Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DCOM Server Process Launcher Service terminated unexpectedly Windows 7 Logs


  • This topic is locked This topic is locked
13 replies to this topic

#1 darthebon

darthebon

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 10 February 2014 - 03:56 PM

Randomly getting a pop-up window stating DCOM Server Process Launcher Service terminated unexpectedly.  My computer then shuts down and immediately restarts.  Happens while gaming, surfing the internet, and while computer is on but not is use.  Have done the steps from: 
 
Link to original thread:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/7/2013 2:39:28 PM
System Uptime: 2/10/2014 1:10:24 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | H61M-PLUS
Processor: Intel® Core™ i5-3350P CPU @ 3.10GHz | LGA1155 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 471.681 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 2/9/2014 9:00:49 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.03)
Age of Wonders: Shadow Magic
Akamai NetSession Interface
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
DC Universe Online
Dynasty Warriors Online
EverQuest
Fallout: New Vegas
GeForce Experience NvStream Client Components
GOG.com Downloader version 3.6.0
GOG.com Heroes of Might and Magic 3
Google Chrome
Google Update Helper
H&R Block Deluxe + Efile + State 2013
H&R Block Minnesota 2013
H&R Block Wisconsin 2013
Heroes of Might and Magic 3 Complete
League of Legends
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Marvel Heroes
MechWarrior Online
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
NETGEAR WNDA4100 Genie
Neverwinter
Neverwinter Nights 2 Complete
NVIDIA 3D Vision Controller Driver 331.58
NVIDIA 3D Vision Driver 331.58
NVIDIA Control Panel 331.58
NVIDIA GeForce Experience 1.7.1
NVIDIA Graphics Driver 331.58
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.21
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.21
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
Path of Exile
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Realtek High Definition Audio Driver
SHIELD Streaming
Skype™ 6.11
Spotify
Spybot - Search & Destroy
Star Trek Online
Steam
TEdit 3
Terraria
The Witcher Enhanced Edition Director's Cut
Ventrilo Client
WinRAR 5.00 (64-bit)
X-COM: UFO Defense
XCOM: Enemy Unknown
.
==== Event Viewer Messages From Past Week ========
.
2/9/2014 8:55:13 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/7/2014 5:16:52 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
2/7/2014 5:16:52 PM, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/6/2014 6:24:17 PM, Error: Service Control Manager [7030]  - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
2/10/2014 4:44:47 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error:  A system shutdown has already been scheduled.
2/10/2014 4:44:47 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
2/10/2014 4:44:46 AM, Error: Service Control Manager [7031]  - The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2/10/2014 1:11:22 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
2/10/2014 1:08:52 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
2/10/2014 1:08:52 PM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2/10/2014 1:08:52 PM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
.
==== End Of File ===========================
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by Administrator at 14:46:03 on 2014-02-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8137.4895 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Administrator\AppData\Roaming\Spotify\spotify.exe
C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spotify] "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe"
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Administrator\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{359DB815-133B-40B9-9081-053731685636} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-4 2222416]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-4 377616]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-5 15125280]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [2012-4-30 377088]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2012-4-30 455424]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-8 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-8 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-8 168384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-15 414496]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-22 130024]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-22 395752]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-7 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-23 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 201376]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 154272]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-22 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-22 788760]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-22 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-22 213504]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2012-2-28 176640]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2012-2-28 230400]
.
=============== Created Last 30 ================
.
2014-02-10 17:26:37 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-02-10 17:26:37 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-10 17:26:01 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-07 00:24:09 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-02-03 18:00:40 142 ----a-w- C:\Windows\wpd99.drv
2014-02-03 18:00:40 -------- d-----w- C:\ProgramData\pdf995
2014-02-03 18:00:39 40448 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll
2014-02-03 18:00:39 40448 ----a-w- C:\Windows\System32\pdf995mon64.dll
2014-02-03 18:00:39 2266624 ----a-w- C:\Windows\System32\pdfmona64.dll
2014-02-03 18:00:39 11264 ----a-w- C:\Windows\System32\pdf995mon64ui.dll
2014-02-03 18:00:26 202752 ----a-w- C:\Windows\SysWow64\wbem\framedyn.dll
2014-02-03 17:23:16 -------- d-----w- C:\Users\Administrator\AppData\Roaming\TaxCut
2014-02-03 17:22:24 -------- d-----w- C:\Program Files (x86)\PDF995
2014-02-03 17:22:24 -------- d-----w- C:\Program Files (x86)\HRBlock2013
2014-02-03 17:21:57 -------- d-----w- C:\ProgramData\TaxCut
2014-01-30 00:31:42 -------- d-----w- C:\Users\Administrator\AppData\Roaming\SBO_Mn
2014-01-29 23:20:21 -------- d-----w- C:\Users\Administrator\AppData\Roaming\HPB
.
==================== Find3M  ====================
.
.
============= FINISH: 14:46:22.03 ===============
 
