (x32 Version: 2.0.0.3 - GOG.com)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SiteAdvisor (x32 Version: 3.6.160 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.1.0522.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (x32 Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
ooVoo (x32 Version: 3.5.9056 - ooVoo LLC.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0175 - REALTEK Semiconductor Corp.)
Risk of Rain (x32 Version:  - )
Rogue Legacy version 1.0.10a (x32 Version: 1.0.10a - )
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sonic Focus (x32 Version: 1.00.0000 - Virage Logic, Corp.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (Version: 5.7.1016 - SUPERAntiSpyware.com)
The Binding of Isaac (x32 Version:  - )
The Stanley Parable Demo (x32 Version:  - Galactic Cafe)
Update for Microsoft Office 2010 (KB2553065) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version:  - Microsoft)
VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (x32 Version: 2.32.3 - ASUS)
WinRAR 4.20 (64-bit) (Version: 4.20.0 - win.rar GmbH)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

19-12-2013 18:32:20 Windows Update
23-12-2013 18:25:01 Windows Update
27-12-2013 17:35:09 Windows Update
30-12-2013 18:52:08 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
30-12-2013 18:52:44 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
30-12-2013 22:25:39 Installed DirectX
31-12-2013 07:42:10 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03411857-A4CF-4F1B-A93A-8FAEA74BCB94} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {05D7152D-F470-47D8-9F97-4B901B952F63} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {1764147F-29A8-499D-9B4F-A7D679EB445B} - System32\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {235E3700-9139-411F-B10B-F2A6CB095825} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {2DE4CE95-6C55-47EE-892D-E0B5402AB7A0} - System32\Tasks\{4A4CB0EA-3672-4980-85C9-937F7579F976} => C:\Program Files (x86)\Bethesda Softworks\Fallout 3\Fallout3.exe
Task: {58679604-577B-401E-99A4-821FBCEB21CF} - System32\Tasks\gg_uac_daemon_Keefe => Rundll32.exe "C:\Program Files (x86)\Garena Plus\ggspawn.dll",rundll_entry -p 0
Task: {685669C7-F2C7-4201-A843-32D043C1D71A} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {78964611-BF61-40E3-9C64-C3BC953CA289} - System32\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {854852AB-6811-487D-A277-F4B9FAB92427} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {94A24557-84EA-4D13-B305-BBF9C168D007} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-05-08 22:27 - 2011-03-06 07:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-16 05:30 - 2013-02-28 04:17 - 00188208 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2011-12-06 16:21 - 2011-12-06 16:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-12-11 02:02 - 2013-12-11 02:02 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2009-11-02 17:20 - 2009-11-02 17:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 17:23 - 2009-11-02 17:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 02:14:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_5_502_110.ocx, version: 11.5.502.110, time stamp: 0x508dde3b
Exception code: 0xc0000005
Fault offset: 0x000000000024150b
Faulting process id: 0x2c4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Report Id:

Error: (12/20/2013 07:39:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: EXPLORERFRAME.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c6a8
Exception code: 0xc0000005
Fault offset: 0x00000000000411ce
Faulting process id: 0x%9
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (12/20/2013 07:39:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: EXPLORERFRAME.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c6a8
Exception code: 0xc0000005
Fault offset: 0x00000000000411d1
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (12/19/2013 06:12:57 PM) (Source: Application Hang) (User: )
Description: The program ooVoo.exe version 3.5.9.56 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f00

Start Time: 01cefd0f8f1955b4

Termination Time: 6

Application Path: C:\Program Files (x86)\ooVoo\ooVoo.exe

Report Id: 13d1038b-6903-11e3-856c-5404a608ac0f

Error: (12/19/2013 00:52:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: mspaint.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca29
Faulting module name: explorerframe.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c6a8
Exception code: 0xc0000005
Fault offset: 0x00000000000411ce
Faulting process id: 0x%9
Faulting application start time: 0xmspaint.exe0
Faulting application path: mspaint.exe1
Faulting module path: mspaint.exe2
Report Id: mspaint.exe3

