Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistant Trojan Infection seems to be related to load32.exe


  • This topic is locked This topic is locked
25 replies to this topic

#1 Juice003

Juice003

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 27 January 2014 - 08:52 PM

I seem to have been infected with a trojan.and cannot get rid of all traces of it.

 

It originally started as a program called nt32.exe asking for access to the internet which was blocked by my firewall, I denied it and tried to run my antivirus,I found out that it blocked me from running Avira, Malwarebytes, and seemed to be blocking my firewall. I used a recovery disk and Hitman Pro Kickstarter to regain access to running antivirus and have been running an assortment of programs ever since to try an remove it Kaspersky TDSSKiller to try and remove any rootkits, RKill to stop any harmful processes, Malwarebytes and RogueKiller to try and clean out the system,and Hitman Pro to try and find any remaining traces.

 

I have cleaned out a number of infected files and modified registry keys, but everytime I restart it is re-installing 2 files called load32.exe and 315load32.exe which Hitman Pro is telling me are trojans although Malwarebytes full scan didn't seem to register them as harmful.

 

I've checked if there is a partition file and there doesn't appear to be one so I'm at my wit's end at this point.

 

If anyone could help it would be appreciated.

 

Here is the DDS log:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by fannin003 at 20:08:56 on 2014-01-27
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.12279.10959 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uWindows: Load = C:\NTKernel\nt32.exe
mWinlogon: Userinit = userinit.exe,
BHO: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Translate with ATLAS - C:\Program Files (x86)\ATLAS V14\Atlscript.html
IE: ATLAS Translation &Editor - C:\Program Files (x86)\ATLAS V14\AtlscriptEdit.html
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP1-321/event/ieatgpc1.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4BD42F4F-3CD9-421E-9EC7-467D8460013F} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\fannin003\AppData\Roaming\Mozilla\Firefox\Profiles\90z876fe.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-10 283200]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/23 18:32:14];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-23 146928]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-11-11 192512]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-15 13336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 UCManSvc;UCManSvc;C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [2010-3-12 241808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-11-11 287960]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-11-11 1708800]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-11-11 639512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"M:\HitmanPro_x64.exe" /crusader:boot --> M:\HitmanPro_x64.exe [?]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-11 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-11 79360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-16 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-5-23 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-5 1255736]
.
=============== Created Last 30 ================
.
2014-01-27 09:20:00    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-01-27 06:53:51    --------    d-----w-    C:\Program Files (x86)\stinger
2014-01-27 06:52:22    --------    d-----w-    C:\Users\fannin003\Doctor Web
2014-01-27 06:52:22    --------    d-----w-    C:\ProgramData\Doctor Web
2014-01-27 06:26:40    --------    d-----w-    C:\ProgramData\HitmanPro
2014-01-27 04:27:09    826    ----a-w-    C:\load32.vbs
2014-01-27 03:10:20    243712    --sha-r-    C:\load32.exe
2014-01-27 03:10:20    243712    --sha-r-    C:\315load32.exe
2014-01-24 08:09:21    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{699CDB6F-EF9E-4602-A903-CF599D74BB51}\mpengine.dll
2014-01-21 22:53:02    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 01:54:36    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 01:54:36    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 01:54:36    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 01:54:36    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 01:54:36    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 01:54:36    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 01:54:36    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 01:54:36    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 01:54:31    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-06 01:33:33    --------    d-----w-    C:\Windows\SysWow64\Adobe
2014-01-06 01:32:04    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-06 01:32:04    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-04 20:03:22    --------    d-----w-    C:\Users\fannin003\AppData\Roaming\‚¶‚¡‚·‚Û‚Á‚Æ
.
==================== Find3M  ====================
.
2013-12-18 11:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 20:12:01.29 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 01 February 2014 - 01:41 PM

Hello and welcome to Bleeping Computer. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.
 
Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.
 