 
 

 



BC AdBot (Login to Remove)

 


m

#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,830 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 PM

Posted 10 February 2014 - 10:06 PM

Hi and :welcome:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Type the following in the edit box on FRST, after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 darthebon

darthebon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 11 February 2014 - 06:30 PM

FRST.txt Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Administrator (administrator) on KEVIN-PC on 11-02-2014 17:23:40
Running from C:\Users\Administrator\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Spotify Ltd) C:\Users\Administrator\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
(Akamai Technologies, Inc.) C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1064224 2013-11-08] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813712 2014-02-04] (LogMeIn Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3399147583-956385695-2982665993-500\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3399147583-956385695-2982665993-500\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-3399147583-956385695-2982665993-500\...\Run: [Spotify] - C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-26] (Spotify Ltd)
HKU\S-1-5-21-3399147583-956385695-2982665993-500\...\Run: [Spotify Web Helper] - C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-26] (Spotify Ltd)
HKU\S-1-5-21-3399147583-956385695-2982665993-500\...\Run: [Akamai NetSession Interface] - C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3399147583-956385695-2982665993-500\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Administrator\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-3399147583-956385695-2982665993-500\...\MountPoints2: {24954a78-d764-11e2-a112-60a44c592b2b} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3399147583-956385695-2982665993-500\...\MountPoints2: {60e70a47-4584-11e3-bd81-60a44c592b2b} - E:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x660C5EAF0066CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {920B2758-EF2B-42A6-85A0-2BA2E6C79901} URL = 
SearchScopes: HKCU - DefaultScope {920B2758-EF2B-42A6-85A0-2BA2E6C79901} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN20118912471835719&UM=2
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3298580&SearchSource=48&CUI=UN20791408452142592&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-17]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-17]
CHR Extension: (World Of Warplanes) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkdeeficahoncpieolfnpfdhmgbfcnj [2014-02-09]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-17]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-17]
CHR Extension: (Crimson: Steam Pirates) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfbkgkceahodalogdpenjoekbacjfcj [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-17]
CHR HKCU\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Administrator\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Administrator\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx [2013-08-07]
 