Error: (12/19/2013 00:51:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: mspaint.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca29
Faulting module name: explorerframe.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c6a8
Exception code: 0xc0000005
Fault offset: 0x00000000000411ce
Faulting process id: 0x%9
Faulting application start time: 0xmspaint.exe0
Faulting application path: mspaint.exe1
Faulting module path: mspaint.exe2
Report Id: mspaint.exe3

Error: (12/18/2013 00:58:09 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/18/2013 00:58:09 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (01/03/2014 11:44:14 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/03/2014 03:54:37 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/03/2014 00:55:55 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/03/2014 00:55:42 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:18:17 AM on ‎1/‎3/‎2014 was unexpected.

Error: (01/03/2014 00:54:55 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAfee SiteAdvisor Service service.

Error: (01/02/2014 08:36:16 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/02/2014 08:34:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 08:34:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 08:34:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 08:34:26 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:
%%1190


Microsoft Office Sessions:
=========================
Error: (01/02/2014 02:14:16 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_11_5_502_110.ocx11.5.502.110508dde3bc0000005000000000024150b2c401cf077b472674deC:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_11_5_502_110.ocx7d2993ab-737d-11e3-bee2-5404a608ac0f

Error: (12/20/2013 07:39:19 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175144ce7a144EXPLORERFRAME.dll6.1.7601.175144ce7c6a8c000000500000000000411ce

Error: (12/20/2013 07:39:05 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175144ce7a144EXPLORERFRAME.dll6.1.7601.175144ce7c6a8c000000500000000000411d1

Error: (12/19/2013 06:12:57 PM) (Source: Application Hang)(User: )
Description: ooVoo.exe3.5.9.56f0001cefd0f8f1955b46C:\Program Files (x86)\ooVoo\ooVoo.exe13d1038b-6903-11e3-856c-5404a608ac0f

Error: (12/19/2013 00:52:15 AM) (Source: Application Error)(User: )
Description: mspaint.exe6.1.7600.163854a5bca29explorerframe.dll6.1.7601.175144ce7c6a8c000000500000000000411ce

Error: (12/19/2013 00:51:52 AM) (Source: Application Error)(User: )
Description: mspaint.exe6.1.7600.163854a5bca29explorerframe.dll6.1.7601.175144ce7c6a8c000000500000000000411ce

Error: (12/18/2013 00:58:09 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/18/2013 00:58:09 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 3874.21 MB
Available physical RAM: 1686 MB
Total Pagefile: 7746.62 MB
Available Pagefile: 5078.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:71.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:2.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D92B957F)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

Search.txt:

 

Farbar Recovery Scan Tool (x64) Version: 03-01-2014
Ran by Keefe at 2014-01-03 12:02:34
Running from C:\Users\Keefe\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-02-18 14:49] - [2010-11-20 08:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2011-02-18 14:49] - [2010-11-20 08:27] - 0512512 ____A (Microsoft Corporation) 0D50F60DEDC87B9DB12A2E271114F2CA

====== End Of Search ======


Edited by stoppolees, 03 January 2014 - 12:10 PM.


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 PM

Posted 03 January 2014 - 04:50 PM

Hi,

 

Please download the following file => [attachment=145502:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 stoppolees

stoppolees
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 04 January 2014 - 12:19 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by Keefe at 2014-01-04 00:14:58 Run:1
Running from C:\Users\Keefe\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-01-03 00:16 - 2014-01-03 00:16 - 00000000 ____S C:\Windows\system32\vbzkm.gbp
2014-01-02 00:37 - 2014-01-02 00:37 - 00037376 _____ C:\Windows\system32\fbahdh.ywi
2014-01-02 00:27 - 2014-01-03 11:47 - 00000082 _____ C:\Windows\system32\orkvp.zgi
2014-01-02 00:27 - 2014-01-02 00:37 - 00000100 _____ C:\Windows\system32\ldlgrww.jxt
2014-01-02 00:27 - 2014-01-02 00:27 - 00000064 _____ C:\Windows\system32\iniouan.hkq
2014-01-02 00:11 - 2014-01-02 00:11 - 00219314 ____S C:\Windows\system32\jclawb.jof
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
end
*****************