 
Okay, I think I can see where this is loading from. Let's get a scan with this tool, and then we can go about fixing it.
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  •  

    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #3 Juice003

    Juice003
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:30 PM

    Posted 01 February 2014 - 02:51 PM

    Thanks for helping with this issue

     

    here is the log

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
    Ran by fannin003 (administrator) on FANNIN003-PC on 01-02-2014 14:45:17
    Running from C:\Users\fannin003\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
    HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1125504 2011-11-03] ()
    HKU\S-1-5-21-558470562-1591804922-1308094891-1001\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
    HKU\S-1-5-21-558470562-1591804922-1308094891-1001\...\MountPoints2: {546791e1-d72c-11de-a280-90e6ba5967dc} - K:\autorun.exe
    HKU\S-1-5-21-558470562-1591804922-1308094891-1001\...\MountPoints2: {ab86bda9-2e6e-11e1-b67b-90e6ba5967dc} - K:\menu.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {1AA64AD9-48F5-4FC4-883A-FF0C5F50B4A0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {1AA64AD9-48F5-4FC4-883A-FF0C5F50B4A0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKCU - {1AA64AD9-48F5-4FC4-883A-FF0C5F50B4A0} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    BHO-x32: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    BHO-x32: hpBHO Class - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP1-321/event/ieatgpc1.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\fannin003\AppData\Roaming\Mozilla\Firefox\Profiles\90z876fe.default
    FF Homepage: www.google.com
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
    FF Extension: Tab Permissions - C:\Users\fannin003\AppData\Roaming\Mozilla\Firefox\Profiles\90z876fe.default\Extensions\{731E8172-334E-4887-B304-D3949A04773A}.xpi [2013-09-01]
    FF Extension: Adblock Plus - C:\Users\fannin003\AppData\Roaming\Mozilla\Firefox\Profiles\90z876fe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-17]
    FF Extension: QuickJava - C:\Users\fannin003\AppData\Roaming\Mozilla\Firefox\Profiles\90z876fe.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-10-25]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
    FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
    FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-03-11]
    FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012-03-11]

    ==================== Services (Whitelisted) =================

    R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
    S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2011-11-03] ()
    R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [241808 2010-03-12] (Paltiosoft Inc.)
    S2 HitmanPro37CrusaderBoot; "M:\HitmanPro_x64.exe" /crusader:boot [x]

    ==================== Drivers (Whitelisted) ====================

    R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-10] (DT Soft Ltd)
    S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-07-14] (Hauppauge Computer Works, Inc.)
    R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-11-03] (Check Point Software Technologies)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-22] ()
    R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-02-01 14:45 - 2014-02-01 14:45 - 00010958 _____ () C:\Users\fannin003\Desktop\FRST.txt
    2014-02-01 14:40 - 2014-02-01 14:45 - 00000000 ____D () C:\FRST
    2014-02-01 14:40 - 2014-02-01 14:38 - 02080256 _____ (Farbar) C:\Users\fannin003\Desktop\FRST64.exe
    2014-01-27 20:12 - 2014-01-27 20:12 - 00020058 _____ () C:\Users\fannin003\Desktop\attach.txt
    2014-01-27 20:12 - 2014-01-27 20:12 - 00012909 _____ () C:\Users\fannin003\Desktop\dds.txt
    2014-01-27 19:14 - 2014-01-27 19:14 - 00002123 _____ () C:\Users\fannin003\Desktop\RKreport[0]_S_01272014_191418.txt
    2014-01-27 19:13 - 2014-01-27 19:14 - 00000000 ____D () C:\Users\fannin003\Desktop\RK_Quarantine
    2014-01-27 16:12 - 2014-01-27 19:57 - 00002482 _____ () C:\Users\fannin003\Desktop\Rkill.txt
    2014-01-27 04:20 - 2014-01-27 19:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2014-01-27 03:20 - 2014-01-27 03:20 - 00000036 _____ () C:\Users\fannin003\AppData\Local\housecall.guid.cache
    2014-01-27 01:53 - 2014-01-27 02:04 - 00000000 ____D () C:\Program Files (x86)\stinger
    2014-01-27 01:52 - 2014-01-27 01:52 - 00000000 ____D () C:\Users\fannin003\Doctor Web
    2014-01-27 01:52 - 2014-01-27 01:52 - 00000000 ____D () C:\ProgramData\Doctor Web
    2014-01-27 01:36 - 2014-01-27 19:50 - 00000278 _____ () C:\Windows\system32\.crusader
    2014-01-27 01:26 - 2014-01-27 01:36 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-01-26 23:43 - 2014-01-26 23:43 - 00000000 _____ () C:\Windows\system32\EXE
    2014-01-26 23:27 - 2014-01-27 00:17 - 00000826 _____ () C:\load32.vbs
    2014-01-26 22:15 - 2014-01-26 22:15 - 00000068 _____ () C:\Update.Microsoft.com.url
    2014-01-26 22:10 - 2014-01-27 01:21 - 00000000 _____ () C:\Users\fannin003\Documents\315load32.exe
    2014-01-26 22:10 - 2014-01-26 22:09 - 00243712 __RSH () C:\load32.exe
    2014-01-26 22:10 - 2014-01-26 22:09 - 00243712 __RSH () C:\315load32.exe
    1-21 17:53 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-01-21 17:53 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-01-21 17:53 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-01-21 17:53 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-01-21 17:51 - 2014-01-21 17:53 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
    2014-01-21 17:46 - 2014-01-21 17:46 - 01069512 _____ (Solid State Networks) C:\Users\fannin003\Desktop\install_flashplayer12x32au_mssd_aaa_aih.exe
    2014-01-15 18:41 - 2014-01-15 18:41 - 14192283 _____ () C:\Users\fannin003\Desktop\[Type-Moon and Haruno Tomoya (D-Frag author)] Sensha Otoko - A True Tank Story (F SN DJ) [ENG].zip
    2014-01-14 20:54 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2014-01-14 20:54 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2014-01-14 20:54 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2014-01-14 20:54 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2014-01-14 20:54 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2014-01-14 20:54 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2014-01-14 20:54 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2014-01-14 20:54 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2014-01-14 20:54 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-01-13 22:51 - 2014-01-13 22:52 - 10965277 _____ () C:\Users\fannin003\Desktop\[Ronpaia (Fue)] One Day! vol. 4 (Fate stay night) [English] non-h.zip
    2014-01-13 22:33 - 2014-01-13 22:33 - 19858034 _____ () C:\Users\fannin003\Desktop\[Ronpaia (Fue)] One Day! vol. 3 (Fate stay night) [English] non-h.zip
    2014-01-05 20:33 - 2014-01-05 20:33 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
    2014-01-05 20:32 - 2014-01-26 21:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-05 20:32 - 2014-01-05 21:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-01-05 20:32 - 2014-01-05 21:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-01-05 20:32 - 2014-01-05 21:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-01-05 20:32 - 2014-01-05 20:32 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-01-04 19:57 - 2014-01-04 20:00 - 00000000 ____D () C:\Users\fannin003\Documents\Euphoria
    2014-01-04 15:03 - 2014-01-04 15:03 - 00000000 ____D () C:\Users\fannin003\AppData\Roaming\じぃすぽっと