==================== Services (Whitelisted) =================
 
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-04] (LogMeIn, Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-04-30] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-04-30] (Ralink Technology, Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [176640 2011-05-21] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [230400 2011-05-21] (VIA Technologies, Inc.)
S3 AIDA64Driver; \??\C:\Users\Administrator\Desktop\aTestingV6.2\Programs\AIDA64\kerneld.x64 [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [X]
S3 RTCore64; \??\C:\Users\Administrator\Desktop\aTestingV6.2\Programs\MSIAfterburner\RTCore64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-11 17:23 - 2014-02-11 17:23 - 00011742 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-02-11 17:23 - 2014-02-11 17:23 - 00000000 ____D () C:\FRST
2014-02-11 17:22 - 2014-02-11 17:22 - 02151424 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-02-10 15:00 - 2014-02-10 15:00 - 00012158 _____ () C:\Users\Administrator\Desktop\DDS 1.txt
2014-02-10 14:59 - 2014-02-10 14:59 - 00005458 _____ () C:\Users\Administrator\Desktop\Attach 1.txt
2014-02-10 14:46 - 2014-02-10 14:46 - 00012158 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-02-10 14:46 - 2014-02-10 14:46 - 00005458 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-02-10 14:44 - 2014-02-10 14:45 - 00688992 ____R (Swearware) C:\Users\Administrator\Downloads\dds.com
2014-02-10 11:38 - 2014-02-10 11:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2014-02-10 11:26 - 2014-02-10 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-10 11:26 - 2014-02-10 11:26 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-10 11:26 - 2014-02-10 11:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-10 11:25 - 2014-02-10 11:25 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.07.0.1009.exe
2014-02-10 11:10 - 2014-02-10 11:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-10 11:07 - 2014-02-10 11:09 - 00026791 _____ () C:\Users\Administrator\Downloads\Result.txt
2014-02-10 11:06 - 2014-02-10 11:06 - 00982016 _____ (Farbar) C:\Users\Administrator\Downloads\MiniToolBox.exe
2014-02-10 11:06 - 2014-02-10 11:06 - 00002500 _____ () C:\Users\Administrator\Downloads\FSS.txt
2014-02-10 11:05 - 2014-02-10 11:05 - 00453632 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2014-02-10 10:56 - 2014-02-10 10:56 - 00987425 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-02-07 17:16 - 2014-02-11 14:20 - 00003418 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-06 18:24 - 2014-02-06 18:24 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-03 12:01 - 2014-02-03 12:01 - 00000028 _____ () C:\Windows\pdf995.ini
2014-02-03 12:01 - 2014-02-03 12:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\pdf995
2014-02-03 12:00 - 2014-02-07 17:49 - 00000000 ____D () C:\ProgramData\pdf995
2014-02-03 12:00 - 2014-02-03 12:00 - 00040448 _____ () C:\Windows\SysWOW64\pdf995mon64.dll
2014-02-03 12:00 - 2012-06-07 10:29 - 02266624 _____ (TODO: <Company name>) C:\Windows\system32\pdfmona64.dll
2014-02-03 12:00 - 2012-04-26 15:51 - 00040448 _____ () C:\Windows\system32\pdf995mon64.dll
2014-02-03 12:00 - 2007-08-24 11:13 - 00000142 _____ () C:\Windows\wpd99.drv
2014-02-03 12:00 - 2005-06-30 15:29 - 00011264 _____ () C:\Windows\system32\pdf995mon64ui.dll
2014-02-03 11:23 - 2014-02-07 17:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TaxCut
2014-02-03 11:23 - 2014-02-03 11:23 - 00002029 _____ () C:\Users\Public\Desktop\H&R Block 2013.lnk
2014-02-03 11:22 - 2014-02-07 17:49 - 00000000 ____D () C:\Users\Administrator\Documents\HRBlock
2014-02-03 11:22 - 2014-02-03 12:00 - 00000000 ____D () C:\Program Files (x86)\PDF995
2014-02-03 11:22 - 2014-02-03 11:22 - 00000000 ____D () C:\Program Files (x86)\HRBlock2013
2014-02-03 11:21 - 2014-02-03 11:21 - 00000000 ____D () C:\ProgramData\TaxCut
2014-01-29 20:01 - 2014-01-29 20:01 - 00009360 _____ () C:\Users\Administrator\Downloads\advertisement
2014-01-29 18:31 - 2014-01-29 18:31 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SBO_Mn
2014-01-29 17:20 - 2014-01-29 17:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HPB
2014-01-21 18:22 - 2014-01-21 18:22 - 00001849 _____ () C:\Users\Public\Desktop\Heroes of Might and Magic 3 Complete.lnk
2014-01-16 15:31 - 2014-01-16 15:31 - 00000336 _____ () C:\Users\Administrator\Desktop\Knights and Dragons Armors.txt
2014-01-13 14:51 - 2013-10-21 02:34 - 01257573 _____ () C:\Users\Administrator\Desktop\Knights and Dragons Hack 2013.zip
2014-01-13 14:50 - 2014-01-13 14:50 - 02757191 _____ () C:\Users\Administrator\Downloads\Knights+and+Dragons+Hack+Tool+V4_3.zip
 