Could not move "C:\Windows\system32\vbzkm.gbp" => Scheduled to move on reboot.
C:\Windows\system32\fbahdh.ywi => Moved successfully.
C:\Windows\system32\orkvp.zgi => Moved successfully.
Could not move "C:\Windows\system32\ldlgrww.jxt" => Scheduled to move on reboot.
C:\Windows\system32\iniouan.hkq => Moved successfully.
Could not move "C:\Windows\system32\jclawb.jof" => Scheduled to move on reboot.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-04 00:16:22)<=

C:\Windows\system32\vbzkm.gbp => Is moved successfully.
C:\Windows\system32\ldlgrww.jxt => Moved successfully.
C:\Windows\system32\jclawb.jof => Moved successfully.

==== End of Fixlog ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 PM

Posted 04 January 2014 - 08:51 AM

Hi,

 

 

Do you still experience issues with playing advertisements in the background?

 

 

Regards,

Georgi


cXfZ4wS.png


#7 stoppolees

stoppolees
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 04 January 2014 - 01:40 PM

Yes, the advertisements are still playing in the background



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 PM

Posted 04 January 2014 - 01:45 PM

Hi,

 

 

Can you please download the latest version of FRST from here and run a new scan.

Post the content of the logs in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 stoppolees

stoppolees
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 04 January 2014 - 06:23 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Keefe (administrator) on KEEFE-PC on 04-01-2014 18:19:24
Running from C:\Users\Keefe\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Flux Software LLC) C:\Users\Keefe\AppData\Local\FluxSoftware\Flux\flux.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] - H:\Keefe\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [F.lux] - C:\Users\Keefe\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7892864 2013-09-02] (Binary Fortress Software)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-19] (SUPERAntiSpyware)
MountPoints2: G - G:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {654a6d38-2ddb-11e2-85b1-5404a608ac0f} - I:\setup.exe -a
MountPoints2: {9cd87fae-a6bd-11e2-9d3c-5404a608ac0f} - G:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {d6c5a034-bda7-11e2-b108-5404a608ac0f} - G:\VZW_Software_upgrade_assistant_installer.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {6888F413-0BF4-4297-AC80-6B4D7E98AEDD} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKCU - {6888F413-0BF4-4297-AC80-6B4D7E98AEDD} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKCU - {CD3EA438-D4C5-4830-96DF-1EDF984EF5B5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12