    ==================== One Month Modified Files and Folders =======

    2014-02-01 14:45 - 2014-02-01 14:45 - 00010958 _____ () C:\Users\fannin003\Desktop\FRST.txt
    2014-02-01 14:45 - 2014-02-01 14:40 - 00000000 ____D () C:\FRST
    2014-02-01 14:43 - 2010-12-29 21:51 - 00415730 _____ () C:\Windows\system32\perfh011.dat
    2014-02-01 14:43 - 2010-12-29 21:51 - 00121224 _____ () C:\Windows\system32\perfc011.dat
    2014-02-01 14:43 - 2009-07-14 00:13 - 01307866 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-02-01 14:42 - 2009-11-11 00:23 - 01907121 _____ () C:\Windows\WindowsUpdate.log
    2014-02-01 14:39 - 2009-07-13 23:51 - 00114833 _____ () C:\Windows\setupact.log
    2014-02-01 14:38 - 2014-02-01 14:40 - 02080256 _____ (Farbar) C:\Users\fannin003\Desktop\FRST64.exe
    2014-01-27 20:13 - 2009-07-13 23:45 - 00013632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-27 20:13 - 2009-07-13 23:45 - 00013632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-27 20:12 - 2014-01-27 20:12 - 00020058 _____ () C:\Users\fannin003\Desktop\attach.txt
    2014-01-27 20:12 - 2014-01-27 20:12 - 00012909 _____ () C:\Users\fannin003\Desktop\dds.txt
    2014-01-27 19:57 - 2014-01-27 16:12 - 00002482 _____ () C:\Users\fannin003\Desktop\Rkill.txt
    2014-01-27 19:50 - 2014-01-27 04:20 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2014-01-27 19:50 - 2014-01-27 01:36 - 00000278 _____ () C:\Windows\system32\.crusader
    2014-01-27 19:24 - 2009-11-11 00:23 - 00456974 _____ () C:\Windows\PFRO.log
    2014-01-27 19:14 - 2014-01-27 19:14 - 00002123 _____ () C:\Users\fannin003\Desktop\RKreport[0]_S_01272014_191418.txt
    2014-01-27 19:14 - 2014-01-27 19:13 - 00000000 ____D () C:\Users\fannin003\Desktop\RK_Quarantine
    2014-01-27 16:46 - 2009-11-21 21:04 - 00000000 ___RD () C:\Users\fannin003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-01-27 16:38 - 2012-07-09 20:50 - 00000688 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-27 16:38 - 2010-12-26 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-01-27 16:37 - 2013-09-14 16:58 - 00000000 ____D () C:\MGE
    2014-01-27 04:16 - 2009-11-21 21:07 - 00000000 ____D () C:\ProgramData\Recovery
    2014-01-27 03:20 - 2014-01-27 03:20 - 00000036 _____ () C:\Users\fannin003\AppData\Local\housecall.guid.cache
    2014-01-27 03:18 - 2009-11-22 15:16 - 00000000 ____D () C:\Users\fannin003\AppData\Local\CrashDumps
    2014-01-27 02:04 - 2014-01-27 01:53 - 00000000 ____D () C:\Program Files (x86)\stinger
    2014-01-27 01:52 - 2014-01-27 01:52 - 00000000 ____D () C:\Users\fannin003\Doctor Web
    2014-01-27 01:52 - 2014-01-27 01:52 - 00000000 ____D () C:\ProgramData\Doctor Web
    2014-01-27 01:52 - 2009-11-21 20:57 - 00000000 ____D () C:\Users\fannin003
    2014-01-27 01:36 - 2014-01-27 01:26 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-01-27 01:36 - 2010-09-25 19:37 - 00000000 ____D () C:\Users\fannin003\Desktop\祝福のカンパネラ 初回限定版
    2014-01-27 01:21 - 2014-01-26 22:10 - 00000000 _____ () C:\Users\fannin003\Documents\315load32.exe
    2014-01-27 01:21 - 2009-11-22 00:49 - 00000000 ___RD () C:\Users\fannin003\Documents
    2014-01-27 00:28 - 2010-05-08 09:22 - 00000000 ____D () C:\Maybe
    2014-01-27 00:27 - 2013-05-23 16:33 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-01-27 00:17 - 2014-01-26 23:27 - 00000826 _____ () C:\load32.vbs
    2014-01-26 23:43 - 2014-01-26 23:43 - 00000000 _____ () C:\Windows\system32\EXE
    2014-01-26 22:35 - 2009-11-21 22:57 - 00000000 ____D () C:\Users\fannin003\AppData\Roaming\uTorrent
    2014-01-26 22:15 - 2014-01-26 22:15 - 00000068 _____ () C:\Update.Microsoft.com.url
    2014-01-26 22:09 - 2014-01-26 22:10 - 00243712 __RSH () C:\load32.exe
    2014-01-26 22:09 - 2014-01-26 22:10 - 00243712 __RSH () C:\315load32.exe