==================== One Month Modified Files and Folders =======
 
2014-02-11 17:23 - 2014-02-11 17:23 - 00011742 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-02-11 17:23 - 2014-02-11 17:23 - 00000000 ____D () C:\FRST
2014-02-11 17:22 - 2014-02-11 17:22 - 02151424 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-02-11 17:20 - 2013-06-17 11:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-02-11 16:41 - 2013-06-17 11:14 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 16:40 - 2013-06-17 11:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify
2014-02-11 14:28 - 2009-07-13 22:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 14:28 - 2009-07-13 22:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 14:26 - 2009-07-13 23:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 14:24 - 2013-06-07 13:36 - 00463992 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 14:21 - 2013-07-29 19:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2014-02-11 14:21 - 2013-06-17 11:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-11 14:20 - 2014-02-07 17:16 - 00003418 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-11 14:20 - 2014-01-02 10:27 - 00012376 _____ () C:\Windows\setupact.log
2014-02-11 14:20 - 2013-06-17 11:14 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 14:20 - 2013-06-07 13:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-11 14:20 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 15:00 - 2014-02-10 15:00 - 00012158 _____ () C:\Users\Administrator\Desktop\DDS 1.txt
2014-02-10 14:59 - 2014-02-10 14:59 - 00005458 _____ () C:\Users\Administrator\Desktop\Attach 1.txt
2014-02-10 14:46 - 2014-02-10 14:46 - 00012158 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-02-10 14:46 - 2014-02-10 14:46 - 00005458 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-02-10 14:45 - 2014-02-10 14:44 - 00688992 ____R (Swearware) C:\Users\Administrator\Downloads\dds.com
2014-02-10 14:30 - 2013-06-17 12:41 - 00000000 ____D () C:\Users\Administrator\Desktop\New folder
2014-02-10 11:38 - 2014-02-10 11:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2014-02-10 11:36 - 2014-02-10 11:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-10 11:26 - 2014-02-10 11:26 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-10 11:26 - 2014-02-10 11:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-10 11:25 - 2014-02-10 11:25 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.07.0.1009.exe
2014-02-10 11:10 - 2014-02-10 11:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-10 11:10 - 2013-09-17 16:45 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-10 11:10 - 2013-09-17 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-10 11:09 - 2014-02-10 11:07 - 00026791 _____ () C:\Users\Administrator\Downloads\Result.txt
2014-02-10 11:06 - 2014-02-10 11:06 - 00982016 _____ (Farbar) C:\Users\Administrator\Downloads\MiniToolBox.exe
2014-02-10 11:06 - 2014-02-10 11:06 - 00002500 _____ () C:\Users\Administrator\Downloads\FSS.txt
2014-02-10 11:05 - 2014-02-10 11:05 - 00453632 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2014-02-10 10:56 - 2014-02-10 10:56 - 00987425 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-02-07 17:49 - 2014-02-03 12:00 - 00000000 ____D () C:\ProgramData\pdf995
2014-02-07 17:49 - 2014-02-03 11:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TaxCut
2014-02-07 17:49 - 2014-02-03 11:22 - 00000000 ____D () C:\Users\Administrator\Documents\HRBlock
2014-02-07 17:35 - 2010-11-20 21:47 - 00024650 _____ () C:\Windows\PFRO.log
2014-02-06 18:24 - 2014-02-06 18:24 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-06 18:24 - 2013-07-29 19:20 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-02-06 15:31 - 2013-06-17 11:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify
2014-02-06 13:50 - 2009-07-13 22:45 - 00268912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-04 01:32 - 2014-01-02 10:28 - 00000083 _____ () C:\Windows\system32\wrijh.nxu
2014-02-03 17:43 - 2013-06-17 11:14 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 12:11 - 2013-08-08 05:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Conduit
2014-02-03 12:01 - 2014-02-03 12:01 - 00000028 _____ () C:\Windows\pdf995.ini
2014-02-03 12:01 - 2014-02-03 12:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\pdf995
2014-02-03 12:01 - 2013-08-03 08:10 - 00000000 ____D () C:\Users\Administrator\Desktop\HRBlock
2014-02-03 12:00 - 2014-02-03 12:00 - 00040448 _____ () C:\Windows\SysWOW64\pdf995mon64.dll
2014-02-03 12:00 - 2014-02-03 11:22 - 00000000 ____D () C:\Program Files (x86)\PDF995