FireFox:
========
FF ProfilePath: C:\Users\Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\ybpcu9qo.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://nfl.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Reddit Enhancement Suite - C:\Users\Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\ybpcu9qo.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF Extension: Adblock Plus - C:\Users\Keefe\AppData\Roaming\Mozilla\Firefox\Profiles\ybpcu9qo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1315728 2013-09-02] (Binary Fortress Software)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [121616 2013-11-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-12] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWow64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWow64\EuGdiDrv.sys [9160 2013-03-07] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2014-01-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-04 18:19 - 2014-01-04 18:19 - 00014154 _____ C:\Users\Keefe\Desktop\FRST.txt
2014-01-04 18:16 - 2014-01-04 18:17 - 01931368 _____ (Farbar) C:\Users\Keefe\Desktop\FRST64.exe
2014-01-04 00:54 - 2014-01-04 00:54 - 00037376 _____ C:\Windows\system32\iwpel.qyq
2014-01-04 00:44 - 2014-01-04 18:16 - 00000090 _____ C:\Windows\system32\mfqwkn.qoc
2014-01-04 00:43 - 2014-01-04 00:54 - 00000097 _____ C:\Windows\system32\jwtn.iiv
2014-01-04 00:43 - 2014-01-04 00:43 - 00000064 _____ C:\Windows\system32\zellfub.fgb
2014-01-04 00:28 - 2014-01-04 00:28 - 00219314 ____S C:\Windows\system32\oqyt.gaw
2014-01-03 11:53 - 2014-01-04 00:16 - 00000000 ____D C:\FRST
2014-01-03 00:16 - 2014-01-03 00:16 - 00000000 ____S C:\Users\Keefe\Desktop\㩃䙜卒屔畑牡湡楴敮
2014-01-02 20:15 - 2014-01-04 00:15 - 00001248 _____ C:\Windows\PFRO.log
2014-01-02 18:44 - 2014-01-02 18:44 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 18:38 - 2014-01-02 18:38 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-02 15:47 - 2014-01-03 15:47 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3.job
2014-01-02 15:47 - 2014-01-03 02:00 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560.job
2014-01-02 15:47 - 2014-01-02 15:47 - 00003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560
2014-01-02 15:47 - 2014-01-02 15:47 - 00003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-02 15:39 - 2014-01-04 18:18 - 00001568 _____ C:\Windows\setupact.log
2014-01-02 15:39 - 2014-01-02 15:39 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 17:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-30 17:21 - 2013-12-30 17:21 - 00000221 _____ C:\Users\Keefe\Desktop\LIMBO.url
2013-12-30 13:52 - 2013-12-30 13:52 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-30 13:49 - 2013-12-30 13:53 - 00000222 _____ C:\Users\Keefe\Desktop\Risk of Rain.url
2013-12-30 03:12 - 2014-01-04 18:18 - 00003316 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Keefe
2013-12-28 20:36 - 2013-12-28 20:36 - 00000222 _____ C:\Users\Keefe\Desktop\Dust An Elysian Tail.url
2013-12-24 13:32 - 2013-12-24 13:32 - 00001745 _____ C:\Users\Public\Desktop\Long Live the Queen.lnk
2013-12-24 13:32 - 2013-12-24 13:32 - 00000000 ____D C:\GOG Games
2013-12-24 13:27 - 2013-12-24 13:27 - 46107376 _____ (GOG.com                                                     ) C:\Users\Keefe\Downloads\setup_long_live_the_queen_2.0.0.3.exe
2013-12-17 23:25 - 2013-12-17 23:42 - 00000000 ____D C:\Users\Keefe\Downloads\Fate.Hollow.Ataraxia
2013-12-11 02:02 - 2013-12-11 02:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-04 18:19 - 2014-01-04 18:19 - 00014154 _____ C:\Users\Keefe\Desktop\FRST.txt
2014-01-04 18:18 - 2014-01-02 15:39 - 00001568 _____ C:\Windows\setupact.log
2014-01-04 18:18 - 2013-12-30 03:12 - 00003316 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Keefe
2014-01-04 18:18 - 2012-11-14 22:13 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-04 18:18 - 2012-11-10 23:54 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-04 18:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 18:17 - 2014-01-04 18:16 - 01931368 _____ (Farbar) C:\Users\Keefe\Desktop\FRST64.exe
2014-01-04 18:17 - 2012-11-11 08:04 - 01949403 _____ C:\Windows\WindowsUpdate.log