    2014-01-26 21:51 - 2014-01-05 20:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    014-01-26 13:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-01-26 11:55 - 2010-08-21 13:38 - 00000000 ____D () C:\Users\fannin003\Desktop\(001
    2014-01-26 10:19 - 2009-11-22 00:18 - 00000000 ____D () C:\Users\fannin003\AppData\Roaming\IrfanView
    2014-01-26 10:17 - 2009-11-22 21:24 - 00000000 ____D () C:\emule seen
    2014-01-26 10:17 - 2009-11-21 23:46 - 00000000 ____D () C:\emule keep here
    2014-01-25 20:30 - 2012-11-17 23:04 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForfannin003
    2014-01-25 20:30 - 2012-11-17 23:04 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForfannin003.job
    2014-01-25 07:30 - 2009-11-22 23:28 - 00000000 ____D () C:\Seen
    2014-01-24 17:50 - 2009-11-24 22:59 - 00000000 ____D () C:\Seen Western
    2014-01-23 22:07 - 2009-11-22 00:03 - 00000000 ____D () C:\English keep here
    2014-01-21 20:29 - 2009-11-22 18:43 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-01-21 20:28 - 2009-11-22 18:42 - 00000000 ____D () C:\Users\fannin003\AppData\Roaming\HpUpdate
    2014-01-21 20:28 - 2009-11-22 18:42 - 00000000 ____D () C:\Users\fannin003\AppData\Roaming\HP Support Assistant
    2014-01-21 17:53 - 2014-01-21 17:51 - 00005250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
    2014-01-21 17:53 - 2013-10-18 17:34 - 00000000 ____D () C:\ProgramData\Oracle
    2014-01-21 17:53 - 2010-04-01 23:21 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-01-21 17:46 - 2014-01-21 17:46 - 01069512 _____ (Solid State Networks) C:\Users\fannin003\Desktop\install_flashplayer12x32au_mssd_aaa_aih.exe
    2014-01-20 16:26 - 2009-07-14 00:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-01-15 18:41 - 2014-01-15 18:41 - 14192283 _____ () C:\Users\fannin003\Desktop\[Type-Moon and Haruno Tomoya (D-Frag author)] Sensha Otoko - A True Tank Story (F SN DJ) [ENG].zip
    2014-01-15 03:24 - 2009-07-13 23:45 - 00359208 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-01-15 03:04 - 2013-08-11 09:22 - 00000000 ____D () C:\Windows\system32\MRT
    2014-01-15 03:00 - 2009-11-22 10:14 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-01-13 22:52 - 2014-01-13 22:51 - 10965277 _____ () C:\Users\fannin003\Desktop\[Ronpaia (Fue)] One Day! vol. 4 (Fate stay night) [English] non-h.zip
    2014-01-13 22:33 - 2014-01-13 22:33 - 19858034 _____ () C:\Users\fannin003\Desktop\[Ronpaia (Fue)] One Day! vol. 3 (Fate stay night) [English] non-h.zip
    2014-01-12 22:59 - 2009-12-19 21:51 - 00000000 ____D () C:\Random IMG
    2014-01-12 22:02 - 2011-08-27 13:52 - 00000000 ____D () C:\Games Seen
    2014-01-05 21:00 - 2014-01-05 20:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-01-05 21:00 - 2014-01-05 20:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-01-05 21:00 - 2014-01-05 20:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-01-05 21:00 - 2011-12-10 10:12 - 00000000 ____D () C:\Users\fannin003\AppData\Local\Adobe
    2014-01-05 20:57 - 2011-12-10 10:12 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-01-05 20:33 - 2014-01-05 20:33 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
    2014-01-05 20:32 - 2014-01-05 20:32 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-01-05 20:32 - 2009-11-21 21:52 - 00000000 ____D () C:\Users\fannin003\AppData\Roaming\Adobe
    2014-01-05 20:32 - 2009-11-21 21:05 - 00000000 ____D () C:\Users\fannin003\AppData\Roaming\Macromedia
    2014-01-05 19:46 - 2009-12-11 21:23 - 00000000 ____D () C:\lilith
    2014-01-04 20:00 - 2014-01-04 19:57 - 00000000 ____D () C:\Users\fannin003\Documents\Euphoria
    2014-01-04 15:03 - 2014-01-04 15:03 - 00000000 ____D () C:\Users\fannin003\AppData\Roaming\じぃすぽっと