2014-02-03 12:00 - 2013-06-07 13:57 - 00058768 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-03 11:23 - 2014-02-03 11:23 - 00002029 _____ () C:\Users\Public\Desktop\H&R Block 2013.lnk
2014-02-03 11:22 - 2014-02-03 11:22 - 00000000 ____D () C:\Program Files (x86)\HRBlock2013
2014-02-03 11:21 - 2014-02-03 11:21 - 00000000 ____D () C:\ProgramData\TaxCut
2014-01-29 20:01 - 2014-01-29 20:01 - 00009360 _____ () C:\Users\Administrator\Downloads\advertisement
2014-01-29 18:31 - 2014-01-29 18:31 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SBO_Mn
2014-01-29 17:20 - 2014-01-29 17:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HPB
2014-01-29 06:49 - 2009-07-13 20:34 - 00444830 ____R () C:\Windows\system32\Drivers\etc\hosts.20140205-151303.backup
2014-01-24 15:20 - 2013-06-17 18:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\GOG.com
2014-01-22 15:40 - 2009-07-13 20:34 - 00444830 ____R () C:\Windows\system32\Drivers\etc\hosts.20140129-064954.backup
2014-01-21 18:22 - 2014-01-21 18:22 - 00001849 _____ () C:\Users\Public\Desktop\Heroes of Might and Magic 3 Complete.lnk
2014-01-21 18:21 - 2013-10-13 20:46 - 00000000 ____D () C:\GOG Games
2014-01-21 18:18 - 2013-06-17 18:34 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-01-16 15:31 - 2014-01-16 15:31 - 00000336 _____ () C:\Users\Administrator\Desktop\Knights and Dragons Armors.txt
2014-01-15 12:07 - 2009-07-13 20:34 - 00444830 ____R () C:\Windows\system32\Drivers\etc\hosts.20140122-154039.backup
2014-01-13 14:50 - 2014-01-13 14:50 - 02757191 _____ () C:\Users\Administrator\Downloads\Knights+and+Dragons+Hack+Tool+V4_3.zip
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Setup_Downloader_3.6.0_stable.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 21:24] - [2010-11-20 21:24] - 0512512 ____A (Microsoft Corporation) 232CF7EA48D5233623CD8BEB17C4DE99
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 04:17
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by Administrator at 2014-02-11 17:23:57
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03 - Adobe Systems Incorporated)
Age of Wonders: Shadow Magic (x32 Version:  - GOG.com)
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
DC Universe Online (x32 Version:  - Sony Online Entertainment)
Dynasty Warriors Online (x32 Version:  - )
EverQuest (HKCU Version: 1.0.3.183 - Sony Online Entertainment)
Fallout: New Vegas (x32 Version:  - Obsidian Entertainment)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GOG.com Downloader version 3.6.0 (x32 Version: 3.6.0 - GOG.com)
GOG.com Heroes of Might and Magic 3 (Version:  - )
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2013 (x32 Version: 13.05.5801 - HRB Technology, LLC.)
H&R Block Minnesota 2013 (x32 Version: 1.13.4101 - HRB Technology, LLC.)
H&R Block Wisconsin 2013 (x32 Version: 1.13.4001 - HRB Technology, LLC.)
Heroes of Might and Magic 3 Complete (x32 Version: 2.0.0.16 - GOG.com)
League of Legends (x32 Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LogMeIn Hamachi (x32 Version: 2.2.0.130 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.130 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvel Heroes (x32 Version:  - Gazillion Entertainment)
MechWarrior Online (x32 Version: 1.4.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.10 - NETGEAR)
NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.10 - NETGEAR) Hidden
Neverwinter (x32 Version:  - Cryptic Studios)
Neverwinter Nights 2 Complete (x32 Version: 2.1.0.6 - GOG.com)
NVIDIA 3D Vision Controller Driver 331.58 (Version: 331.58 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.58 (Version: 331.58 - NVIDIA Corporation)
NVIDIA Control Panel 331.58 (Version: 331.58 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.58 (Version: 331.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3158 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9 - NVIDIA Corporation)
Path of Exile (x32 Version:  - Grinding Gear Games)
Pdf995 (installed by H&R Block) (x32 Version:  - )
PdfEdit995 (installed by H&R Block) (x32 Version:  - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (x32 Version: 2.0.12 - Safer-Networking Ltd.)
Star Trek Online (x32 Version:  - Cryptic Studios)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
TEdit 3 (x32 Version: 1.0.0.0 - BinaryConstruct)
Terraria (x32 Version:  - Re-Logic)
The Witcher Enhanced Edition Director's Cut (x32 Version: 2.0.0.12 - GOG.com)
Ventrilo Client (x32 Version: 3.0.8 - Flagship Industries, Inc.)
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
XCOM: Enemy Unknown (x32 Version:  - Firaxis Games)
X-COM: UFO Defense (x32 Version:  - MicroProse Software, Inc)
 