2014-01-04 18:17 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 18:17 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 18:16 - 2014-01-04 00:44 - 00000090 _____ C:\Windows\system32\mfqwkn.qoc
2014-01-04 14:02 - 2012-11-11 12:35 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-04 00:54 - 2014-01-04 00:54 - 00037376 _____ C:\Windows\system32\iwpel.qyq
2014-01-04 00:54 - 2014-01-04 00:43 - 00000097 _____ C:\Windows\system32\jwtn.iiv
2014-01-04 00:43 - 2014-01-04 00:43 - 00000064 _____ C:\Windows\system32\zellfub.fgb
2014-01-04 00:28 - 2014-01-04 00:28 - 00219314 ____S C:\Windows\system32\oqyt.gaw
2014-01-04 00:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2014-01-04 00:16 - 2014-01-03 11:53 - 00000000 ____D C:\FRST
2014-01-04 00:15 - 2014-01-02 20:15 - 00001248 _____ C:\Windows\PFRO.log
2014-01-03 15:47 - 2014-01-02 15:47 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3.job
2014-01-03 15:41 - 2013-11-25 15:44 - 00000000 ____D C:\Users\Keefe\Desktop\desmume-0.9.9-win64
2014-01-03 12:11 - 2012-11-11 08:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-03 02:00 - 2014-01-02 15:47 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560.job
2014-01-03 01:31 - 2012-12-23 21:55 - 00006656 _____ C:\Users\Keefe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-03 00:16 - 2014-01-03 00:16 - 00000000 ____S C:\Users\Keefe\Desktop\㩃䙜卒屔畑牡湡楴敮
2014-01-02 18:44 - 2014-01-02 18:44 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 18:38 - 2014-01-02 18:38 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-02 16:45 - 2012-11-11 08:19 - 00002296 _____ C:\Windows\system32\AutoRunFilter.ini
2014-01-02 16:45 - 2012-11-11 08:19 - 00001262 _____ C:\Windows\system32\ServiceFilter.ini
2014-01-02 15:47 - 2014-01-02 15:47 - 00003584 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c8ffd913-20db-4e4f-a080-0a251ebad560
2014-01-02 15:47 - 2014-01-02 15:47 - 00003510 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57beca52-2e23-45f1-bbb7-3b55d8cd81e3
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\SUPERAntiSpyware.com
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-02 15:47 - 2014-01-02 15:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-02 15:39 - 2014-01-02 15:39 - 00000000 _____ C:\Windows\setuperr.log
2014-01-02 15:21 - 2012-11-12 21:10 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\DAEMON Tools Lite
2014-01-02 15:21 - 2012-11-11 12:49 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\BitTorrent
2014-01-01 22:44 - 2012-11-11 12:21 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\vlc
2013-12-30 17:21 - 2013-12-30 17:21 - 00000221 _____ C:\Users\Keefe\Desktop\LIMBO.url
2013-12-30 13:53 - 2013-12-30 13:49 - 00000222 _____ C:\Users\Keefe\Desktop\Risk of Rain.url
2013-12-30 13:52 - 2013-12-30 13:52 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-28 20:36 - 2013-12-28 20:36 - 00000222 _____ C:\Users\Keefe\Desktop\Dust An Elysian Tail.url
2013-12-24 15:19 - 2013-08-02 12:38 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\RenPy
2013-12-24 13:32 - 2013-12-24 13:32 - 00001745 _____ C:\Users\Public\Desktop\Long Live the Queen.lnk
2013-12-24 13:32 - 2013-12-24 13:32 - 00000000 ____D C:\GOG Games
2013-12-24 13:27 - 2013-12-24 13:27 - 46107376 _____ (GOG.com                                                     ) C:\Users\Keefe\Downloads\setup_long_live_the_queen_2.0.0.3.exe
2013-12-24 00:42 - 2013-01-17 02:28 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\Skype
2013-12-18 01:05 - 2013-04-12 13:10 - 00000000 ____D C:\Users\Keefe\AppData\Local\Black_Tree_Gaming
2013-12-17 23:47 - 2013-09-03 00:51 - 00000000 ____D C:\Users\Keefe\AppData\Roaming\DisplayFusion
2013-12-17 23:42 - 2013-12-17 23:25 - 00000000 ____D C:\Users\Keefe\Downloads\Fate.Hollow.Ataraxia
2013-12-17 22:48 - 2013-11-07 02:35 - 00000008 _____ C:\Users\Keefe\Desktop\cunyfirst.txt
2013-12-11 14:46 - 2012-12-06 04:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-11 02:02 - 2013-12-11 02:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-08 01:43 - 2013-01-17 02:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-08 01:43 - 2013-01-17 02:27 - 00000000 ____D C:\ProgramData\Skype