    Some content of TEMP:
    ====================
    C:\Users\fannin003\AppData\Local\Temp\avgnt.exe
    C:\Users\fannin003\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\fannin003\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\fannin003\AppData\Local\Temp\Prison_inst.exe
    C:\Users\fannin003\AppData\Local\Temp\Shockwave_Installer_FF.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-19 00:31

    ==================== End Of Log ============================

    Attached Files



    #4 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:30 PM

    Posted 01 February 2014 - 03:18 PM

    Please save the attached fixlist.txt to you desktop and run FRST again. This time, click "Fix" and post the resulting fixlog.txt.

     

    Do you recognize these folders:

     

    C:\Users\fannin003\Desktop\祝福のカンパネラ 初回限定版
    C:\Maybe
    C:\Users\fannin003\AppData\Roaming\じぃすぽっと
    C:\Users\fannin003\Desktop\(001
    C:\lilith
    C:\Users\fannin003\Documents

    Attached Files


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #5 Juice003

    Juice003
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:30 PM

    Posted 01 February 2014 - 03:22 PM

    I recognize all of them except C:\Users\fannin003\Documents,I generally don't save to the documents folder



    #6 Juice003

    Juice003
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:30 PM

    Posted 01 February 2014 - 03:26 PM

    Here is the fixlog

    Attached Files



    #7 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:30 PM

    Posted 01 February 2014 - 03:35 PM

    Can you check for me in your User folder (C:\Users\fannin003\) if there is a "Documents" folder and a "My Documents" folder. If you have one named simply "Documents," let me know what it contains.