==================== Restore Points  =========================
 
10-02-2014 03:00:49 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2014-02-05 15:13 - 00444830 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2AD019E0-16AE-45EE-A918-B17A9DECB772} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)
Task: {39DA9997-04A9-438B-85E4-1AEFFD62F84E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)
Task: {50746958-6C94-4435-858A-DD50DCC04D5F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D9065D1C-7880-4D84-A622-1BE9F1AF098B} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Administrator\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Task: {E1BDC3D9-FCFB-499A-9271-F067DD3E0B16} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {EAE97915-CC8C-47D6-97C3-3E58C5816F79} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-09 05:30 - 2014-01-26 18:02 - 00603648 _____ () C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-01-07 19:35 - 2013-12-12 16:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-07 19:35 - 2013-11-04 19:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-05-06 18:05 - 2014-01-10 17:33 - 00717312 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-06-06 15:06 - 2014-01-27 13:02 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 17:16 - 2014-01-10 17:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 10:51 - 2013-06-14 17:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 10:51 - 2013-06-14 17:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 10:51 - 2013-06-14 17:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-08-08 05:18 - 2012-11-13 13:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-08 05:18 - 2012-11-13 13:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-08 05:18 - 2012-11-13 13:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-08 05:18 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-08 05:18 - 2012-11-13 13:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-06-17 11:57 - 2014-01-26 18:02 - 36967424 _____ () C:\Users\Administrator\AppData\Roaming\Spotify\Data\libcef.dll
2012-04-24 15:17 - 2012-04-24 15:17 - 00102400 ____N () C:\Program Files (x86)\NETGEAR\WNDA4100\Ralink.dll
2012-04-30 18:18 - 2012-04-30 18:18 - 01066856 ____N () C:\Program Files (x86)\NETGEAR\WNDA4100\RaWLAPI.dll
2013-08-08 05:18 - 2012-11-13 13:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-02-03 17:43 - 2014-02-01 17:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-03 17:43 - 2014-02-01 17:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-03 17:43 - 2014-02-01 17:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-03 17:43 - 2014-02-01 17:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-03 17:43 - 2014-02-01 17:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/11/2014 02:21:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2014 02:18:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000010d2e8d
Faulting process id: 0x350
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (02/10/2014 10:50:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2014 10:47:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17514, time stamp: 0x4ce7c7f0
Exception code: 0xc0000005
Fault offset: 0x0000000000644080
Faulting process id: 0x350
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (02/10/2014 07:52:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2014 07:48:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17514, time stamp: 0x4ce7c7f0
Exception code: 0xc0000005
Fault offset: 0x000000000054d1a3
Faulting process id: 0x350
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (02/10/2014 01:11:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2014 01:08:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: jscript.dll, version: 5.8.7601.17514, time stamp: 0x4ce7c6df
Exception code: 0xc0000005
Fault offset: 0x00000000000288f3
Faulting process id: 0x350
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (02/10/2014 11:16:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2014 10:47:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/11/2014 02:20:59 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (02/11/2014 02:18:50 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: 
%%1190
 
Error: (02/11/2014 02:18:50 PM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (02/11/2014 02:18:50 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (02/10/2014 10:50:10 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (02/10/2014 10:48:15 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: 
%%1190
 
Error: (02/10/2014 10:48:15 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: 
%%1190
 
Error: (02/10/2014 10:48:15 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (02/10/2014 10:48:15 PM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (02/10/2014 10:48:15 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
 
Microsoft Office Sessions:
=========================
Error: (02/11/2014 02:21:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2014 02:18:33 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000010d2e8d35001cf26e4b5cb6b87C:\Windows\system32\svchost.exeunknownad911c16-9359-11e3-a923-60a44c592b2b
 
Error: (02/10/2014 10:50:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2014 10:47:23 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.175144ce7c7f0c0000005000000000064408035001cf26cbe5329697C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll98693b3b-92d7-11e3-a17f-60a44c592b2b
 
Error: (02/10/2014 07:52:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2014 07:48:24 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.175144ce7c7f0c0000005000000000054d1a335001cf2693c4ca16a5C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll977f1fbc-92be-11e3-a173-60a44c592b2b
 
Error: (02/10/2014 01:11:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2014 01:08:33 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1jscript.dll5.8.7601.175144ce7c6dfc000000500000000000288f335001cf2683da8ad33dC:\Windows\system32\svchost.exeC:\Windows\System32\jscript.dllbbc1168d-9286-11e3-a27b-60a44c592b2b
 
Error: (02/10/2014 11:16:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/10/2014 10:47:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 8137.11 MB
Available physical RAM: 4630.46 MB
Total Pagefile: 16272.43 MB
Available Pagefile: 12536.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:469.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B70BB8EB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Search.txt
 
Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by Administrator at 2014-02-11 17:25:08
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 21:24] - [2010-11-20 21:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\System32\rpcss.dll
[2010-11-20 21:24] - [2010-11-20 21:24] - 0512512 ____A (Microsoft Corporation) 232CF7EA48D5233623CD8BEB17C4DE99
 
====== End Of Search ======


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,830 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 PM

Posted 11 February 2014 - 10:14 PM

Download the enclosed file. [attachment=146963:fixlist.txt]

 

Save it in the same location FRST64 is.