Files to move or delete:
====================
C:\Users\Keefe\jagex_cl_loginapplet_LIVE.dat
C:\Users\Keefe\jagex_cl_oldschool_LIVE.dat
C:\Users\Keefe\jagex_cl_runescape_LIVE.dat
C:\Users\Keefe\random.dat


Some content of TEMP:
====================
C:\Users\Keefe\AppData\Local\Temp\_is7A9B.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-02-18 14:49] - [2010-11-20 08:27] - 0512512 ____A (Microsoft Corporation) A9335996EE0CC7488E0A9A81C7ADC0BD

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 20:15

==================== End Of Log ============================



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 PM

Posted 04 January 2014 - 06:30 PM

Hi,

 

Is seems that you have been reinfected somehow .

 

 
Please download the following file => [attachment=145567:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi


cXfZ4wS.png


#11 stoppolees

stoppolees
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 04 January 2014 - 10:30 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by Keefe at 2014-01-04 22:26:49 Run:2
Running from C:\Users\Keefe\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-01-04 00:54 - 2014-01-04 00:54 - 00037376 _____ C:\Windows\system32\iwpel.qyq
2014-01-04 00:44 - 2014-01-04 18:16 - 00000090 _____ C:\Windows\system32\mfqwkn.qoc
2014-01-04 00:43 - 2014-01-04 00:54 - 00000097 _____ C:\Windows\system32\jwtn.iiv
2014-01-04 00:43 - 2014-01-04 00:43 - 00000064 _____ C:\Windows\system32\zellfub.fgb
2014-01-04 00:28 - 2014-01-04 00:28 - 00219314 ____S C:\Windows\system32\oqyt.gaw
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
C:\Users\Keefe\AppData\Local\Temp
end


*****************

C:\Windows\system32\iwpel.qyq => Moved successfully.
C:\Windows\system32\mfqwkn.qoc => Moved successfully.
Could not move "C:\Windows\system32\jwtn.iiv" => Scheduled to move on reboot.
C:\Windows\system32\zellfub.fgb => Moved successfully.
Could not move "C:\Windows\system32\oqyt.gaw" => Scheduled to move on reboot.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

"C:\Users\Keefe\AppData\Local\Temp" directory move:

C:\Users\Keefe\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\au-descriptor-1.7.0_45-b18.xml => Moved successfully.
Could not move "C:\Users\Keefe\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Keefe\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\_is7A9B.exe => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\{766B5F1D-0320-48AA-B349-B7238F0D1F97}.tmp => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\~DF038FC38730AEB004.TMP => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\~DF542BD3ADDAE0FA95.TMP => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\~DFBCD440718501BA0E.TMP => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\{D1A4F004-B576-41AF-BCD0-4FB26160B6BF}\setup.isn => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\Temporary Internet Files\Content.IE5\RMS8QE8X\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\Temporary Internet Files\Content.IE5\FR03HX6F\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B6TLGRSU\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\Temporary Internet Files\Content.IE5\0A4GSB4L\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\Temporary Internet Files\Content.IE5\0A4GSB4L\windows[1].json => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\SUPERSetup\setup.db3 => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\History\History.IE5\index.dat => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\Cookies\9HQNBOLD.txt => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\Cookies\index.dat => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\Y55AZW12\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\4SS7GSX1\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\24M9H2V4\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\033ZIR1W\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\acro_rd_dir\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\acro_rd_dir\History\History.IE5\index.dat => Moved successfully.
C:\Users\Keefe\AppData\Local\Temp\acro_rd_dir\Cookies\index.dat => Moved successfully.
Could not move "C:\Users\Keefe\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-04 22:29:00)<=

C:\Windows\system32\jwtn.iiv => Is moved successfully.
C:\Windows\system32\oqyt.gaw => Moved successfully.
"C:\Users\Keefe\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
"C:\Users\Keefe\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 PM

Posted 05 January 2014 - 05:38 AM

Do you still have the issues with the advertisements?

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 stoppolees

stoppolees
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 January 2014 - 12:59 PM

As of now, they are not playing. I will update you later tonight!



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 PM

Posted 05 January 2014 - 01:58 PM

Hi,

 

 

Nice to hear there is an improvement but I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

Please download Malwarebytes Anti-Rootkit mbamicontw5.gif and save it to your desktop.

  • Be sure to print out and follow these instructions for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.

 

 

STEP 4

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 5

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#15 stoppolees

stoppolees
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 05 January 2014 - 09:43 PM

rkreport

http://pastebin.com/ysmJHRKQ

 

tdsskiller

http://pastebin.com/qnjNzdpn






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users