     

    Also, let's run this scan.

     

    Download aswMBR.exe to your desktop.
    Double click the aswMBR.exe to run it Click the "Scan" button to start scan 
     
    aswMBRScan.gif.pagespeed.ce.LUmbzwGQt-.g
     
    On completion of the scan click save log, save it to your desktop and post in your next reply
     
    aswMBRsavelog.gif.pagespeed.ce.koDAEoybV
     
    How is the computer running now?

    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #8 Juice003

    Juice003
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:30 PM

    Posted 01 February 2014 - 04:21 PM

    The computer seems to be running better, at least the speed seems improved.

     

    Perhaps I should have mentioned this before but when I ran the FRST program I received a message stating "There is no disk in the drive. Please insert a disk into drive \Device\Harddisk4\DR4" and it happened again with the aswMBR program, I hit try again and the program ran normally, so I'mnot sure if this is significant.

     

    There is a "Documents" folder and a "My Documents" folder, the "Documents" folder seems to mirror the "My Documents" folder but when I try to open a folder there I get an error message such as "C:\Users\fannin003\Documents\Amazon MP# refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location". I can open the copies in the "My Documents" folder.

     

    The scan log is below:

     

    aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
    Run date: 2014-02-01 15:41:26
    -----------------------------
    15:41:26.744    OS Version: Windows x64 6.1.7601 Service Pack 1
    15:41:26.744    Number of processors: 8 586 0x1A05
    15:41:26.744    ComputerName: FANNIN003-PC  UserName: fannin003
    15:41:32.609    Initialize success
    15:45:04.015    AVAST engine defs: 14020100
    15:46:18.537    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
    15:46:18.537    Disk 0 Vendor: ST315003 HP22 Size: 1430799MB BusType: 8
    15:46:18.646    Disk 0 MBR read successfully
    15:46:18.646    Disk 0 MBR scan
    15:46:18.646    Disk 0 unknown MBR code
    15:46:18.662    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
    15:46:18.662    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1417527 MB offset 206848
    15:46:18.693    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13170 MB offset 2903302144
    15:46:18.755    Disk 0 scanning C:\Windows\system32\drivers
    15:46:33.154    Service scanning
    15:47:56.724    Modules scanning
    15:47:56.724    Disk 0 trace - called modules:
    15:47:56.755    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spjr.sys hal.dll
    15:47:56.755    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aeca790]
    15:47:56.755    3 CLASSPNP.SYS[fffff88001c1d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800ac07050]
    15:48:02.449    AVAST engine scan C:\Windows
    15:48:07.144    AVAST engine scan C:\Windows\system32
    15:52:10.033    AVAST engine scan C:\Windows\system32\drivers
    15:52:29.642    AVAST engine scan C:\Users\fannin003
    16:07:03.839    AVAST engine scan C:\ProgramData
    16:09:35.683    Scan finished successfully
    16:16:55.159    Disk 0 MBR has been saved successfully to "G:\MBR.dat"
    16:16:55.175    The log file has been saved successfully to "G:\aswMBR.txt"

     



    #9 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:30 PM

    Posted 04 February 2014 - 09:32 AM

    Sorry for taking so long to get back to you. This topic somehow slipped my mind.

     

    Your log shows this:

     

    Drive c: (HP) (Fixed) (Total:1384.3 GB) (Free:1.23 GB) NTFS

     

    Only 1.23GB left on your C: drive. Is this correct? (It may be wrongly reported because the drive is so large). If it is correct, it is very important to free up some space, as Windows needs 15-20% free space.

     

    Is your OS in English, or was it ever in another language?

     

    Could you please upload G:\MBR.dat to VirusTotal and send me a link to the results page.

     

     


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #10 Juice003

    Juice003
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:30 PM

    Posted 04 February 2014 - 09:43 AM

    It might well be correct, I'll move some stuff to an extrenal hard drive. I'm away from my computer so I'll submit the report and provide the link after work so that won't be possible until later in the day, hopefully this would not be a problem.

     

    My OS is in english, but I have multiple language support.


    Edited by Juice003, 04 February 2014 - 09:44 AM.