 

Run FRST64 and click on the Fix button. Wait until finished.

 

The tool will make a log, (Fixlog.txt). Please post it to your reply

 

Restart the computer.

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt
 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 


Edited by JSntgRvr, 11 February 2014 - 10:14 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 darthebon

darthebon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 12 February 2014 - 04:41 PM

Fixit Log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2014
Ran by Administrator at 2014-02-12 15:29:35 Run:1
Running from C:\Users\Administrator\Desktop\Fixing
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-3399147583-956385695-2982665993-500\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Administrator\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
SearchScopes: HKCU - DefaultScope {920B2758-EF2B-42A6-85A0-2BA2E6C79901} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN20118912471835719&UM=2
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3298580&SearchSource=48&CUI=UN20791408452142592&UM=2
CHR HKCU\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Administrator\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Administrator\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx [2013-08-07]
C:\Users\Administrator\AppData\Local\Temp\Setup_Downloader_3.6.0_stable.exe
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
Task: {D9065D1C-7880-4D84-A622-1BE9F1AF098B} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Administrator\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
C:\Users\Administrator\AppData\Local\Conduit
End
*****************
 
HKU\S-1-5-21-3399147583-956385695-2982665993-500\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{920B2758-EF2B-42A6-85A0-2BA2E6C79901} => Key deleted successfully.
HKCR\CLSID\{920B2758-EF2B-42A6-85A0-2BA2E6C79901} => Key not found.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3298580&SearchSource=48&CUI=UN20791408452142592&UM=2 ==> The Chrome "Settings" can be used to fix the entry.
HKCU\SOFTWARE\Google\Chrome\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii => Key deleted successfully.
C:\Users\Administrator\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii => Key deleted successfully.
"C:\Users\Administrator\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx" => File/Directory not found.
C:\Users\Administrator\AppData\Local\Temp\Setup_Downloader_3.6.0_stable.exe => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9065D1C-7880-4D84-A622-1BE9F1AF098B} => Key not found.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Error deleting key
C:\Users\Administrator\AppData\Local\Conduit => Moved successfully.
 
==== End of Fixlog ====

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on Wed 02/12/2014 at 15:34:40.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298580
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\browserdefender"
Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\web cake"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/12/2014 at 15:38:24.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 darthebon

darthebon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 12 February 2014 - 07:23 PM

AdwCleaner

 

# AdwCleaner v3.018 - Report created 12/02/2014 at 15:43:50
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Administrator - KEVIN-PC
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\ADMINI~1\AppData\Local\Temp\AirInstaller
File Deleted : C:\Windows\System32\Tasks\EPUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [1016 octets] - [12/02/2014 15:42:52]
AdwCleaner[S0].txt - [847 octets] - [12/02/2014 15:43:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [906 octets] ##########


#7 darthebon

darthebon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 12 February 2014 - 07:30 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.10.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Administrator :: KEVIN-PC [administrator]
 
2/12/2014 6:24:38 PM
mbam-log-2014-02-12 (18-24-38).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230863
Time elapsed: 2 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,830 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 PM

Posted 12 February 2014 - 07:40 PM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 darthebon

darthebon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 12 February 2014 - 08:17 PM

Haven't had any shut downs since the last test was run.  If I have a shut down, I will be sure to post it here



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,830 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 PM

Posted 12 February 2014 - 08:23 PM

Great and congratulations!

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Remove the C:\FRST folder if present.

 

Run and uninstall AdwCleaner.

Manually remove any tool left.

Here are some suggestions.
 

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article    by Miekiemoes.

Best wishes! :hello:
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,830 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 PM

Posted 12 February 2014 - 08:25 PM

PS:

 

I would recommend AVAST as an antivirus.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 darthebon

darthebon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 18 March 2014 - 10:46 PM

My computer is running great with no issues  :bananas:

 

Thank you for all your support :thumbup2:  :thumbup2:  :thumbup2:



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,830 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 PM

Posted 19 March 2014 - 05:49 PM

You are welcome! :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,830 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 PM

Posted 03 June 2014 - 07:16 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users