    #11 Juice003

    Juice003
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:30 PM

    Posted 04 February 2014 - 04:55 PM

    Here is a link to the results https://www.virustotal.com/en/file/e98f971339ad79db5bb9285bacbf5ee78ecc6bcd411adae6ce1d4b4c2e942cef/analysis/1391550632/

     

    I have noticed the in the program data folder any folders that are for anti-virus type programs (avira, norton, and malwarebytes) seem to be locked even if the program has been uninstalled. I seem to be able to rename the folders, but I cannot do anything else with them.



    #12 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:30 PM

    Posted 05 February 2014 - 10:09 AM

    To delete those folders, you need to take ownership of them first. See here. Make sure you don't do this for any folders that are being used by an installed program. You seem to still have MBAM installed (and I would leave it installed). You need to be really careful when deleting files in this way.

     
    You're logs are looking clean. Let's sweep for remnants.
     
    Step 1: Run SecurityCheck
     
    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
    Step 2: Run MBAM.
     
    • Please open Malwarebytes and update the definitions.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
     
    Step 3: Run online scan.
     
    Run ESET Online Scanner:
     
    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
     
    • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
     
    Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #13 Juice003

    Juice003
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:30 PM

    Posted 05 February 2014 - 10:30 AM

    Thanks, I'll run these when I get off work. Would I be able to leave my firewall up or should I shut that down as well?

     

    The 2 trojan files have not come back, there doesn't seem to be any unknown programs trying to access the internet, there doesn't seem to be any lag when the system is up and running, and aside from the locked folders everything seems to intact so there seems to have been minimal damage from the infection thus far.



    #14 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:30 PM

    Posted 05 February 2014 - 10:38 AM

    Good. You can leave the firewall running.


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #15 Juice003

    Juice003
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:30 PM

    Posted 05 February 2014 - 06:48 PM

    Here is the checkup.txt, for some reason it doesn't seem to be detecting that I'm using Comodo Firewall

     

     Results of screen317's Security Check version 0.99.79  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Disabled!  
    Avira Desktop   
     Antivirus up to date!   
    `````````Anti-malware/Other Utilities Check:`````````
     Malwarebytes Anti-Malware version 1.75.0.1300  
     Java™ 6 Update 37  
     Java 7 Update 51  
      Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
     Adobe Reader XI  
     Mozilla Firefox (26.0)
    ````````Process Check: objlist.exe by Laurent````````  
     Avira Antivir avgnt.exe
     Avira Antivir avguard.exe
     Comodo Firewall cmdagent.exe
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

     

     

     

     

    Here is the mbam log

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.05.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    fannin003 :: FANNIN003-PC [administrator]

    2/5/2014 4:49:17 PM
    mbam-log-2014-02-05 (16-49-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217337
    Time elapsed: 6 minute(s), 53 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     

     

    Here is the ESET Online Scanner log

     

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=70c84bc6a3b1e04a84e94bffd3070850
    # engine=16955
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-02-05 11:22:08
    # local_time=2014-02-05 06:22:08 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1799 16775165 100 94 0 4117490 0 0
    # compatibility_mode=3074 16777213 100 84 0 25490568 0 0
    # compatibility_mode=5893 16776574 100 94 268583 143185978 0 0
    # scanned=279514
    # found=10
    # cleaned=0
    # scan_time=4432
    sh=C73103D7CA3635B8D1C0755EF3275DD32C981D2A ft=0 fh=0000000000000000 vn="VBS/Runner.NBU trojan" ac=I fn="C:\FRST\Quarantine\load32.vbs01-02-2014_15-23-48"
    sh=42641E6015220DB5095B28606C82C003E2DB097B ft=1 fh=aff2050af91a0498 vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application" ac=I fn="C:\Cheat Engine\Cheat Engine 6.1\cheatengine-i386.exe"
    sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
    sh=DF106553AA7E1119027AC6BBE81B02A189F670E1 ft=1 fh=b7a532b1447610d1 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\ProgramData\Avira\My Avira\Temp\antivirus.exe"
    sh=DF106553AA7E1119027AC6BBE81B02A189F670E1 ft=1 fh=b7a532b1447610d1 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\All Users\Avira\My Avira\Temp\antivirus.exe"
    sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0"
    sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
    sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0"
    sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
    sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Temp\AskSLib.dll"

    I have windows firewall off as I was told that having that and a third party firewall such as Comodo can create a conflict, but if that is incorrect I can turn it back on
     






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users